Already have an account? Log In

Baymac Management Services Ltd.

Privacy Policy

Our Privacy Pledge (GDPR)

Baymac Management Services Ltd. (“Baymac”), along with our Partners, believe that information personal to our clients and prospects should be respected and protected. For this reason, we are committed to protecting your nonpublic Personal Information and using it only as appropriate or necessary to provide you with the best possible service and products. This Privacy Policy, which describes our information practices and policies in detail, applies to our relationship with you as an individual who enquires about or obtains products or services from us for personal, family or household purposes.


Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. For example, cookies are used to remember users’ preferences and to help navigate between pages efficiently. Baymac sends cookies to your computer from our website. We use cookies in order to monitor customer traffic patterns and site usage so we can develop the design and layout of our website. This process is to ensure we better meet the needs of visitors to our website. It includes non-specific data such as mouse movements and pages visited.

Should you wish to refuse to accept cookies or restrict the data what we collect through our tracking software, you can alter your cookies setting in your web browser. This may however mean you will be unable to access parts of our website. For more information on cookies you can visit

Information We Collect

We may collect Personal Information about you from a variety of sources. A great deal of the information we collect, such as your name, address, birth date, phone number, passport number, identification documents, licenses and related matters comes from you during the application process. We may collect information about you to send to our insurers and review your application or to properly investigate, administer, and resolve any claims for benefits, and we may contact you by telephone, mail, or e-mail for additional information. We also may collect Personal Information about you from third parties, such as governmental entities or regulators, medical providers and other health related sources, and possibly from consumer reporting agencies. The information we collect can include such things as information concerning your previous insurance coverage and policies, your employment status, credit card information, your claims and medical history, and on rare occasions, your credit history.

How We Use Your Information

We may use the information we collect to send you information about our products and services. We may use the information we collect for analytical purposes and to assist us in improving our processes, products and services. We will use your information collected to safe-guard against fraud and money laundering, comply with applicable laws and regulatory obligations (including laws outside your country of residence) and establish and defend legal rights. We will also use your information to handle requests for data access or correction as well as when we are resolving complaints.

Your Rights

You have the right to know what information is held about you. GDPR in the EU provides a framework to ensure that Personal Information is handled properly. This information must be:

  • Processed fairly, lawfully and in a transparent manner
  • Processed for specific, legitimate and lawful purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than necessary
  • Processed in line with an individual’s rights
  • Secure
  • Not transferred other than in accordance with agreed terms and conditions

Deletion Request

Under GDPR this is called ‘The right to be forgotten’.

Individuals have the right to have their personal data erased if:

  • The personal data is no longer necessary for the purpose which we originally collected or processed it for.
  • We are relying on consent as our lawful basis for holding the data, and the individual withdraws their consent.
  • We are relying on legitimate interests as our basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing.
  • We are processing the personal data for direct marketing purposes and the individual objects to that processing.
  • We have processed the personal data unlawfully (i.e. in breach of the lawfulness requirement of the 1st principle).
  • We have to do it to comply with a legal obligation; or
  • We have processed the personal data to offer information society services to a child.

The right to erasure does not apply if processing is necessary for one of the following reasons:

  • to exercise the right of freedom of expression and information.
  • to comply with a legal obligation.
  • for the performance of a task carried out in the public interest or in the exercise of official authority.
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims.

The UK GDPR also specifies two circumstances where the right to erasure will not apply to special category data:

  • if the processing is necessary for public health purposes in the public interest (e.g. protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
  • if the processing is necessary for the purposes of preventative or occupational medicine; for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services. This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional).

Information We Disclose to Third Parties

We do not disclose Personal Information about you to third parties for their own marketing purposes or to contact you about their own products or services. We share Personal Information about you with third parties (that is, people and companies that are not affiliated with us) only as appropriate or necessary to provide you with our products and services and as otherwise permitted by law. For example, we may disclose your Personal Information as appropriate or necessary to service policies purchased by you from our partners or service providers and to administer and provide you with benefits in accordance with the terms and provisions thereof; to investigate, administer, and to advocate on your behalf or otherwise resolve claims or payments requested by you; to comply with state and federal regulatory requests or demands; and to process other transactions that you request.

