Privacy Notice

How we collect, use, and protect your personal information

Effective date April 2026
Last reviewed April 2026
Next scheduled review April 2028
Data Privacy Officer Sharon Green, Director of ICT

 

1. About this notice

Sentry Insurance Brokers Limited (“Sentry,” “we,” “us,” or “our”) is a licensed insurance broker incorporated in Barbados. We are part of the Malcolm Investment Holdings Group, alongside Lynch Insurance Brokers (2018) Ltd. and Tradewinds International Insurance Brokers Limited (together, “the Group”).

This Privacy Notice explains how we collect, use, share, store, and protect your personal information when you visit our website, contact us, become a client, or otherwise engage with us. It applies to all our broking activities and is issued in accordance with the Barbados Data Protection Act 2019-29 and other applicable laws.

We encourage you to read this notice carefully. By engaging with us, you confirm that you have read and understood how we handle your personal information. If you do not agree with how we process your information, please contact us using the details at the end of this notice.

2. Who we are and how to contact us

For the purposes of the Barbados Data Protection Act, Sentry Insurance Brokers Limited is the data controller responsible for the personal information we hold about you in connection with our broking services.

If you have any questions about this notice or wish to exercise any of your rights, you can contact our Data Privacy Officer:

DATA PRIVACY OFFICER

Sharon Green, Director of ICT

  • Address: 37 Pine Road, Belleville, St. Michael, Barbados
  • Email: info@sentry.com.bb
  • Telephone: +1 (246) 228-0163

3. The personal information we collect

The information we collect depends on the services you request and the legal and regulatory obligations that apply to us. The categories below describe what we may collect and process. We only collect what is necessary for the purposes set out in this notice.

CONTACT AND IDENTITY INFORMATION

  • Full name, date of birth, gender, marital status, and nationality
  • Home and business addresses, telephone numbers, and email addresses
  • National identification number, passport number, and driver’s licence information
  • Signature, photograph, and other identifiers required for client onboarding

INSURANCE AND POLICY INFORMATION

  • Policy applications, quotations, schedules, and renewal records
  • Risk and underwriting information, including details of property, vehicles, employees, and operations covered
  • Claims information, including incident reports, medical reports, repair estimates, and supporting documentation
  • Premium payment details and account history

FINANCIAL INFORMATION

  • Bank account, credit card, and other payment details
  • Income, financial standing, and credit history (where relevant to underwriting or premium financing)
  • Tax identification numbers required for regulatory reporting

SENSITIVE PERSONAL INFORMATION

Some of the data we handle qualifies as sensitive personal information under the Data Protection Act. We process this only where we have a lawful basis and an additional condition for processing, such as your explicit consent, legal obligation, or the establishment, exercise, or defence of legal claims. This may include:

  • Health and medical information (typically in connection with health, life, or claims handling)
  • Criminal record information (typically in connection with underwriting or fraud prevention)
  • Biometric data, where used for identity verification
  • Information about racial or ethnic origin, where required by law or where you voluntarily disclose it

INFORMATION COLLECTED THROUGH OUR WEBSITE

  • IP address, device characteristics, browser type, and operating system
  • Pages you visit on our website and time spent on each page
  • Approximate location based on IP address
  • Information you submit through our online forms, including the “Contact Us” form on our website

4. How we collect your personal information

We collect personal information in the following ways:

  • Directly from you. When you contact us, request a quotation, complete an application, submit a claim, or otherwise engage with us in person, by telephone, by email, through our website, or through our client portal.
  • From third parties acting on your behalf. Including your employer (where we administer group insurance), your authorised representative or attorney-at-law, or family members where you have given consent.
  • From insurers, reinsurers, and other intermediaries. In the course of arranging your cover, processing claims, or coordinating with other parties involved in your insurance.
  • From service providers and external agencies. Including loss adjusters, medical practitioners, motor assessors, credit bureaus, fraud prevention agencies, and identity verification services.
  • From publicly available sources. Including official registers and public records where this is necessary to verify identity, assess risk, or comply with legal obligations.
  • Through cookies and similar technologies. When you visit our website, as further described in section 11.

