Knighthead Insurance Group- Privacy Policy

Last Updated: October 22, 2024
Knighthead Life

I. Who Are We?
Knighthead Life is the marketing name for Knighthead US Holdings, Inc. and its subsidiaries, Knighthead American Life Insurance Company and Merit Life Insurance Co. (“Knighthead Life”).

If you have any questions or comments about this Privacy Policy or our practices, or wish to make a request regarding your Personal Information, please contact us as follows:

Knighthead Life
1900 South Blvd, Suite 300
Charlotte, NC 28203
P: 833-637-4854
E: info@knightheadinsurance.com

II. What is Covered by This Privacy Policy?
This Privacy Policy applies to all visitors to this website from the United States and describes Knighthead Life’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. This Privacy Policy applies both to our online information gathering and dissemination practices in connection with this website and its various pages (the “Site”), and personal information we collect or receive offline, whether directly from you or from other sources. When you use the Site, you consent to the use of your information in the manner specified in this Privacy Policy.

If you have arrived at this Privacy Policy by clicking through a link on our Site, or by searching for or clicking on a link directing you to any page of our Site, then this Privacy Policy applies to you. This policy may change periodically, as we undertake new personal data practices or adopt new privacy policies, so please check back from time to time. By your continued use of the Site, you consent to the terms of the revised policy.

Use of our Site is strictly limited to persons who are of legal age in the jurisdictions in which they reside. You must be at least eighteen (18) years of age to use our Site. If you are not at least 18 years of age, please do not use or provide any information through this Site.

This Privacy Policy does not apply to any website owned and/or operated by or on behalf of any other entity, including any entities that may have invested in our company or other affiliates or business partners, even if our Site posts a link to those other websites and you click through from our Site. To the extent that you visit and/or disclose information through other sites, you are subject to the privacy policies and practices of those sites.

III. What Personal Information Do We Collect, From Where, and Why?
The following is a description of: (i) the categories of Personal Information we may have collected in the preceding 12 months, whether offline or online; (ii) the sources from which we may have collected it; and (iii) the business purposes for which we may have collected it.

A. Information we do NOT knowingly collect.
We do not knowingly solicit, collect, or receive information from or about minors (under the age of eighteen) or persons residing outside the U.S.A.

B. Information that You provide to us directly
Through our Site or for Customer Service
You may choose to voluntarily submit or otherwise disclose personal information to us, including but not limited to your name, email address, phone number, and a personalized message about your inquiry or application, through the “Contact Us,” “Apply Now,” “Indication of Interest” form, or our “Chat” features on our Site, or through mail, e-mail, telephone, fax or electronically. If you initiate contact or correspond with us, we may keep a record of your contact information and correspondence, whether oral or written, and we reserve the right to use your contact information, and any other information that you provide to us in your message, to respond thereto or to offer customer service and attempt to resolve your request or inquiry.

If you wish to change or correct any information voluntarily submitted to us, please do so by contacting us in the manner described above.

When Applying for our Product or Creating a Contract with Us
You may submit information to us when you apply for services or products that we offer. This information may include, depending on the product applied for, your name, email address, address, phone number, date of birth, social security number, and account information. We use this information to respond to your inquiries and requests; provide support services to you; assess your satisfaction with our services; protect against and detect fraud in relation to your contract. We use this information to determine whether to issue a contract and to administer contracts when issued. We may need similar information to change the owner designation of the contract, support a change of address, or other administrative requirements.

Disbursing Proceeds to You
If we are paying a claim for one of our products we may collect your name, contact information, address, wealth management or other bank account information, and other related facts. We use this information to administer contracts when issued, to determine when you are eligible for payment on a claim, and to make payments on claims.

When Applying for a Job with Us
You may choose to voluntarily submit information to us when you apply to work for us as an employee or independent contractor. This information typically includes your name, email address, address, phone number, resumé (including but not limited to, employment history, education information, skills, interests). We use this information to evaluate your application.