Persons and other third parties to whom we may make such disclosures may include persons who perform a business function for us, insurance regulators or law-enforcement authorities, insurance companies (The represented companies may share information with their affiliates so that they may offer you additional products and services. They do not disclose information to other companies or organizations not affiliated with them for the purpose of using information to sell their products or services to you.), preferred provider organizations, reinsurers, insurance and claim adjusters, insurance premium auditors, attorneys who are retained by our insurance providers or by them, and persons requesting information pursuant to subpoena or court order.

International Transfer of Personal Data

Due to the global nature of our business, for the purposes set out above we may transfer Personal Information to parties located in other countries.  For example, we may transfer Personal Information in order to facilitate international travel insurance claims and facilitate emergency medical assistance services when you are abroad.  We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities. If your data originate in the European Economic Area (EEA), we may send your data outside the EEA for processing and storage. By submitting your personal data to us you are consenting to the storage and transfer of your data in this way. If we do this we will take reasonable steps to protect your data. Such transfer will comply with all applicable data protection regulations and with our obligation to adequately protect and secure your Personal Information.

Retention of Personal Data

Baymac takes reasonable steps to ensure that the Personal Information we process is reliable for its intended use, and as accurate and complete as is necessary to carry out the purposes described in this Privacy Policy. We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Your Consent

By providing your Personal Information to Baymac you consent to the processing, transfer and retention of your personal data. We do not knowingly collect, use, or disclose information of children under the age of sixteen (16) without the consent of their parents or legal guardians. In any instance where such information was collected, it would be purely accidental and unintentional.

Subject and Data Deletion Request

A Subject Access Request is a request from or on behalf of an individual which seeks to discover whether Baymac is processing the personal data of that individual, if so, to have access to that information and, in addition, to be provided with additional information, which corresponds to the information provided in this privacy policy. We endeavor to respond to a verified consumer request within 30 days of its receipt. To exercise the access, data portability, and deletion rights described above please submit a consumer request to us by contacting .

How We Obtain Personal Information

We obtain the categories of Personal Information listed above from a number of sources such as; directly from our clients or their agents, indirectly from our clients or their agents, directly and indirectly from activity on our website ( and from third parties that interact with us in connection with the service we perform.

Use of Personal Information

We may use the personal information we hold about you for the purposes for which the information was collected e.g. providing membership services and benefits including providing you with access to insurance and financial services directly through our third party providers , assisting you with claims and any other related purposes, providing you with our provider’s renewal terms, pricing or statistical purposes. We may also use your data to safeguard against fraud and money laundering and to meet our general legal and regulatory obligations or to respond to law enforcement requests.

Sharing Personal Information

We may disclose your Personal Information for business purposes to third parties involved in providing products or services to us, or to service providers who perform services on our behalf. These include our group companies, affinity partners, brokers, agents, third party administrators, insurers, , reinsurers, other insurance intermediaries, insurance reference bureaus, pension providers, providers of wealth management services, credit agencies, medical service providers, fraud detection agencies, loss adjusters, external law firms, external accountants and auditors, regulatory authorities, and as may be required by law. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose;

  • Identifiers
  • Protected classification
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data
  • Professional or employment-related information.

In the preceding twelve (12) months we have not sold any Personal Information.

Rights Under GGPR

An individual has the right to know what information is held about them. GDPR in the EU provides a framework to ensure that Personal Information is handled properly. This information must be:

  • Processed fairly, lawfully and in a transparent manner
  • Processed for specific, legitimate and lawful purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than necessary
  • Processed in line with an individual’s rights
  • Secure
  • Not transferred other than in accordance with agreed terms and conditions

An individual also has the right to request that their information not be transferred to particular countries. If you would like to submit this request please contact and/or follow the same process below.

Response Times

We endeavor to respond to a verified consumer request within 30 days of its receipt. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes To Our Privacy Policy

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements.  We will place updates on our website.

Information Security

We restrict access to Personal Information about you to those employees who need to know that information in order to provide products and administrative services to you. We maintain physical, electronic and procedural safeguards to guard your Personal Information. If you have any questions concerning our use of your Personal Information, please contact our Legal Affairs and Compliance Department at

For information concerning our insurance coverages and services, please browse our website

Ongoing Access to Privacy Policy

We will provide a notice of our privacy policy annually, as long as you have a continuing customer relationship with us. This policy may change from time to time, but you can always review our current policy by visiting our website at or request a copy of your information by contacting us at our offices below: