Vantage Insurance Solutions LLC. is committed to protecting the privacy of our clients. We stay apprised of developments in data protection laws to help ensure that you can be confident in the safety of your personal data while using our platform.This page is intended to explain what the rules are, how they apply to your use of the Vantage Insurance Solutions LLC. platform and the steps we have taken to comply. This is not intended to comprise legal advice. You should review this document in conjunction with our Privacy Policy and contact a specialist legal professional if you require advice or more information.
Regulation (EU) 2016/679, more commonly known at the General Data Protection Regulation (EU GDPR), is an EU regulation aimed at harmonizing data protection laws across the EU. The EU GDPR is focused on giving individuals more control over how their data is used by companies, and making the collection and processing of data more transparent. The EU GDPR was incorporated directly into UK law following the end of the Brexit transition period, meaning that UK-based businesses and other entities subject to UK law still have to comply with its provisions through the ‘UK GDPR’. This document will refer to the EU GDPR and the UK GDPR, together, as the GDPR.Vantage Insurance Solutions LLC. platform is a data processor. We, through the Vantage Insurance Solutions LLC. platform, store and otherwise process the data you have collected under your instructions. We will never use any personal data which you have uploaded to the Vantage Insurance Solutions LLC. system for our own purposes or without your instruction. Legal basis for processingPersonal data may only be collected and processed if there is a legal basis for doing so. The allowable legal bases are set out in the GDPR. As a processor, Vantage Insurance Solutions LLC. relies on our clients to select the correct basis under which they will be collecting and processing personal data, and to put the appropriate notices or consents in place.
Before you use the Vantage Insurance Solutions LLC. platform, you should take time to identify which legal bases may be available to you, and only collect and otherwise process personal data to the extent necessary to carry out that basis. You should not change the basis under which you have collected personal data without very good reason, so it is important to understand the requirements of the different bases and make sure you select the right one at the start. Data subject access rightsThe GDPR grants data subjects (i.e., your customers) certain rights relating to their personal data, including the right to access, correct and/or delete any data relating to them. Vantage Insurance Solutions LLC. has put in place systems for you to inform us if you receive such a request from a data subject, and for us to inform you if we receive such a request. You should familiarize yourself with the obligations which will be imposed on you, including relating to any personal data you hold on your own systems, or services other than Vantage Insurance Solutions LLC. Data SecurityWe have put in place security safeguards and measures to help ensure that any personal data we hold is stored securely. We regularly test our products for bugs and vulnerabilities.We have regular back-up systems in place as well as data recovery and data integrity systems and processes to help minimize risk of corruption to or loss of personal data.
Encryption: All data is encrypted in transit with TLS version 1.2, or 1.3 and 2,048 bit keys or better. Transport layer security (TLS) is also a default for customers who host their websites on the Vantage Insurance Solutions LLC. platform. Vantage Insurance Solutions LLC. leverages several technologies to ensure stored data is encrypted at rest. Platform data is stored using AES-256 encryption. User passwords are hashed following industry best practices, and are encrypted at rest.
Encryption keys for both in transit and at rest encryption are securely managed by the Vantage Insurance Solutions LLC platform. TLS private keys for in transit encryption are managed through our content delivery partner. Volume and field level encryption keys for at rest encryption are stored in a hardened Key Management System (KMS). Keys are rotated at varying frequencies, depending upon the sensitivity of the data they govern. In general, TLS certificates are renewed annually. Vantage Insurance Solutions LLC is unable to use customer supplied encryption keys at this time.
We take our duties as a processor very seriously. We have put in place a number of procedures and taken a number of steps to help ensure that we comply with the GDPR such as:
We have tools designed to detect personal breaches and to inform our clients as soon as possible.
We are able to deal with subject access requests and rights of erasure requests, and to inform you when a data subject has made such a request to us.
We have assessed and documented the personal data processed by us on your behalf.
We encrypt personal data at rest and in transit and have implemented other security measures to ensure a level of security appropriate to the risk of processing your personal data.