KOIL PRIVACY STATEMENT
Definitions

“KOIL”, “we”, “our”, or “ours” “us” means Kenya Orient Insurance Limited, and includes its successors in title and assigns, its affiliates and/or its subsidiaries.

“You” (which includes personal representatives and assigns) holding a Policy with us and includes (where appropriate) any person you authorize to give us instructions, the person who uses any of our products and services or accesses our websites.

“Customer” shall include both the masculine and the feminine gender as well as juristic person.

Any agent, supplier or service provider who has signed an agreement with us and is recognized as a service provide, supplier or agent in accordance with any applicable laws or Regulations.

Introduction

KOIL respects your privacy and is committed to protecting your personal data. This privacy statement aims to give you information on how we collect, use, disclose and/or process the personal data you have provided to us and also to assist you in making informed decisions before giving us access to your personal data. This privacy statement should also be read in conjunction with our Terms and Conditions for products and services.

Collecting Information from You

We collect your personal information with your knowledge and consent when you do any of the following (please note that this list is not exhaustive):

  • • Apply for a specific product or service.
  • • Ask for more information about our product or service or contact us with a query or complaint.
  • • Respond to or participate in a survey, marketing promotion, prize competition or special offer.
  • • We may also collect your information from other organizations including criminal investigative agencies, health practitioners, fraud prevention agencies and business directories.
  • • We may collect your information when you interact with us as a supplier as prescribed in this statement.
  • • We may also collect information when you visit any of our premises.
  • • When you interact with our sales agents they may collect personal information.
  • • We may also automatically collect Profile Data, Usage Data and Technical Data by using cookies, server logs, diagnostic information, communications logs and other similar technologies. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service.
What Information is Collected

The information we collect and store about you includes but is not limited to the following:

  • • Your identity including your name, address, location, phone number, identity document number, date of birth, email address, age and gender.
  • • Personal information such as passport photos, Marital status, employment status, and Next of Kin.
  • • Medical records and health declarations.
  • • Your account information, information about your bank account numbers.
  • • Financial information.
  • • Name of your employer.
  • • Your signature specimen.
  • • Name, family details, age, profiling information such as level of education, bank account status, income brackets.
  • • Your contact with us, such as when you: call us or interact with us through social media (we may record your conversations, social media or other interactions with us).
  • • Information as required by Regulators, such as KYC and AML (Know Your Client and/or Anti Money Laundering regulations) and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with you, which we may request and/or obtain from third party sources.
How do we obtain such information?
  • 1. Make an application, buy or use any of our products and or services on our electronic and digital platforms.
  • 2. Use any of our products and/or services online, on a mobile or other device or in any of our branches or with any of our agents or merchants.
  • 3. CCTV footage and other information obtained through electronic means on our premises.
  • 4. When we require personal information from you in order to fulfil a statutory or contractual requirement, or where such information is necessary to enter into a contract or is otherwise an obligation, we will inform you and indicate the consequences of failing to do so.
  • 5. We may obtain data from third parties when verifying details supplied by you and information collected from publicly available sources such as Companies Registry. Such third parties may include fraud prevention agencies.
  • 6. Other information about an individual that you or they disclose to us when communicating with us.

In addition, we may collect, store and use information about you while you access our services through online means, such as the browser or device you use to access our sites and platforms, how you use the sites, traffic and location data refer to our Cookie Policy.

Use of Information

We may use and analyse your information for the following purposes:

  • • Processing applications for products and services, effecting payments, transactions and completing instructions or requests.
  • • Responding to any of your queries or concerns.
  • • Verifying your identity information through publicly available and/or restricted government databases in order to comply with applicable regulatory requirements.
  • • Assessing suitability for products and services.
  • • Carrying out credit checks and credit scoring.
  • • Keeping you informed generally about new products and services and contacting you with any new product unless you opt out of receiving such marketing messages (you may contact any of our subsidiaries at any time to opt out of receiving marketing messages or by sending stop to the number provided in the sms).
  • • To comply with any legal, governmental or regulatory requirement or for use by our lawyers in connection with any legal proceedings.
  • • In business practices including to quality control, training and ensuring effective systems operations.
  • • To understand how you use our products and services for purposes of developing or improving products and services.
  • • Preventing and detecting fraud or other crimes and for debt recovery.
  • • For research, statistical, survey and other scientific or business purposes.
  • • Provide aggregated data (which do not contain any information which may identify you as an individual) to third parties for research and scientific purpose.
  • • Administer any of our online platforms/websites.
Lawful Basis for processing your information

We will process your personal information based on any of the lawful basis provided for under the Data Protection Law.

Where personal data relates to a child, we will process the personal data only where parental or legal guardian consent has been given. The processing of such data will be done in a manner that protects and advances the rights and best interests of the child.

