Bermuda Data Processing Protocol

This Data Processing Protocol (the "Protocol") explains how Willis Towers Watson handles personal information and/or sensitive personal information (as defined in the Personal Information Protection Act 2016 of Bermuda (“PIPA”) (“Personal Data”) on behalf of its clients, customers, or licensees (together the "Client").

This Protocol forms part of any agreement in place between a Willis Towers Watson entity and the Client which expressly refers to it (the "Agreement"). Where this Protocol uses terms which are defined in PIPA, then the definitions set out in PIPA shall apply.

The Willis Towers Watson entity that processes the Personal Data is the entity which the Client has entered into the Agreement with ("Relevant Willis Towers Watson Entity"). The contact information of the Relevant Willis Towers Watson Entity can be found in the Agreement. The contact information of the privacy officer of the Relevant Willis Towers Watson Entity can be obtained from the contact person of such Relevant Willis Towers Watson Entity.

Any request or feedback to, including any rights to which a Client or individual whose personal information is used in furtherance of the Agreement has under PIPA, can be directed to the privacy officer of the Relevant Willis Towers Watson Entity.

In most cases, a Client or Data Subject can also refer their feedback to the Privacy Commissioner of Bermuda.

1. Use of personal information

1.1. With respect to Personal Data used by the Relevant Willis Towers Watson Entity on a Client's behalf (see Annex [1]), the Relevant Willis Towers Watson Entity complies with the following requirements:

Limitations on Use: The Relevant Wills Towers Watson Entity only uses Personal Data in a lawful, fair and transparent manner and in accordance with the Agreement.
Confidentiality: The Relevant Wills Towers Watson Entity holds Personal Data in confidence and requires Personnel who process Personal Data to protect all Personal Data in accordance with the requirements of this Protocol and PIPA.
Information Security Program: The Relevant Willis Towers Watson Entity maintains a written information security program that contains appropriate administrative, technical and physical safeguards to protect Personal Data against anticipated threats or hazards to its security, confidentiality or integrity. Such security program is periodically reviewed.

2. PIPA Principles

2.1. Fairness: The Relevant Wills Towers Watson Entity uses Personal Data in a lawful and fair manner.

2.2. Lawful Processing: The Relevant Wills Towers Watson Entity only uses an individual’s Personal Data, where one or more of the PIPA Conditions for Use set out in Annex [2] are met.

2.3. Purpose Limitation: The Relevant Wills Towers Watson Entity uses Personal Data only for the specific purposes set out in the Global Website Privacy Notice or for purposes that are related to those specific purposes, except when the use of the Personal Data: (i) is with the individual’s consent; (ii) is necessary to provide a service or product required by the individual; (iii) is required by any rule of law or court order; (iv) is for the purpose of detecting or monitoring fraud or fraudulent misuse of Personal Data; or (v) is used for the purposes of scientific, statistical or historical research subject to the appropriate safeguards for the rights of the individual.

2.4. Proportionality: The Relevant Wills Towers Watson Entity ensures that Personal Data is adequate, relevant and not excessive in relation to the purposes for which it is used.

2.5. Personal Data Accuracy: The Relevant Willis Towers Watson Entity ensures that any Personal Data used is accurate and kept up to date to the extent necessary for the purposes of use.

2.6. Individual Rights: The Relevant Willis Towers Watson Entity allows individuals to exercise their rights in relation to their Personal Data, including their rights to: (i) access Personal Data in the Relevant Willis Towers Watson Entity’s custody or control; (ii) correct an error or omission in any Personal Data under the Relevant Willis Towers Watson Entity’s control; (iii) cease, or not to begin, using Personal Data for advertising, marketing or public relations purposes; or (iv) erase or destroy Personal Data that is no longer relevant for the purposes of its use (collectively, “Individual Rights”).

2.7. Storage Limitation: The Relevant Willis Towers Watson Entity ensures that Personal Data is not kept for longer than is necessary for that use and as consistent with our Records Management policies in accordance with PIPA.

2.8. Security Safeguards: The Relevant Willis Towers Watson Entity protects Personal Data that it holds with appropriate administrative, technical, and organizational safeguards against risk, including loss, unauthorised access, destruction, use, modification or disclosure or any other misuse. Such safeguards are proportional to (i) the likelihood and severity of the harm threatened by the loss, access or misuse of the Personal Data; (ii) the sensitivity of the Personal Data (including in particular whether it is sensitive Personal Data); and (iii) the context in which it is held. Such security safeguards are subject to periodic review and reassessment.