5. The lawful bases on which we process your information

Under the Barbados Data Protection Act 2019-29, we may only process your personal information where we have a lawful basis to do so. Depending on the situation, we rely on one or more of the following:

  • Processing is necessary to enter into or perform a contract with you. For example, to arrange and administer your insurance policy, manage your claims, or provide a quotation you have requested.
  • Legal obligation. Processing is required to comply with a legal duty. For example, identity verification under anti-money laundering legislation, regulatory reporting to the Financial Services Commission of Barbados, tax reporting, and other compliance obligations.
  • Legitimate interests. Processing is necessary for our legitimate interests or those of a third party, where these are not overridden by your rights and interests. For example, fraud prevention, risk assessment, internal administration, business analysis, and the security of our systems and premises.
  • Where you have given us specific consent to process your information for a particular purpose, such as receiving marketing communications. You may withdraw your consent at any time.
  • Vital interests. Processing is necessary to protect someone’s life. For example, emergency medical disclosure following an accident.
  • Public interest. Processing is necessary for tasks carried out in the public interest or by an authority exercising official powers.

Where we process sensitive personal information, we rely on one of the above bases together with an additional condition under the Data Protection Act, most commonly your explicit consent, the necessity of processing for the establishment, exercise, or defence of legal claims, or compliance with employment and social protection law.

6. How we use your personal information

We use your personal information for the following purposes:

PROVIDING OUR INSURANCE BROKING SERVICES

  • Assessing your insurance needs and providing advice on suitable products
  • Preparing and submitting quotations and applications to insurers
  • Arranging, placing, and renewing insurance cover
  • Administering policies, including endorsements, cancellations, and refunds
  • Handling and managing claims, including coordinating with insurers, loss adjusters, and other parties
  • Providing access to our client portal and responding to your queries

MEETING LEGAL AND REGULATORY OBLIGATIONS

  • Verifying your identity and conducting due diligence required under anti-money laundering and counter-terrorism financing legislation
  • Reporting to the Financial Services Commission of Barbados, the Financial Intelligence Unit, the Barbados Revenue Authority, and other regulatory or supervisory authorities as required by law
  • Maintaining records required under the Insurance Act and other applicable legislation
  • Cooperating with court orders, subpoenas, warrants, and other lawful demands

PROTECTING OUR BUSINESS AND OUR CLIENTS

  • Detecting, investigating, and preventing fraud, financial crime, and other unlawful activity
  • Managing risk across the Group
  • Securing our systems, premises, and information assets
  • Pursuing or defending legal claims

COMMUNICATIONS AND IMPROVEMENTS

  • Sending you administrative communications about your policies and our services
  • Providing information about products or services that may interest you, where you have consented or where we are entitled to do so on the basis of legitimate interests
  • Conducting customer satisfaction surveys and improving our services
  • Analysing how our website and online services are used

7. Who we share your personal information with

We do not sell your personal information. We share it only where necessary for the purposes set out in this notice, and only with parties who are subject to appropriate confidentiality and data protection obligations. Recipients may include:

  • Insurers and reinsurers. To obtain quotations, place cover, administer policies, and process claims.
  • Other intermediaries and brokers. Where we use other brokers or wholesalers to access specialist markets, including overseas markets.
  • Loss adjusters, surveyors, and investigators. In connection with risk assessment and claims handling.
  • Professional advisers. Including lawyers, accountants, auditors, and consultants engaged by us.
  • Members of the Malcolm Investment Holdings Group. Including Sentry Insurance Brokers Limited and Tradewinds International Insurance Brokers Limited, where this supports the services we provide to you.
  • Service providers. Including IT providers, cloud hosting and storage providers, document management providers, and other vendors who process information on our behalf under written contract.
  • Regulatory and government authorities. Including the Financial Services Commission of Barbados, the Financial Intelligence Unit, the Barbados Revenue Authority, the Data Protection Commission, the Royal Barbados Police Force (in response to lawful requests), and other authorities exercising statutory powers.
  • Other parties where required by law. Including in response to court orders, subpoenas, or other lawful demands.
  • Successors in title. In the event of a merger, acquisition, or restructuring of any Group entity.

