BRITAM HOLDING PLC [this includes its Subsidiary Companies Britam Life Assurance Company Kenya Limited, Britam General Insurance Company Kenya Limited and Britam Assets Managers limited in Kenya] (hereinafter referred to as “Britam’’, "we", "us" or "our" in this privacy statement) respects Your privacy and is committed to protecting Your privacy as guaranteed by the Data Protection Act No. 24 of 2019. We have taken reasonable steps to protect the confidentiality of the Personal Information You have furnished to us and its transmission through our Website, Online Portals or Mobile Applications (hereinafter referred to as “Britam’s Digital Services” in this privacy statement). This privacy statement aims to give You information on how we look after Your personal information when You visit Britam’s Digital Services (regardless of where You visit it from).
In the process of You using Britam’s Digital Services or availing of the existing or future services or Facility provided by the said platforms, You may be required to furnish information, personal or otherwise, relating to You, including information that is of a confidential nature (all such information being part of " Personal Information” as defined herein). We protect the data security of our customers and potential customers by complying with all relevant local laws and ensure compliance by our staff with strict standards of security and confidentiality.
Your right to privacy and security as guaranteed by the Data Protection Act No. 24 of 2019 is very important to us. Britam treats Your personal information as private and confidential.
Types of Personal Data That We collect
Personal data means any information relating to an identified or identifiable natural person. The personal data that we collect will depend on the context of our relationship with you. We may collect, use, store and transfer different kinds of personal data about you or persons connected to you which we have grouped together as follows:
- identification information such as name, date and place of birth, national identity card number, passport number, Kenya Revenue Authority personal identification number (PIN), photo, marital status, title, nationality, gender and specimen signature;
- contact information such as email address, postal address, physical address, residential address and telephone number;
- financial information such as bank account details, payment card details, mobile money statements, income, credit history, credit worthiness, bank statements, details about payments to or from you and other details of products and services you have purchased from us;
- information relevant to your insurance policy or relevant to your claim or your involvement in the matter giving rise to a claim;
- information about the nature of your business and commercial assets;
- employment information such as the name of the employer, position in the organization and office address;
- children’s personal data such as the name, date of birth and gender;
- sensitive personal information such as marital status, property details, health status and family details (such as next of kin and beneficiaries);
- marketing and communications information including your preferences in receiving marketing information from us and communication from us;
- online data whenever you use our products and services through our website, mobile applications such as cookies, login data, IP address (your computer’s internet address), browser type and version, ISP or operating system, domain name, access time, page views, location data, how you frequently use our online insurance, banking and other services, our mobile applications or visit our website; or
- profile data such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
How and why we collect personal information
- We collect personal information for the purposes set out in this notice or otherwise communicated to You.
- We collect personal information directly from You when You contact us directly or provide information through Britam’s Digital Services. This personal information is used to create a policy in Your name and to issue You with a policy document or member certificate as proof of cover and to gain access to the benefits of the policy or account. This information is also used to authenticate and verify that Your identity when interacting with Britam. It is used for security purposes to ensure that unauthorised persons do not get access to the information You share with Britam in respect of Your policy or the benefits under Your policy.
- We may collect from and share Your personal information with selected third parties to ensure we meet our responsibilities as a Financial Services Provider. These third parties may include, but are not limited to:
- Regulatory bodies
- Sales Agents, Insurance Brokers, Financial Advisers, and other intermediaries
- Affiliated companies of Britam Holdings Plc
- Credit Reference Bureaus – to establish credit worthiness (If Britam is requested by any regulatory body / bureau to confirm whether or not we have a certain client covered by policy we have to provide this information).
- Other insurers or authorised financial services providers for prevention of fraud - Forensics investigations. Sharing of information would come into play when we have litigation cases and this information is shared with the respective legal representative with Britam and/or member’s employer.
- We collect personal information from and about You for the following purposes, but not limited to:-
- Assess Your individual requirements accurately.
- Process, administer, implement and effect the requests or transactions contemplated by the forms available on Britam’s Digital Services or any other documents You may submit to us from time to time.
- Deliver effective and personalised services to You that comply with applicable regulations.
- Carry out statistical or actuarial research and other analyses undertaken by Britam in order to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services).
- Tell You about services and products available within Britam. This information is used for Marketing purposes giving You access to the broader Britam product offering.
- Constantly improve our offerings to suit Your unique needs.
- To verify and protect Your identity. This information is also used to authenticate or verify Your identity when interacting with Britam. It is used for security purposes to ensure that unauthorised persons do not get access to Your Britam information or benefits.
- Regulatory reporting - Britam is obliged to provide regulatory reporting to the insurance and other regulatory bodies.
- Comply with relevant regulatory requirements, including monitoring and analysing Your account for credit, fraud, compliance and other risk-related purposes as required by law.
- For data matching, internal business and administrative purposes; to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities.
