WOLFPACK GLOBAL HEALTH PRIVATE INTERNATIONAL HEALTHCARE CLUB
← BACK TO HOME

LEGAL

SECURITY, PRIVACY AND
DATA PROTECTION POLICY

Effective Date: May 26, 2026 Last Updated: May 26, 2026

1. Introduction

WolfPack Global Health Ltd. (“WolfPack,” “Company,” “we,” “us,” or “our”) is an international healthcare distribution, marketing, administrative and member support company incorporated and operating in Basseterre, St. Kitts and Nevis.

WolfPack supports, distributes, coordinates and administers international healthcare participation and insurance-related services in cooperation with licensed international insurers, underwriting partners, third-party administrators (“TPAs”), claims administrators, compliance providers, reinsurers, technology providers and payment processors.

This Security, Privacy and Data Protection Policy (the “Policy”) explains how we collect, process, store, transfer, disclose and protect personal information in connection with:

  • our website;
  • quotation and application processes;
  • underwriting support;
  • policy administration support;
  • premium collection assistance;
  • customer and member support;
  • claims coordination assistance;
  • compliance obligations; and
  • all related operational, distribution and intermediary services.

By using our website, requesting quotations, applying for coverage or otherwise engaging with our services, you acknowledge and agree to the practices described in this Policy.

2. Regulatory Status

WolfPack Global Health Ltd. acts solely as an international healthcare distribution, marketing and administrative intermediary and is not itself an insurance carrier, underwriter or regulated insurer unless explicitly stated otherwise in writing.

Insurance products and related protection structures distributed through WolfPack are issued and underwritten by independent licensed insurance companies and regulated partners (the “Insurer”).

Depending on the relevant transaction and applicable law, WolfPack may act as:

  • an independent data controller;
  • a joint controller together with the Insurer; or
  • a service provider acting on behalf of the Insurer.

The Insurer remains independently responsible for:

  • underwriting decisions;
  • policy issuance;
  • policy administration;
  • claims adjudication;
  • reserve management; and
  • applicable insurance regulatory obligations.

3. Applicability and International Operations

This Policy applies to all individuals whose personal information is processed by WolfPack in connection with international healthcare distribution and related operational services, regardless of geographic location.

Because WolfPack operates internationally, personal information may be processed in multiple jurisdictions, including but not limited to:

  • St. Kitts and Nevis;
  • European Union member states;
  • the United Kingdom;
  • the United States;
  • the Caribbean; and
  • other jurisdictions where insurers, TPAs or operational service providers operate.

Where applicable, WolfPack endeavors to comply with:

  • the laws of St. Kitts and Nevis;
  • internationally recognized privacy principles;
  • applicable anti-money laundering regulations;
  • insurance distribution regulations;
  • cybersecurity obligations; and
  • applicable international privacy laws, including GDPR principles where relevant.

WolfPack prioritizes modern international operational security standards designed to support globally connected member infrastructure.

4. Personal Information We Collect

We may collect, process and store the following categories of information.

4.1 Identity and Contact Information

  • full legal name;
  • date of birth;
  • gender;
  • nationality;
  • residential address;
  • mailing address;
  • email address;
  • telephone number;
  • residency status; and
  • passport or government identification information where legally required.

4.2 Insurance and Underwriting Information

  • desired insurance coverage;
  • underwriting questionnaires;
  • policy effective dates;
  • beneficiary information;
  • dependent and family member information;
  • insurance history;
  • prior claims history; and
  • risk assessment information.

4.3 Sensitive Health Information

Subject to explicit consent and applicable law, we may process:

  • medical conditions;
  • diagnoses;
  • medications;
  • treatment records;
  • medical examinations;
  • physician reports;
  • hospitalization history;
  • disability information;
  • laboratory results; and
  • other health-related information necessary for underwriting, policy administration or claims support.

4.4 Financial Information

  • billing addresses;
  • payment card information;
  • banking information;
  • premium payment history;
  • refund information; and
  • transaction verification information.

Payment card information is generally processed through regulated third-party payment processors and not stored directly by WolfPack except where legally required.

4.5 Technical and Website Information

  • IP address;
  • browser type;
  • operating system;
  • device identifiers;
  • website interaction logs;
  • cookies and analytics data;
  • access timestamps; and
  • referral URLs.

4.6 Compliance and Verification Information

To comply with legal and regulatory obligations, we may collect:

  • sanctions screening information;
  • anti-money laundering verification information;
  • politically exposed person (PEP) screening results;
  • fraud prevention data; and
  • identity verification documentation.

5. Legal Bases for Processing

Depending on the applicable jurisdiction and the nature of the processing activity, we process personal information on one or more of the following legal bases.

5.1 Contractual Necessity

Processing necessary for:

  • providing quotations;
  • arranging insurance coverage;
  • administering policies;
  • collecting premiums;
  • assisting with claims;
  • communicating regarding contractual obligations; and
  • operational member support.