C. Information from Third Parties acting on your behalf.
Information from third parties acting on your behalf include someone other than you, such as your spouse, power of attorney, authorized representative, custodians, your wealth management advisor, or your attorney (“Third Party” or “Third Parties”).

We may receive and maintain personal information, including but not limited to your name, gender, address, telephone number, email address, date of birth, social security number, signature, financial account numbers, account balances, account values, investments, financial or banking information, contained in communications with Third Parties.

D. Information we receive from our Service Providers.
We receive and maintain personal information from our Service Providers. Service Providers are persons or entities that we contract with to provide a material service in connection with our annuity products. Information that we typically may receive includes IP address, web activity, geolocation, residential address, phone number, financial information, letter vendors, bankruptcy activity letter correspondence, and email communications.

E. Information automatically collected by Use of this Site.

As with most websites, our Site automatically collects certain information during a user’s visit to the Site. The information may include internet protocol (IP) addresses, the location where the device is accessing the internet, browser type, operating system and other information about the usage of the Site, including a history of pages viewed. We use this information to improve the Site’s design, estimate user volume and usage patterns, speed up searches, and improve the user experience by customizing options and recognizing return users. We may also use this information to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. More specifically:

1. IP Address

Each time you visit our Site, we may automatically collect your internet protocol (IP) address and the web page from which you came. In order to administer and optimize the Site for you and to diagnose and resolve potential issues with or security threats to our Site or to the company, we may use an IP address to help identify users and to gather broad demographic information about them.

2. Cookies, Pixel Tags, and Web Beacons

Cookies (browser or flash) are small files that a site or its service provider transfers to your device through your web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. We use cookies to optimize Site functionality and improve a user’s experience while navigating through the Site. Most or all browsers permit you to disable or reject cookies. You can do this by adjusting your preferences in the browser. You can also click on the “Opt-out preferences” banner at the bottom of the Site and adjust Cookie Settings to accept or reject certain cookies used by our Site.

Our Site may incorporate “pixel tags,” “web beacons,” or similar tracking technologies (collectively, “pixel tags”) that track the actions of Site users. Pixel tags are used to collect information, such as the internet service provider, IP address, the type of browser software and operating system being used, the date and time the Site is accessed, the website address, if any, from which a user linked directly to the Site and/or the website address, if any, to which the user travels from the Site and other similar traffic-related information.

We may aggregate information collected from Site visits by various users to help us improve the Site and the services that we provide through the Site.

3. Do Not Track

Our Site tracks when visitors to our website enter through a marketing landing page. The Site also keeps a record of third party websites accessed when a user is on our Site and clicks on a hyperlink. But we do not track users to subsequent sites and do not serve targeted advertising to them.

4. Analytics Information

Web servers for the Site may gather certain anonymous navigational information about where visitors go on our Site and information about the technical efficiencies of our Site and services. Anonymous information does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples of anonymous information may include certain information about the internet browser, domain type, service provider and IP address information collected through tracking technologies and aggregated or de-identified data. We use anonymous analytics information to operate, maintain, and provide to you the features and functionality of the Site.

We may use Google Analytics (“GA”) and other analytics tools for aggregated, anonymized website traffic analysis. In order to track session usage, Google drops a cookie (_ga) with a randomly-generated ClientID in a user’s browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google IP Addresses. We use GA to track aggregated website behavior, such as what pages a user looked at, for how long, etc. This information helps us improve the user experience and determine Site effectiveness. You have the option to delete your _ga cookies and/or install the Google Analytics Opt-Out Browser Add-On.

IV. What Personal Information Do We Share with Others?
A. We Do Not Sell Personal Information to Third Parties for their Own Use.

We do not sell to third-parties for their own use any of your Personal Information. Except as described in this Privacy Policy, we also do not disclose to third-parties information about your visits to our Site.

We do not knowingly collect and do not, and will not, sell Personal Information of minors under 18 years of age without first obtaining affirmative authorization.

B. Sharing Information with our Affiliates and Service Providers.

We may share your non-public personal information and other information that we have collected with our affiliates and Service Providers.