We’ll only use your information where we have your consent or where we have another lawful reason including:

  • 1. To carry out our obligations from any contracts entered into between you and us or to take steps to enter into an agreement with you.
  • 2. Verifying your identity information through publicly available and/or restricted government databases to comply with applicable Know Your Customer (KYC) requirements.
  • 3. Assessing the purpose and nature of your business or principal activity, your financial status and the capacity in which you are entering into the business relationship with us.
  • 4. To meet our regulatory compliance and reporting obligations.
  • 5. To provide our services to you, manage your policies and our relationship with you.
  • 6. To respond to your queries and complaints to us and any other requests that you may have made to us.
  • 7. Identifying your source of income and similar information.
  • 8. To keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you unless you have indicated at any time that you do not wish us to do so.
  • 9. To prevent, detect, and investigate fraud and alleged fraud practices and other crimes.
  • 10. Any purpose related to the prevention of financial crime, including sanctions screening, monitoring of anti-money laundering and any financing of terrorist activities.
  • 11. To verify your identity in order to protect you and your assets.
  • 12. To evaluate, develop and improve our services to you and other customers.
  • 13. To protect our business interests and to develop our business strategies.
  • 14. To contact you, by post, phone, text, email and other digital methods.
  • 15. Where processing of personal data is carried out on behalf of KOIL, we have a separate contract with the processor with respect to this processing. This contract ensures compliance with Data Protection Act 2019 and defines sufficient guarantees for the implementation of appropriate technical and organizational measures, which ensure the protection of your rights.
Disclosure and Information Sharing

We will respect the confidentiality of the personal data you provide to us.

Any disclosure of your information shall be in accordance with applicable laws and regulations. The company shall assess and review each application for information and may decline to grant such information to the requesting party.

We may disclose your information to:

  • • Law-enforcement agencies, regulatory authorities, courts or other statutory authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law.
  • • Our associates, partners, software developers or agents who are involved in delivering the company’s products and services you order or use.
  • • Fraud prevention and Anti money laundering agencies, credit- reference agencies.
  • • Publicly available and/or restricted government databases to verify your identity information in order to comply with regulatory requirements.
  • • Insurance regulator,brokers, Agents, garages or related organizations on contract with us.
  • • Survey agencies that conduct surveys on behalf of the company.
  • • Any other person that we deem legitimately necessary to share the data with.

We shall not release any information to any individual or entity that is acting beyond its legal mandate.

Marketing

We may use your personal data to conduct market research and surveys with the aim of improving our products and services and for marketing purposes, promotional events, competitions and lucky draws.

You can ask us to stop sending you marketing messages at any time by writing to us or by following the opt out option on any marketing message sent to you or by attending to us or contacting us at any time through the provided contact.

Retention of Information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The statutory legal requirement is 7 years. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements. Anonymized information that can no longer be associated with you may be held indefinitely.

Your Rights

Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your personal data. These are listed below: -

  • a. Right to be informed that we are collecting personal data about you.
  • b. Right to access personal data that we hold about you and request for information about how we process it.
  • c. Right to request that we correct your personal data where it is inaccurate or incomplete.
  • d. Right to request that we erase your personal data noting that we may continue to retain your information if obligated by the law or entitled to do so.
  • e. Right to object and withdraw your consent to processing of your personal data. We may continue to process if we have a legitimate or legal reason to do so.
  • f. Right to request transfer of your personal data in [an electronic format].

In exercising your right as provided above, we may request specific information from you to help us confirm your identity. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Data Security

We will use technical and organizational measures to safeguard your personal data from being accidentally lost, used, or accessed in an unauthorized way, for example:

  • • Access to your account is controlled by a password and username that are unique to you.
  • • We store your personal data on secure servers.
  • • We encrypt your data while in transit.

No data transmission over the internet can be guaranteed to be totally secure. However, we take steps to secure the information you provide to us. We cannot guarantee the security of any information you transmit to us or that we retain. By using our services, you expressly acknowledge and agree that its use is at the user’s risk. You should note that the information that you submit to us is also stored on your device in unencrypted form and you agree that the onus is on you to password-protect access to your device to ensure that your information stored on your device remains secure. Your communications may route through a number of countries before being delivered - this is the nature of the internet

KOIL will not accept responsibility for any unauthorized access or loss of personal data that is beyond our control, including access or loss caused by you failing to passwordprotect access to your device.

International Data Transfers

Your data is primarily stored in our data centres located within Kenya and some data resides abroad using cloud technologies. Where personal data is transferred outside Kenya, KOIL shall ensure appropriate safeguards are implemented in accordance with applicable data protection laws.

Your consent to this Privacy statement followed by your submission of such information represents your agreement to that transfer.

Exceptions

We acknowledge that there will be exceptional circumstances where personal data can be processed without the data subjects consent. There may be limitations on data subject rights when required by the law or when there are competing rights and therefore it will require an assessment based on the facts and circumstances.

Right to Lodge Complaint

You have the right to lodge a complaint with the relevant supervisory authority that is tasked with personal data protection within the Republic of Kenya.

Changes to Our Privacy Statement

KOIL reserves the right to amend this privacy statement at any time. All amendments to this statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this statement.

Contacting Us

If you would like to contact us on any topics in this privacy statement, please write to us
you can email us: data.protection@kenyaorient.co.ke

 Download Cookie Policy