5.2 Explicit Consent

We rely on explicit consent for:

  • processing sensitive health information;
  • medical underwriting;
  • marketing communications where required by law; and
  • certain international data transfers.

By submitting insurance applications and medical disclosures, the applicant expressly consents to the processing of sensitive medical and health-related information for underwriting, compliance, fraud prevention, policy administration and claims handling purposes.

5.3 Legitimate Interests

We may process information where necessary for legitimate business interests, including:

  • fraud prevention;
  • cybersecurity;
  • system monitoring;
  • customer relationship management;
  • internal administration;
  • legal risk management;
  • business analytics;
  • infrastructure optimization; and
  • service improvement.

5.4 Legal and Regulatory Obligations

We may process personal information to comply with:

  • anti-money laundering laws;
  • sanctions regulations;
  • court orders;
  • insurance regulations;
  • tax obligations;
  • governmental requests; and
  • law enforcement requirements.

6. Purposes of Processing

We use personal information for the following purposes:

  • evaluating insurance applications;
  • facilitating underwriting reviews;
  • issuing and administering policies;
  • collecting premiums and processing refunds;
  • communicating policy updates;
  • verifying identity;
  • conducting sanctions and AML screening;
  • assisting with claims administration;
  • fraud detection and prevention;
  • cybersecurity and incident response;
  • compliance monitoring;
  • legal defense and dispute resolution;
  • customer and member support;
  • improving products and services; and
  • marketing similar products and services where legally permissible.

7. Health Data and Medical Confidentiality

Health information constitutes highly sensitive personal information.

WolfPack implements enhanced technical, contractual and organizational safeguards to protect medical information from unauthorized access, misuse, disclosure or loss.

Access to health information is restricted strictly to:

  • authorized underwriting personnel;
  • authorized compliance personnel;
  • the Insurer;
  • licensed medical reviewers;
  • claims administrators; and
  • legally authorized service providers.

All personnel handling medical information are subject to confidentiality obligations.

8. Anti-Money Laundering (AML) and Compliance Screening

WolfPack may conduct:

  • identity verification;
  • sanctions screening;
  • anti-money laundering reviews;
  • fraud prevention reviews;
  • politically exposed person (PEP) screening;
  • source-of-funds verification; and
  • adverse media checks.

We may refuse services, delay transactions or terminate relationships where legally required or where compliance concerns arise.

WolfPack reserves the right to disclose information to competent authorities where required by applicable law or regulatory obligation.

9. Disclosure of Information

We do not sell personal information.

We may disclose personal information only where reasonably necessary and legally permissible.

9.1 Disclosure to Insurers

Information may be shared with insurers for:

  • underwriting;
  • policy issuance;
  • claims administration;
  • fraud prevention;
  • compliance; and
  • reinsurance purposes.

The Insurer acts as an independent controller regarding its own processing activities.

9.2 Disclosure to Service Providers

We may share information with:

  • IT providers;
  • cloud hosting providers;
  • payment processors;
  • customer support providers;
  • claims administrators;
  • TPAs;
  • legal advisors;
  • auditors; and
  • cybersecurity providers.

All such providers are subject to contractual confidentiality and security obligations.

9.3 Regulatory and Legal Disclosures

We may disclose information:

  • pursuant to court orders;
  • to regulatory authorities;
  • to law enforcement agencies;
  • for anti-fraud investigations;
  • to protect legal rights; and
  • to defend legal claims.

9.4 Corporate Transactions

Information may be transferred as part of:

  • mergers;
  • acquisitions;
  • restructuring;
  • financing transactions;
  • portfolio transfers; or
  • sale of assets.

10. International Data Transfers

Because WolfPack operates internationally, personal information may be transferred across borders.

Where required by applicable law, WolfPack implements appropriate safeguards for international transfers, including:

  • contractual safeguards;
  • data processing agreements;
  • confidentiality obligations;
  • encryption standards;
  • access controls;
  • digital infrastructure protection measures; and
  • internationally recognized transfer mechanisms.

Where applicable, transfers involving European Economic Area data may utilize:

  • Standard Contractual Clauses (SCCs);
  • supplementary technical safeguards;
  • transfer impact assessments; and
  • equivalent lawful transfer mechanisms.

By engaging with our services, users acknowledge that international transfers may occur.

11. Data Retention

WolfPack retains personal information only for as long as reasonably necessary for:

  • contractual obligations;
  • underwriting purposes;
  • claims administration;
  • regulatory compliance;
  • legal defense;
  • accounting obligations;
  • anti-money laundering requirements; and
  • fraud prevention.

Retention periods may vary depending on:

  • applicable law;
  • insurer requirements;
  • dispute risks; and
  • regulatory obligations.

Unless otherwise required by law, information may be retained for a period of up to ten (10) years following termination of the customer relationship or longer where required by applicable law or regulatory obligation.