Service Providers are persons and entities that we contract with to provide us a material service in connection with our business activities. Our Service Providers include, but are not limited to, law firms, accounting firms, accounts receivable management companies, data analytics companies, location service companies, delivery services, technological support companies, banks, insurance sales representatives, or other financial institutions.

In connection with providing business services to us, one or more of our Service Providers may have access to your non-public personal information. This personal information will not be used for any purpose other than as reasonably necessary to perform a business purpose that we authorize, and it will not be further used by the Service Provider or disclosed to any Third Party.

C. Sharing Information with our Investors.

We may share your non-public personal information and other information that we have collected with entities that invest in our company. This information may include a name, address, phone number, e-mail address, date of birth, social security number, financial or banking information, credit information, account numbers, account balances, payment information, information contained on credit, service, or product applications, insurance applications or claims, etc.

An investor may have access to, receive, or use this information for purposes of auditing, risk management, and in connection with the shared services the investor offers to us as a portfolio company, including accounting, legal, capital markets, data analytics, human resources, information technology and marketing services.

D. Sharing Personal Information at Your Direction.

We may share your personal information with Third Parties to whom you authorize us in advance to intentionally disclose to or allow to use your personal information in connection with the services that we provide.

E. Sale of our Company or Company Assets.

In the event of a sale, assignment, liquidation, or transfer of our assets or of any portion of our business, we reserve the right to transfer any and all information that we collect from individuals, or that we otherwise collect in connection with use of the Site, to unaffiliated third party purchasers.

F. Monitoring, Law Enforcement and Legal Requests.

We reserve the right, at all times, to monitor, review, retain and/or disclose any information, including non-public personal information, as may be necessary to satisfy any applicable law, regulation, legal process or governmental request or to cooperate with or comply with requests from law enforcement and other authorities. We may also use such personal information if required to internally investigate fraud or when it is necessary to protect the Site, the company, our affiliates, or others.

G. Our Internal Use and Research.

We reserve the right to use and disclose de-identified information; anonymized information; aggregated information or publicly available information that has not been combined with nonpublic personal information for purposes including, but not limited to, our own internal use, data mining, and research.

V. How Do We Protect Personal Information?

We take reasonable security procedures and practices appropriate to protect personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. We maintain physical, electronic and procedural safeguards designed to protect against the unauthorized disclosure of personal information, and personal information is disposed of properly and securely utilizing industry standards. Our data security policies and practices are periodically reviewed and modified as necessary.

VI. Terms of Use
Please also visit our Terms of Use section establishing the use, disclaimers, and limitations of liability governing the use of our Site.

** THE INFORMATION BELOW APPLIES TO CALIFORNIA RESIDENTS **

VII. Your Rights Under the California Consumer Privacy Act.
A. The CCPA and “Personal Information.”

The California Consumer Privacy Act (“CCPA”), effective as of January 1, 2020, grants privacy rights to California consumers in connection with their Personal Information.

Personal Information (“PI”) is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

A consumer has rights regarding his/her PI when dealing with a covered business, including:

A right to know what PI is collected regardless whether electronically or orally, used, shared or sold by the business;
A right to access PI collected and retained by the business;
A right to require businesses and, by extension, their service providers, to delete PI, subject to certain exceptions;
A right to opt-out of the business’ sale of PI; and
A right to non-discrimination in terms of pricing or service for choosing to exercise a privacy right under the CCPA.

B. Consumer Right to a Notice of Collection.

A business subject to the CCPA must, at or before the point of collection of PI, inform a consumer as to the categories to be collected and the purposes for which it shall be used. A service provider that receives or collects PI on behalf of, or at the direction of, a covered business may not be required to provide a notice of collection.

C. Consumer Right to Know.

A covered business must disclose in its privacy policy the PI it has collected, sold, or disclosed for a business purpose in the past 12 months.