2.9. Accountability: The Relevant Willis Towers Watson Entity has adopted suitable measures and policies to give effect to its obligations and to the rights of individuals set out in PIPA, and such measures and policies shall be designed to take into account the nature, scope, context and purposes of the use of Personal Data and the risk to individuals by the use of the Personal Data.

3. Assistance

The Relevant Willis Towers Watson Entity will provide reasonable assistance to assist a Client in fulfilling its obligation to respond to any requests from individuals exercising their rights under PIPA. Such assistance might not be provided where allowed by PIPA, for example, the Personal Data is subject to legal privilege, where it might result in revealing confidential information the Relevant Willis Towers Watson Entity or of a third party that is of a commercial nature, or the Personal Data is being used for a current disciplinary or criminal investigation; and

The Relevant Willis Towers Watson Entity may charge a reasonable fee, as allowed by law, for such assistance described above except where such request results in the correction of an error or omission in the personal information about the individual that is under the control of the Relevant Willis Towers Watson Entity.

Audit: The Relevant Willis Towers Watson Entity will allow for and contribute to audits conducted by a Client or another auditor nominated by a Client on privacy obligations as agreed and/or under PIPA as provided for in the Agreement between the Parties. In the event that the Agreement contains no such provision, a Client shall provide the Relevant Willis Towers Watson Entity with thirty (30) days advance notice of any audit request and both parties shall agree on a mutually acceptable audit time and scope. A Client may not engage in an audit which would compromise confidentiality obligations to any other clients and customers of the Relevant Willis Towers Watson Entity and, if it wishes to nominate another auditor to undertake the audit, shall ensure that the auditor enters into a confidentiality agreement with the Relevant Willis Towers Watson Entity in such form as the Relevant Willis Towers Watson Entity shall reasonably require. The Relevant Willis Towers Watson Entity may charge a reasonable fee for all such assistance including costs and expenses incurred as a result of providing such assistance unless it is prohibited by its professional regulatory body.

Notification: The Relevant Willis Towers Watson Entity will without undue delay notify a Client whenever there has been a confirmed data breach as defined in PIPA, as well as any other confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data processed by it in the context of this Protocol.

Return or Disposal: A Client may instruct the Relevant Willis Towers Watson Entity to delete or return Personal Data at the end of the period during which it will process such Client Personal Data, as specified in Annex 1. However, there may be instances where the Relevant Willis Towers Watson Entity would hold the Personal Data in backup or archive systems for lawful purposes. In such cases, the Relevant Willis Towers Watson Entity would extend appropriate security protections to the Personal Data for as long as it is maintained.

4. Assurance

4.1. The Relevant Willis Towers Watson Entity has in place a process to ensure proper implementation of this Protocol which is subject to periodic review and auditing, and to assess its internal compliance with same.

5. Individual rights requests

5.1. The Relevant Willis Towers Watson Entity has implemented a process to receive and respond to written requests from any individual in respect of their Individual Rights under PIPA (an “Individual Rights Request”).

Following receipt of a valid Individual Rights Request to cease, or not to begin, using an individual’s Personal Data for the purposes of advertising, marketing or public relations, the Relevant Willis Towers Watson Entity shall cease, or not begin, using the Personal Data for the purposes of advertising, marketing or public relations.
Following receipt of a valid Individual Rights Request to cease, or not to begin, using an individual’s Personal Data where the use of that Personal Data is causing or is likely to cause substantial damage or substantial distress to the individual or to another individual, the Relevant Willis Towers Watson Entity will either cease, or not begin, using the Personal Data that the individual has identified in their request, or provide the individual with written reasons as to why the use of such Personal Data is justified.
Following receipt of a valid an Individual Rights Request to erase or destroy Personal Data about the individual where that Personal Data is no longer relevant for the purposes of its use, the Relevant Willis Towers Watson Entity shall erase or destroy the Personal Data that the individual has identified in their request, or provide the individual with its written reasons as to why the use of such Personal Data is justified.
Following receipt of a valid an Individual Rights Requests to correct an error or omission in any of an individual’s Personal Data which is under the control of the Relevant Willis Towers Watson Entity:
- If there is an error or omission in such Personal Data, the Relevant Willis Towers Watson Entity will: (i) correct the Personal Data as soon as reasonably practicable; and (ii) where the Relevant Willis Towers Watson Entity has disclosed the incorrect information to other organisations, send a notification containing the corrected information to each organisation to which the incorrect information has been disclosed, if it is reasonable to do so. Where the Relevant Willis Towers Watson Entity receives notification under (ii) containing corrected Personal Data, the Relevant Willis Towers Watson Entity will correct the Personal Data.