Following expiration of retention obligations, information will be securely deleted, anonymized or archived in accordance with applicable legal requirements.

12. Data Security

WolfPack maintains commercially reasonable administrative, technical and physical safeguards designed to protect personal information.

Security measures may include:

  • encryption of sensitive information;
  • secure socket layer (SSL/TLS) technology;
  • multi-factor authentication;
  • role-based access controls;
  • cybersecurity monitoring;
  • penetration testing;
  • security audits;
  • endpoint protection;
  • logging and monitoring;
  • employee confidentiality obligations; and
  • mandatory privacy and cybersecurity training.

Despite reasonable safeguards, no electronic transmission or storage system can be guaranteed to be completely secure.

Accordingly, WolfPack cannot guarantee absolute security.

13. Data Breach Response

In the event of a data security incident affecting personal information, WolfPack may:

  • investigate the incident;
  • contain and remediate the issue;
  • notify affected insurers or partners;
  • notify affected individuals where legally required; and
  • cooperate with regulatory authorities.

WolfPack reserves the right to determine the scope, timing and method of any notifications in accordance with applicable law and operational necessity.

14. Your Rights

Subject to applicable law and regulatory limitations, individuals may have the right to:

  • request access to personal information;
  • request correction of inaccurate information;
  • request deletion of information;
  • request restriction of processing;
  • object to certain processing activities;
  • withdraw consent;
  • request portability of certain data; and
  • request information regarding international transfers.

Certain rights may be limited where:

  • legal obligations apply;
  • retention obligations exist;
  • fraud prevention requirements apply;
  • insurance regulations restrict deletion; or
  • litigation holds exist.

Requests may be submitted using the contact details below.

WolfPack reserves the right to verify identity before responding to requests.

15. Marketing Communications

Where legally permitted, WolfPack may send communications regarding:

  • insurance products;
  • renewals;
  • policy updates;
  • related financial services;
  • promotions; and
  • educational materials.

Recipients may opt out of marketing communications at any time by:

  • following unsubscribe instructions; or
  • contacting WolfPack directly.

Operational and contractual communications may still be sent where necessary.

16. Cookies and Tracking Technologies

WolfPack websites may use:

  • cookies;
  • analytics technologies;
  • tracking pixels;
  • session identifiers; and
  • advertising technologies.

These technologies may be used for:

  • website functionality;
  • analytics;
  • fraud prevention;
  • performance monitoring; and
  • marketing optimization.

Users may control cookie settings through browser preferences.

Disabling cookies may affect website functionality.

Additional cookie disclosures may be provided through separate cookie notices or consent banners.

17. Third-Party Websites

WolfPack websites may contain links to third-party websites or services.

WolfPack is not responsible for:

  • third-party privacy practices;
  • third-party content;
  • external security measures; or
  • external processing activities.

Users should review third-party privacy policies independently.

18. Children’s Privacy

WolfPack services are not directed toward children.

We do not knowingly collect personal information directly from minors except where necessary for dependent insurance coverage and submitted by a parent or lawful guardian.

19. Limitation of Liability

To the maximum extent permitted by applicable law, WolfPack shall not be liable for:

  • indirect damages;
  • consequential damages;
  • incidental damages;
  • business interruption;
  • cyberattacks;
  • unauthorized third-party access;
  • internet failures;
  • force majeure events;
  • insurer decisions;
  • underwriting outcomes; or
  • claims denials by insurers.

Nothing in this Policy excludes liability where exclusion is prohibited by applicable law.

20. Governing Law and Jurisdiction

This Policy shall be governed exclusively by the laws of St. Kitts and Nevis, without regard to conflict-of-law principles.

Any dispute, claim or controversy arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the courts of Basseterre, St. Kitts and Nevis.

Where mandatory consumer protection laws apply, certain users may retain additional rights under applicable law.

21. Changes to This Policy

WolfPack reserves the right to amend, modify or update this Policy at any time.

Updated versions will be published on the website together with the revised effective date.

Continued use of the services following publication of updated terms constitutes acceptance of the revised Policy.

22. Contact Information

For questions regarding this Policy or data protection matters, please contact:

WolfPack Global Health Ltd.
Basseterre
St. Kitts and Nevis

Phone: +1 843 289 6402
Email: info@wolfpackglobalhealth.com

23. Complaints

Individuals who believe their personal information has been processed unlawfully may contact WolfPack directly.

Where applicable under relevant law, complaints may also be submitted to competent regulatory or supervisory authorities.

24. Important Disclaimer

This Policy is intended for informational and compliance purposes only and does not constitute legal, insurance or regulatory advice.

Nothing in this Policy creates a fiduciary relationship, guarantees insurance coverage or modifies the terms of any insurance policy.

Insurance coverage is governed exclusively by the applicable policy wording issued by the relevant Insurer.

In the event of conflict between this Policy and the applicable insurance policy, the insurance policy shall prevail.

↑ Back to top