Collection: A business must disclose the following in response to a verifiable request:

• The categories of PI the business has collected about the consumer; • The categories of sources from which that PI was collected; • The business or commercial purpose for collecting or selling PI; • The categories of third parties with which the business shares PI; and • The specific pieces of PI the business has collected about the consumer making the request
Sale: A business that sells PI or discloses it for a business purpose must disclose, in response to a verifiable request, the following:
• The categories of PI collected about the individual consumer • The categories of PI the business sold about the individual consumer, and the categories of third parties to which it was sold. Or, if the business has not sold any of the consumer’s PI, it must state that fact. • The categories of PI the business has disclosed about the individual consumer for a business purpose. Or, if the business has not disclosed the consumer’s PI for a business purpose, it must state that fact.

D. Consumer Right to Delete Directed to a Covered Business.
A California consumer has the right to request that a covered business delete his/her PI, subject to certain exceptions. Once a request is reasonably verified by the covered business, the PI requested to be deleted must be removed from the records held by that business. The business must also direct its Service Providers with whom the information was shared to also delete the information, unless it is subject to an exception.

A request to delete may be denied if retaining the information is necessary for the business or its Service Providers to:

Complete the transaction for which it collected the PI, provide a good or service requested by the consumer, take action reasonably anticipated within the context of the ongoing business relationship with the consumer, or otherwise perform a contract with the consumer.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business.
Comply with a legal obligation.
Make other internal and lawful uses of the information that are compatible with the context in which the consumer provided it.

E. Consumer Right to Non-Discrimination.

A business must not discriminate against a consumer who exercises CCPA rights. A business may charge different prices or provide a different quality of goods or services, but only if the difference is reasonably related to the value provided to the consumer by the consumer’s data. A business may offer financial incentives to a consumer for the collection, sale, or deletion of personal information on a prior, opt-in consent basis.

F. Consumer Right to Opt-Out.

A covered business that sells PI to third parties must provide notice to consumers and clearly inform them of the right to opt out of the sale. A business that sells PI also must provide a “Do Not Sell My Personal Information” link on its internet homepage that links to a webpage that enables the consumer to opt out of the sale of his or her PI.

A business is prohibited from selling the PI of a consumer the business knows is less than 16 years of age, unless (for a child between 13 and 16 years of age) the child has affirmatively authorized the sale or (for a child less than 13 years of age) the child’s parent or guardian has affirmatively authorized the sale.

G. Privacy Policy Requirements.

A covered business must include the following in its online privacy policy, which should be updated every 12 months:

A description of consumer CCPA rights, including the right to opt out of the sale of PI and a separate link to a “Do Not Sell My Personal Information” internet webpage if the business sells PI;
The method(s) by which a CCPA request can be submitted; and
A list of the categories of PI the business has collected, sold, or disclosed for a business purpose in the preceding 12 months.

VIII. Your Rights Under the California Consumer Privacy Act.

A. Instructions for Submitting a Request

If you are a California consumer and wish to make a CCPA request to us, you may submit your request using one of the following methods.

Fill out a Form on our Website: https://knightheadlife.com/PrivacyRequests/

Call us, Toll-Free, at: (833) 637-4854

We will confirm receipt of your request within 10 days of receiving it. The confirmation will provide a ticket number for your request, information about how we will process and attempt to verify your request, and by when you should expect to receive a response.

Note that we are only required to respond to your request to know – for access or data portability – two times in any 12-month period.

We are required to keep records of your CCPA request for at least 24 months, including any assigned ticket number, the request date and nature of the request, the manner in which the request was made, the date and nature of our response, and the basis for the denial of the request if the request is denied in whole or in part.

B. We Need to Verify Your CCPA Request

We need to be reasonably sure that the person making the request regarding your PI is you, or a representative that you have authorized to make a request on your behalf.

We cannot respond to your request or provide you with PI if we cannot verify your identity or your authority to make a request on behalf another person. Accordingly, at the time you submit your request, we will request that you provide us certain information, such as your full name, date of birth, and address, that will allow us to attempt to reasonably verify you are either the person about whom we collected PI or an authorized representative of that person.

