Privacy Statement

This Privacy Statement explains how Trade Credit Underwriters (“TCU”), a cell of Davies Segregated Account Company Ltd (“Davies SAC”) based in Bermuda, collects and processes personal data on its marketing website. We collect users’ names, emails, and messages via our contact form; emails for our newsletter; and anonymized traffic data through Vercel Web Analytics, which uses no third‑party cookies but instead hashes incoming requests. We rely on legitimate interest to process form submissions and newsletter sign‑ups—and consider analytics tracking strictly necessary to secure and improve our site. We serve a global audience, so GDPR (EU/UK), CCPA, and Bermuda’s PIPA (effective January 1, 2025) apply. Data is stored encrypted in AWS US East 1, shared only with essential processors under Data Processing Agreements, and retained only as long as necessary or until you request deletion. We implement strong encryption, environment separation, and access controls, and follow a 72‑hour breach‑notification protocol under GDPR/PIPA). You have rights of access, correction, deletion, objection, and data‑portability, and may contact our privacy lead at any time.

Contact Form

• Name, email, message submitted by visitors who use our contact form.
• Users may enter pseudonyms or fake details; we process whatever you provide to respond accurately.

Newsletter Sign-Up

• Email address for those opting into our periodic newsletter.

Website Analytics

• Anonymized traffic data via Vercel Web Analytics, which does not set third‑party cookies but uses a hash from each request. Data is automatically discarded after 24 hours.

• Respond to inquiries: We need your contact details to provide accurate answers and protect our team.
• Send newsletters: We use your email to deliver content you’ve requested.
• Marketing: We may email relevant updates or offers, balanced against your rights.
• Analytics & Site Improvement: Statistical insights help secure the site and enhance user experience.

• Legitimate Interest (GDPR Art 6(1)(f)): Processing form submissions and newsletter sign‑ups is necessary for the services you request.
• Analytics: Considered strictly necessary for site security and functionality—and exempt from ePrivacy consent rules due to Vercel’s cookie‑free approach.
• We document a Legitimate Interest Assessment (LIA) confirming our interests do not override your privacy rights.

• No third‑party cookies are used. Only strictly necessary cookies may be set for session management.
• Vercel Web Analytics provides privacy‑friendly tracking, hashing requests without cross‑site profiling.
• You may opt out of analytics by contacting us; no additional banner or consent platform is deployed, as no non‑essential cookies are used.

• Processors: AWS (US East 1), Resend email service, Microsoft 365, Vercel Analytics.
• We have Data Processing Agreements in place with each vendor, ensuring compliance with GDPR/PIPA requirements.
• Cross‑Border Transfers: Transfers from Bermuda/UK to AWS US East 1 rely on EU Standard Contractual Clauses under GDPR Art 46.

• Encryption in transit (TLS) and at rest.
• Environment separation for development, staging, and production.
• Role‑based access controls to restrict data access to authorized personnel only.
• Privacy Officer: Designated Privacy Officr oversees data protection compliance (PIPA “privacy contact”).

We retain personal data only as long as necessary to fulfill the purposes outlined or until you request deletion.

Periodic reviews ensure outdated data is securely deleted or anonymized, in line with GDPR and Bermuda PIPA principles.

In the unlikely event of a data breach, we will notify the relevant supervisory authority (e.g., ICO, Bermuda Privacy Commissioner) within 72 hours of discovery.

Affected individuals will be informed without undue delay if there is a high risk to their rights and freedoms.

Under GDPR, UK GDPR, CCPA, and Bermuda PIPA, you may:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data or restrict processing.
• Object to marketing or analytics processing.
• Port your data to another provider.
• Opt‑out of any sale of personal information (none are sold).

Requests can be made free of charge via the contact details below.

If you have any questions, wish to exercise your rights, or request deletion, please contact:

We may update this Privacy Statement periodically; changes will be posted here with the revision date.