5.2. Individuals may initiate a complaint with the Office of the Privacy Commissioner in Bermuda that: (a) an obligation imposed on the Relevant Willis Towers Watson Entity by PIPA has not been performed; (b) a right set out in PIPA has not been observed; (c) Personal Data has been used by the Relevant Willis Towers Watson Entity contrary to PIPA; or (d) the Relevant Willis Towers Watson Entity is not in compliance with PIPA.

5.3. The Relevant Willis Towers Watson Entity will ensure that all Individual Rights Requests are dealt with in a reasonable and timely manner, in compliance with any applicable statutory deadlines.

6. Subprocessing

6.1. A Client understands that the Relevant Willis Towers Watson Entity may use sub processors to provide the services under the Agreement. The Relevant Willis Towers Watson Entity shall remain primarily responsible for the performance of its obligations under this Protocol.

7. Anonymized and pseudonymized data

7.1. A Client acknowledges that the services include pseudonymization and anonymization for the purpose of aggregate reporting and (trends) research and agrees that the Relevant Willis Towers Watson Entity may use pseudonymized and anonymized data for its own business purposes, and the Relevant Willis Towers Watson Entity will comply with all applicable data protection laws in respect of such processing.

8. Data transfers

8.1. Willis Towers Watson is a global company and Client confirms that the Relevant Willis Towers Watson Entity may transfer Personal Data to its affiliates and sub processors inside and outside of Bermuda for purposes of providing services as well as support and back-up. The list of such affiliates and subprocessors can be obtained from the Relevant Willis Towers Watson Entity and, to the extent practicable, the Relevant Willis Towers Watson Entity will inform the Client of the countries in which such recipients are likely to be located. The Relevant Willis Towers Watson Entity has established safeguards to protect such transferred Personal Data at a level at least comparable with PIPA.

Annex 1 - Description of processing of personal data

1. Subject Matter, Nature and Purpose

1.1. All processing activities (including the collection, organization and analysis of Personal Data) as are reasonably required to facilitate or support the provision of the services described under the Agreement.

1.2. Where the Client/Data Subject refuses to allow the Relevant Willis Towers Watson Entity to process the Personal Data, such refusal can potentially disadvantage or frustrate the provision of the services described under the Agreement. In addition, the Relevant Willis Towers Watson Entity might process the Personal Data regardless of the Client/Data Subject's wish where PIPA allows/requires the Relevant Willis Towers Watson Entity to do so.

2. Duration of processing and retention of personal data

2.1. The Relevant Willis Towers Watson Entity will process the Personal Data for as long as it provides services to Client and will hold the Personal Data in archive after that date to the extent necessary for lawful purposes and consistent with our Records Management policies.

3. Categories of individuals

3.1. The data subjects may include individuals named in any policy or scheme in respect of which the Relevant Willis Towers Watson Entity is engaged to provide its services and/or individuals that are beneficiaries of, or have made claims under, or are otherwise involved in, any such policy or scheme. Most commonly the data subjects will include: (1) employees, contractors or other workers of the Client ("Workers") and/or their family members, representatives or others connected with Workers; (2) past, existing or prospective clients of the Client, and/or their employees or other individuals connected with them, and/or their family members, representatives or others connected with them; and/or (3) past, existing or prospective complainants or claimants in connection with any insurance policy, and/or their family members, representatives or others connected with them (collectively, the “Data Subjects”).

4. Types of personal data

4.1. The services under the Agreement may involve the processing of the following types of Personal Data:

names and contact information, including but not limited to home address and telephone number;
demographic information (such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, employment details, hobbies, family composition, and dependents);
employee identification numbers;
information related to the provision of the services, such as policy information and claims information, including information relating to incidents giving rise to claims and related losses;
system user credentials including but not limited to email addresses, user names and passwords; and
human resources data, such as job title and role; benefits and compensation information;
dependent/beneficiary information; educational, academic information;
professional qualifications information; emergency contact information;
and performance management information.

5. Types of data which might be more sensitive

5.1. The Personal Data processed by the Relevant Willis Towers Watson Entity may include some categories of Personal Data which are considered to be sensitive personal data, including: personal characteristics and circumstances of sensitive nature such as racial or ethnic origin, sex life or sexual orientation, mental and physical health, genetic information, details of injuries, medication/treatment received, lifestyle such as smoking and drinking habits, and criminal records, fines and other like judicial records, personal identification documentation and related information such as passport numbers, financial and payment data such as bank account numbers and transaction information.