- Personalise the appearance of Britam’s Digital Services, provide recommendations of relevant products and provide targeted advertising on our Customer Portal or through other channels. o Other purposes as notified at the time of collection.
- Other purposes directly or indirectly relating to any of the above.
- We may also use Your Personal Information for the purposes of providing You with any services to which You subscribe, and any service-related activities such as collecting subscription fees from You for those services, and notifying You or contacting You regarding any problem with, or the expiration of, such services. In this regard, it may be necessary to disclose Your Personal Information to one or more Advisors, Assignees and contractors of BRITAM HOLDINGS PLC and their sub-contractors, but such Advisors, Assignees, contractors, and subcontractors will be required to agree to use the information obtained from us only for these purposes.
- We may, and are authorized to, share/part with all Personal Information related to the details and transaction history of the Customers to our Affiliates / banks / financial institutions / credit bureaus / agencies / participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and You shall not hold BRITAM HOLDINGS PLC liable for use or disclosure of Personal Information.
- Without Your personal information, we may not be able to provide or continue to provide You with the products or services that You need. This personal information is used to create a policy in Your name and to issue You with a member certificate and card as proof of cover and to gain access to medical service and manage Your policy. This information is also used to authenticate or verify that You are You when interacting with Britam. It is used for security purposes to ensure that unauthorised persons do not get access to the information You share with Britam or the benefits under Your policy.
- By providing Your personal information to us, You accept that BRITAM may retain Your information for as long as necessary or as provided under this Privacy statement, to fulfil the purpose(s) for which it is collected in compliance with applicable laws and regulations. BRITAM applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use including limiting physical access to data within BRITAM’s systems and encryption of sensitive data when transferring such data.
- Reasonable steps will be taken to delete or destroy, as well as anonymise or pseudonymise the information when it is no longer necessary for any of the purpose above.
Method of collecting data
We will collect and store any information You enter on Britam’s Digital Services.
We store personal information as required by law. We will only retain Your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
Our use of technology to follow Your use of Britam’s Digital Services
We collect and examine information about visits to this website, portal or application. We use this information to find out which areas of Britam’s Digital Services people visit most. This helps us to add more value to our services. This information is gathered in such a way that we do not get personal information about any individual or their online behaviour on other websites.
We use cookie technology on some parts of our Digital Services. A cookie is small pieces of text that are saved on Your Internet browser when You use our website. The cookie is sent back to our computer each time You visit our website. Cookies make it easier for us to give You a better experience online. You can stop Your browser from accepting cookies, but if You do, some parts of our website or online services may not work. We recommend that You allow cookies.
Marketing by post, email or text messages
If You give us permission, we may use Your personal or other information to tell You about products, services and special offers from us or other companies that may be of interest to You. We will do this by post, email or text message (SMS). If You later decide that You do not want us to do this, please contact us at email@example.com and we will stop doing so.
Disclosure of information to third parties
We ask other organisations to provide support services to us. When we do this, they have to agree to our privacy policies if they need access to any personal information to carry out their services. We may share Your personal information for this purpose with the following third parties:- o any person authorised to act as an agent of BRITAM in relation to the distribution of products and services offered by BRITAM
- any agent, contractor or third party service provider (within or outside BRITAM) who provides administration, data processing, telecommunications, computer, payment, debt collection or securities clearing, technology outsourcing, call centre services, mailing and printing services in connection with the operation of BRITAM’s business and BRITAM 's provision of services to You.
- any member company of BRITAM in relation to the provision or marketing of insurance services.
- any agent, contractor or third-party service provider (within or outside BRITAM) including companies that help deliver our services, such as reinsurance companies, investment management companies, claims investigation companies, industry associations or federations.
- other companies that help gather Your information or communicate with You, such as research companies and ratings agencies, in order to enhance the services we provide to You.
- government or regulatory bodies or any person to whom BRITAM company must disclose data.
We may also disclose Your personal information under a legal and/or regulatory obligation in the jurisdiction applicable to the particular third party or pursuant to an agreement between the BRITAM and the relevant government, regulatory body or other person.
From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) or change the structure, nature or legal form and where permitted by law Your personal information may be transferred or disclosed as a part of the purchase or sale or a proposed purchase or sale. In the event that we purchase a business, the personal information received with that business would be treated in accordance with this privacy statement, if it is practicable and permissible to do so.
Transfer across borders
Your personal information may be transferred to, stored, and processed in Kenya or any other jurisdictions where any BRITAM, its subsidiary, or jurisdictions where a third-party contractor is located or from which the third-party contractor provides us services. By providing us with Your personal information or using our services or our Digital Services, You consent to the transfer of such information outside Your jurisdiction to our facilities or to those third parties with whom we share it as described above. We will only transfer Your personal information to countries that have been deemed to provide an adequate level of protection for personal information and we will ask the party to whom we transfer Your personal information to agree to our privacy principles, associated policies and practices as a mandatory condition before transferring the required data to them.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Our website may contain links to or from other websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. When You leave our website, we recommend that You always read the privacy and security notices on these websites.