8. International transfers of personal information

Some of the parties we share your information with are located outside of Barbados, including international insurers, reinsurers, and cloud-based service providers. We only transfer personal information internationally where we are satisfied that an adequate level of protection exists, or where appropriate safeguards are in place, such as standard contractual clauses or other approved mechanisms.

Where you would like further information about the safeguards we apply to international transfers, please contact our Data Privacy Officer.

9. How long we keep your personal information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are determined by reference to:

  • Statutory requirements under the Insurance Act, tax legislation, and anti-money laundering legislation
  • The duration of our relationship with you, plus a period thereafter to address any residual claims, complaints, or audit requirements
  • Limitation periods for legal claims under Barbados law
  • Our internal retention schedule, maintained by Risk and Compliance

When the retention period expires, we securely delete, destroy, or anonymise your information.

10. How we protect your personal information

We have implemented technical and organisational measures designed to protect your personal information from unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Access controls limiting personal information to staff who need it for their role, supported by role-based permissions and multi-factor authentication
  • Encryption of sensitive data at rest and in transit, where appropriate
  • Network security measures, including firewalls, intrusion detection, and regular system patching
  • Physical security at our premises, including controlled access and secure storage of paper records
  • Staff training and binding confidentiality obligations
  • Incident response procedures aligned with the Data Protection Act and the Financial Services Commission’s cyber incident reporting requirements
  • Vendor due diligence and contractual data protection obligations on our service providers

Despite these measures, no system can be completely secure. We will notify the Data Protection Commission and, where required, affected individuals if a personal data breach occurs that is likely to result in a risk to your rights and freedoms.

11. Cookies and similar technologies

Our website may use cookies and similar technologies to help us recognise your device, remember your preferences, secure our website, and understand how visitors use our site. Cookies we may use include:

  • Strictly necessary cookies. Required for the website to function properly, including secure login to the client portal.
  • Performance and analytics cookies. To understand how visitors interact with our website so that we can improve it.
  • Functionality cookies. To remember choices you make, such as language and region preferences.

You can manage cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

12. Your rights under the Data Protection Act

Subject to the conditions and exceptions set out in the Barbados Data Protection Act 2019-29, you have the following rights in relation to your personal information:

  • Right to be informed. To know how we collect and use your information; this notice supports that right.
  • Right of access. To request a copy of the personal information we hold about you.
  • Right to rectification. To request that inaccurate or incomplete information be corrected.
  • Right to erasure. To request deletion of your information in certain circumstances. This right is not absolute and may be limited where we are required to retain information by law.
  • Right to restrict processing. To request that we limit how we use your information in certain circumstances.
  • Right to object. To object to processing based on legitimate interests, and to object to direct marketing at any time.
  • Right to data portability. To request a copy of certain information in a structured, commonly used, and machine-readable format.
  • Right not to be subject to solely automated decisions. Where such decisions produce legal effects or significantly affect you. We do not currently make decisions on this basis without human involvement.
  • Right to withdraw consent. Where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact our Data Privacy Officer using the details in section 2. We may need to verify your identity before acting on your request, and we will respond within the time limits set by the Data Protection Act.

If you are not satisfied with how we have handled your information or your request, you may lodge a complaint with the Data Protection Commission of Barbados.

13. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our services, legal or regulatory developments, or improvements to our privacy practices. The updated version will be posted on our website with a revised effective date. Where changes are material, we will draw your attention to them through additional means, such as direct communication or a prominent notice on our website.

14. Links to other websites

Our website may contain links to websites operated by third parties, including insurers, reinsurers, professional bodies, and other partners. This Privacy Notice applies only to the Lynch Insurance Brokers website. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy notices before submitting your personal information.

15. CCTV at our premises

We operate CCTV at our premises for the safety and security of our colleagues, clients, and visitors, and to protect our property. CCTV footage is retained for a limited period in accordance with our internal retention schedule and is accessed only by authorised personnel or in response to lawful requests.

16. Contact us

Sentry Insurance Brokers Limited

37 Pine Road, Belleville, St. Michael, Barbados

Telephone: +1 (246) 228-0163

Email: info@sentry.com.bb

Website: www.sentrybrokers.com

 

This Privacy Notice was last updated in April 2026 and is reviewed at least every two years.

Back To Top