To the extent possible, we will not ask you for new PI to verify your request, but will instead attempt to use the verification data you provide to cross-check information available in existing records. If we are unable to verify your request without requesting new PI, we will delete that new information as soon as practical after processing your CCPA request, except as may be required to comply with the CCPA’s request record retention requirements.

You are not required to create an account with us to verify your request. We will only use PI you provide for verification to attempt to verify your identify or your authority to make the request for another person.

Please note that certain requests require different levels of verification, depending on the sensitivity of the information at issue. For example, if you request to know the specific pieces of information we hold, and not just the categories, we will require, in addition to matching data points, your submission of a written declaration under penalty of perjury that you are the consumer whose PI is the subject of the request. In addition, certain pieces of information, such as a social security number, driver’s license number or other government-issued identification number, or financial account information, will not be disclosed in response to a CCPA request.

If you wish to authorize someone else to act on your behalf, we must receive proof that this person is authorized to do so. Proof can be provided by a consumer verifying his/her own identity directly with us and then providing written authority for a designated person to act on the consumer’s behalf, or through receipt of a power of attorney or proof that the person is registered with the California Secretary of State as your designated authorized representative. You may also make a verifiable consumer request on behalf of your minor child.

C. Our Response to Your CCPA Request

Within 10 days of receipt of your CCPA request, we will provide an initial confirmation of receipt with an assigned ticket number by email or U.S. Mail.
If you submit a Request to Delete, we must re-confirm your choice to delete the specified information after your request has been verified and before the data is deleted.

We strive to provide a response to a verifiable consumer request within 45 days of its receipt, regardless of the time it takes to verify the request. If we need additional time, we will inform you of the reason.

We will send our response to your request by U.S. mail or email, at your option. Any information we provide will cover only the 12-month period preceding receipt of your request.

If we cannot respond to or comply with your Request to Know or Request to Delete, say because we cannot verify your identity or because an exception applies, we will explain our reasoning and decision in our response.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded, and we have informed you in writing of the reasoning behind a charge and its estimated cost. We will provide a cost estimate before completing your request if we determine that a charge is warranted.

IX. How Do I Get Information Regarding Pending CCPA Requests?
If you have any questions about a pending CCPA request, please contact us as follows, and provide your ticket number:

Call us, Toll-Free, at: (833) 637-4854

E-mail Us at: info@knightheadinsurance.com

Click to download/view and print privacy policy

Knighthead Annuity & Life Assurance Company (Cayman Islands)

Scope

The privacy notice explains how Knighthead Annuity & Life Assurance Company (“Knighthead”) collects, uses, discloses, retains and secures personal data as part of its business practices. This policy applies to all visitors of this website outside of the United States. The policy clearly articulates the legal justifications for the processing of personal data and also lists individual data subject rights under the Cayman Islands’ Data Protection Act, 2021 Revision (“DPA”).

Overview
Knighthead respects the individual’s privacy, and they are entitled to have their personal data processed in accordance with the DPA. The key principles Knighthead applies when processing personal data are as follows:

  • Lawfulness: Knighthead will only collect personal data in a fair, lawful and transparent manner.
  • Data minimisation: Knighthead will limit the collection of personal data to what is directly relevant and necessary for the services provided.
  • Purpose limitation: Knighthead will only collect personal data for specified, explicit and legitimate purposes.
  • Accuracy: Knighthead will keep personal data accurate and up to date while there continues to be a customer relationship, and in certain circumstances, after that relationship has ended.
  • Data security and protection: Knighthead will implement technical and organisational measures to ensure an appropriate level of data security and protection considering the sensitivity of the personal data. Such measures provide for the prevention of any unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to that data.
  • Access and rectification: Knighthead will process personal data in line with customers’ legal rights.
  • Retention limitation: Knighthead will retain personal data in a manner consistent with the applicable DPA and DPA Regulations and no longer than is necessary for the purposes for which it has been collected in accordance with its retention policy.
  • Protection for international transfers: Knighthead will ensure that if personal data is transferred outside the Cayman Islands, it is adequately protected.