5.2. Any sensitive information collected, held or processed by the Relevant Willis Towers Watson Entity will be collected, held or processed under the conditions set out in Annex 2 and only in accordance with PIPA.

Annex 2 – PIPA conditions for use

The Relevant Willis Towers Watson Entity may use an individual’s Personal Data only if one or more of the following conditions are met:

the Personal Data used with the consent of the individual where the Relevant Willis Towers Watson Entity can reasonably demonstrate that the individual has knowingly consented;
except in relation to sensitive Personal Data, a reasonable person giving due weight to the sensitivity of the Personal Data would consider that the individual would not reasonably be expected to request that the use of his Personal Data should not begin or cease; and that the use does not prejudice the rights of the individual;
the use of the Personal Data is necessary (i) for the performance of a contract to which the individual is a party; or (ii) for the taking of steps at the request of the individual with a view to entering into a contract;
the use of the Personal Data is pursuant to a provision of law that authorizes or requires such use (e.g. to satisfy AML/ATF obligations);
the Personal Data is publicly available information and will be used for a purpose that is consistent with the purpose of its public availability;
the use of the Personal Data is necessary to respond to an emergency that threatens the life, health or security of an individual or the public;
the use of the Personal Data is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the Relevant Willis Towers Watson Entity or in a third party to whom the Personal Data is disclosed.

If the Relevant Willis Towers Watson Entity is unable to meet any of the above conditions, then it may use Personal Data only if:

the Personal Data was collected from, or is disclosed to, a public authority which is authorised or required by a statutory provision to provide the Personal Data to, or collect it from, the Relevant Willis Towers Watson Entity;
the use of the Personal Data is for the purpose of complying with an order made by a court, individual or body having jurisdiction over the Relevant Willis Towers Watson Entity;
the use of the Personal Data is for the purpose of contacting the next of kin or a friend of an injured, ill or deceased individual;
the use of the Personal Data is necessary in order to collect a debt owed to the Relevant Willis Towers Watson Entity or for the Relevant Willis Towers Watson Entity to repay to the individual money owed by the Relevant Willis Towers Watson Entity;
the use of the Personal Data is in connection with disclosure to the surviving spouse or a relative of a deceased individual if, in the reasonable opinion of the Relevant Willis Towers Watson Entity, the disclosure is appropriate; or
the use of the Personal Data is reasonable to protect or defend the Relevant Willis Towers Watson Entity in any legal proceeding.

The Relevant Willis Towers Watson Entity may use an individual’s sensitive personal information with lawful authority if and only to the extent that it is used:

with the consent of any individual to whom the information relates;
in accordance with an order made by either the court of the Office of the Privacy Commissioner in Bermuda;
for the purpose of any criminal or civil proceedings.

List of website locations and languages available in Americas
Location	Languages Available
Argentina	Spanish
Bermuda	English
Brazil	Portuguese
Canada	English French
Chile	Spanish
Colombia	Spanish
Costa Rica	Spanish
El Salvador	Spanish
Guatemala	Spanish
Honduras	Spanish
Mexico	Spanish
Nicaragua	Spanish
Panama	Spanish
Peru	Spanish
United States	English
Venezuela	Spanish

List of website locations and languages available in Asia-Pacific
Location	Languages Available
Australia	English
China	Simplified Chinese
Hong Kong (China, SAR)	English
India	English
Indonesia	English
Japan	Japanese
Korea	Korean
Malaysia	English
New Zealand	English
Philippines	English
Singapore	English
Taiwan	Traditional Chinese
Thailand	English Thai
Vietnam	English Vietnamese

List of website locations and languages available in Europe
Location	Languages Available
Austria	German
Belgium	English French Flemish
Croatia	English Croatian
Czech Republic	English Czech
Denmark	Danish
Finland	Finnish
France	French
Germany	German
Greece	Greek
Hungary	Hungarian
Ireland	English
Italy	Italian
Kazakhstan	Kazakh Russian
Luxembourg	French
Netherlands	Dutch English
Norway	Norwegian
Poland	Polish
Portugal	Portuguese
Romania	Romanian
Serbia	Serbian
Slovakia	Slovak
Spain	Spanish
Sweden	English Swedish
Switzerland	English French German
Turkey	Turkish
Ukraine	Ukrainian
United Kingdom	English

List of website locations and languages available in Middle East and Africa
Location	Languages Available
Cameroon	English French
Congo	French
Egypt	English
Ghana	English
Ivory Coast	French
Israel	English
Jordan	English
Kenya	English
Kuwait	English
Mauritius	English
Nigeria	English
Saudi Arabia	English
Senegal	French
South Africa	English
UAE	English
Uganda	English