If any part of our OnlinePortal (or Mobile Applications) contains links to other Online Portals (or Mobile Applications), those sites may not operate under this privacy statement. You are advised to check the privacy statements on those Online Portals (or Mobile Applications) to understand their policies on the collection, usage, transferal and disclosure of personal information.
When we may reveal personal information without consent
BRITAM undertakes not to disclose, except as otherwise provided, the personal information provided by You to any person, unless such action is necessary to:
- Conform to legal requirements or comply with legal process;
- Protect and defend BRITAM's rights, interests or property;
- Enforce the terms and conditions of the products or services or Terms and Conditions;
- Act to protect the interests of BRITAM, or its members, constituents or of other persons; or
- It is in the public Interest; or
- There is a legitimate purpose for the sharing.
Our data security practices
- We have put in place appropriate security measures to prevent Your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- We are committed and obliged to implement all reasonable controls to safeguard access to Your personal information. Where third parties are required to process Your personal information in relation to the purposes set out in this notice and for other legal requirements, we ensure that they are contractually bound to apply the appropriate security practices.
- All use of our website and transactions through it are protected by encryption (secret codes) in line with international standards.
Your rights under this Privacy Notice
A. Your right to access Your personal information
You have the right to verify whether BRITAM holds any personal information about You and to access any such data. You may exercise this right by emailing us at firstname.lastname@example.org. Please note that in some cases we may not be able to comply with Your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request You make and if we can't comply with Your request, we will inform You of the reasons why. If You have any questions regarding this please, let us know at email@example.com .
B. Your right to object to processing of Your personal information
You have the right to object the processing of all or part of Your personal information by BRITAM where there is something about Your particular situation which makes You want to object to processing of Your personal information as You feel it impacts on Your fundamental rights and freedoms. In some cases, however, we may demonstrate that we have compelling legitimate grounds to process Your information which override Your rights and freedoms.
C. Your right to correction of false or misleading data
You have a right to require BRITAM to correct any personal information relating to You which is inaccurate. This enables You to have any false, misleading, incomplete or inaccurate data we hold about You corrected, though we may need to verify the accuracy of the new data You provide to us.
D. Your right to deletion of false or misleading data
You have the right to request BRITAM to delete Your personal information. This enables You to ask us to delete or remove personal information where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with Your request of deletion for specific legal reasons which will be notified to You, if applicable, at the time of Your request.
E. Your right to lodge a complaint
You have a right to complain to us about any concerns You may have regarding how we use Your personal information, through the email and/or contact provided at the end of this privacy statement.
Privacy and security statements that apply to specific online services
Different online services or businesses of BRITAM may have their own privacy and security policies because the service or product they offer may need different or extra policies. These specific policies will apply to Your use of the particular service where they are different from our general policies.
Personal use of emails and notice about checking on emails
Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Britam. We do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that applies.
Changes to the Privacy Statement and Your duty to inform us of changes in Your personal information
We keep our privacy statement under regular review and we may always change this privacy and security notice. We will put all changes on our website. The latest version of our privacy and security notice will replace all earlier versions of it, unless it says differently. It is important that the personal information we hold about You is accurate and current. Please keep us informed if Your personal information changes during Your relationship with us.
Limitation of liability
Our Online Portals (or Mobile Applications) are for general information purposes only. While we use reasonable efforts to ensure the accuracy of the information on our Online Portals (or Mobile Applications), BRITAM does not warrant its absolute accuracy or accept any liability for any loss or damage resulting from any inaccuracy or omission. Without prior permission from BRITAM, no information contained on our Online Portals (Mobile Applications) may be copied (except for personal use), or redistributed.
BRITAM recognizes its responsibilities in relation to the collection, holding, processing or use of personal information. The provision of Your personal information is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with or provide services to You. BRITAM will not collect any information that identifies You personally through its Customer Portal unless and until You buy our products or services, register as a member, or submit personal information for job application purposes.
The data in the Online Portals (or Mobile Applications) cannot be used in a court of law and the information has to be originated from the original policy documents/statements provided by BRITAM.
You are urged to keep the Personal Information current so as to ensure that the services and Facility remain relevant and reach You.
You shall not disclose to any person, in any manner whatsoever, any information relating to BRITAM or its Affiliates of a confidential nature obtained in the course of availing the Facility or use of its Online Portals (or Mobile Applications). Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle BRITAM or its Affiliates to terminate the services or Facility, without prejudice to any damages, to which You may be entitled to or can access otherwise.
You have a right to enquire about BRITAM’s policies and practices in relation to personal information.
If You have any questions about this privacy notice or our data protection policies and practices, please contact our Data Protection Officer in the following ways:
Full name of legal entity: BRITAM HOLDINGS PLC
Email address: firstname.lastname@example.org
Telephone number: +254705100100
Postal address: 30375-00100 NAIROBI, KENYA