What personal data does Knighthead collect?

Knighthead collects various personal data which may include the following (this list is not exhaustive):

  • name and address
  • date of birth
  • telephone number
  • email address
  • copy of passport photo/biographical data page
  • financial information including a method of payment such as check or wire transfer to Knighthead

How does Knighthead use the personal data it collects?

Knighthead may use personal data to (this list is not exhaustive):

  • write personal annuity and assurance policies
  • respond to individuals inquiries
  • manage the individual’s relationship
  • send invoices and collect payment for goods or services rendered
  • conduct promotional activities
  • market goods and services
  • handle complaints
  • prevent fraud or other criminal activity

When does Knighthead disclose personal data?

Knighthead may disclose personal data in the following circumstances (this list is not exhaustive):

  • if Knighthead uses a third-party service provider for IT application manager, marketing, marketing research or client relationship management
  • if a data subject requests that personal data be disclosed to a third party
  • to a third parties that Knighthead partners with for annuity and assurance claims
  • if there is a legal request or criminal investigation
  • if it is required to seek legal advice from Knighthead legal counsel
  • any other circumstance where it may be required by law

International transfer of personal data

Personal data is stored in the Cayman Islands unless it is transferred to another country for contractual purposes. If at any time Knighthead transfers personal data outside the Cayman Islands, it will ensure that there are adequate safeguards for the rights and freedoms of data subjects as required by the DPA unless a customer has consented to the transfer or it is necessary for the performance of the annuity and assurance contract.

The legal basis for processing personal data

The DPA protection sets out some different reasons for which a company may process personal data, and Knighthead does so under the following legal conditions:

  • Consent
    • In specific situations, Knighthead can collect and process personal data with the individual’s consent.
    • For example, if the individual consent to Knighthead sharing their information with another annuity and assurance company.
  • Contractual obligations
    • In certain circumstances, Knighthead will need to process certain personal data to comply with contractual obligations.
    • For example, to meet the requirements of the annuity and assurance contract and policies.
  • Legal compliance
    • If the law requires, Knighthead may need process personal data.
    • For example, Knighthead may be required to pass on details of people involved in fraud or other criminal activity to law enforcement.
  • Legitimate interest
    • In specific situations, Knighthead requires personal data to pursue its legitimate interests in a way which might reasonably be expected as part of running its businesses and which does not materially impact individual rights, freedom or interests.
    • For example, the person needs to make a claim against an annuity and assurance policy and the evaluators’ needs to collect personal information to process the claim.

How long does Knighthead retain personal data?

Knighthead retains personal data for as long as a customer relationship exists, and the personal data is necessary to manage that relationship. When there is no longer a customer relationship, Knighthead will retain certain types of personal data for varying periods depending on legal requirements and business needs. Personal data that is no longer needed will be destroyed. Knighthead will always hold personal data for the least amount of time necessary in accordance with its retention policy.

How does Knighthead secure personal data?

Knighthead employs appropriate technical and organizational measures to protect against unauthorized processing, accidental loss or destruction of, or damage to, personal data in accordance with its Information Technology policies.

What rights do individuals have in respect to personal data?

Individuals have a right to be informed how personal data is processed and this privacy notice fulfills Knighthead’s obligation in that respect.

Cyber Security Awareness

Knighthead Annuity will make reasonable efforts to ensure cybersecurity information is disseminated to customers to help increase their level of cyber security awareness around phishing spamming and mobile security.

Knighthead will make these notifications to customers via regularly updated messages on the web application log in page and within the main website disclosure.

Individuals have a right to request access to their personal data, the right to request rectification/correction of personal data, the right to request that processing of personal data be stopped or restricted and the right to require Knighthead to cease processing personal data for direct marketing purposes.

If you feel that your personal data has not been handled correctly, or you are not satisfied with Knighthead’s responses to any requests you have made regarding the use of your personal data, you have the right to complain to the Cayman Islands’ Ombudsman. The Ombudsman can be contacted by calling: 1-345-946-6283 or by email at info@ombudsman.ky.