Data Privacy

Who does this Privacy Policy apply?

This privacy policy describes how we handle personal information about the following people in relation to AiCare-powered insurance policies:

  • People who request a quote, either directly or via a broker
  • Insurance policyholders
  • People who make a claim against one of our policyholders
  • Witnesses and other third parties whose information we may receive
  • People who participate in AiCare marketing promotions
  • We process personal information in line with Kenya’s Data Protection laws and other relevant laws that apply

The personal information we may collect about you

Types of Personal Data

Individual details

  • Name
  • Address
  • Other contact details such as email and phone numbers
  • Gender
  • Date and place of birth
  • Image
  • Details of family members including their relationship to you

Identification details

  • ID/Passport number
  • KRA pin
  • Driving licence details
  • NHIF number
  • Other relevant licences

Financial information

  • Bank account and /or payment details
  • M-Pesa number

Risk details

Information to assess risk and provide insurance quotes, including:

  • Vehicle make and model
  • Vehicle valuation
  • Vehicle registration date and other logbook information
  • Any previous claims and/or accidents

Policy information

  • Information about the quotes you receive and policies you take out

Telematics

  • Driving behaviour
  • Location
  • Frequency of vehicle use
  • Time of use
  • Mileage

Where we collect your personal information

We may collect personal information about you from:

  • You
  • Your broker/agent
  • Your family members
  • Your employer or their representative
  • Other companies in the insurance market
  • Claims registers
  • Government agencies such as NTSA (to check licence and vehicle information), iTax (to verify KRA pin details), IPRS (to verify ID details)
  • In the event of a claim, third parties including other party to the claim, witnesses, experts, loss adjusters, legal advisers and claims handlers
  • Other publicly available sources of information, including social media

How we use and disclose your information

Below is a summary of the different stages of the insurance relationship. Further details about how we use and disclose your personal information are set out in the subsequent sections of this privacy policy.

Quotation/Inception:

  • Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
  • Evaluating the risks to be covered and matching to appropriate policy/premium
  • Payment of premium where the insured/policyholder is an individual

Policy Administration:

  • Client care, including communicating with you and sending you updates
  • Payments to and from individuals

Telematics:

  • Determining driving behaviour and driving patterns
  • Developing flexible telematics rating models

Claims Processing

  • Managing insurance and reinsurance claims
  • Defending or prosecuting legal claims
  • Investigating or prosecuting fraud

Renewals

  • Contacting the insured/policyholder to renew the insurance policy
  • Evaluating the risks to be covered and matching to appropriate policy/premium
  • Payment of premium where the insured/policyholder is an individual

Other purposes

These include anything outside of the insurance lifecycle but necessary for the provision of insurance throughout the insurance lifecycle period:

  • Complying with our legal or regulatory obligations
  • General risk modelling and testing
  • Transferring books of business, company sales and reorganisations
  • The purchase by AiCare (or its insurance partners) of reinsurance coverage and reinsurance claims.

Disclosing and sharing of your information

To assess the terms of your insurance contract, or to deal with any claims, we may need to share information like your name, address, date of birth, and ID number. The recipients of this information could include (but not limited to) other insurers, other group companies who provide administration or support services, government agencies (NTSA, Police etc)

For claims handling, the recipients could include(but are not limited to) external claims handlers, loss adjusters, courts, legal and other expert advisers, and third parties who are involved in the claim.

 

Accepting and Administering Your Policy

If you pay premiums via a credit facility, we may share your information with credit reference agencies and other companies for use in credit decisions, to prevent fraud and to find people who owe money. We share information with other insurers, certain government organisations and other authorised organisations. We may verify driving licence and vehicle information with NTSA.

If you ask us to transfer your policy to another broker, we will disclose details of your policy (including any other people covered by the policy), any claims made and any other related information to the new broker at your request.

Insurance underwriting

We look at the possible risk in relation to your prospective policy (or anyone else involved in the policy) so that we can:

  • Consider whether to accept a risk;
  • Make decisions about providing and dealing with insurance and other related services for you and members of your household;
  • Set price levels for your policy;
  • Confirm your identity to prevent money laundering; and
  • Check the claims history for you or any person or property likely to be involved in the policy or a claim at any time. We may do this:
    • When you apply for or change your insurance;
    • If there is an accident or a claim; or
    • At the time you renew the policy.

Managing claims

If you make a claim, we may need to release information to another person or organisation involved in that claim. This includes, but is not restricted to, your broker, your legal representative, others involved in the incident, their insurer, their solicitor or representative and medical teams, authorised repairers, the police or other investigators. We may have to investigate your current claim and your claim and conviction history. This may involve external claims handlers, loss adjusters, legal and other expert advisers. We might also share your information with survey organisations to obtain feedback on the service we provide to you.

Under the conditions of your policy, you must tell us about any incident (such as an accident or theft) which may or may not result in a claim. When you tell us about an incident, we will pass information relating to it to centrally managed claims registers which are operated on behalf of the insurance industry.

Call Recording

You should note that some telephone calls may be recorded or monitored, either by us, for example calls to or from our claims department, customer services team and underwriting department, or on our behalf by our third-party suppliers. Call recording and monitoring may be carried out for the following purposes:

  • training and quality control;
  • as evidence of conversations; and/or
  • for the prevention or detection of crime (e.g. fraudulent claims).

Preventing or detecting fraud and other criminal offences

We will check your information against a range of registers and databases for completeness and accuracy. We may also conduct searches of publicly available sources of information including social media to verify claims and detect and prosecute fraud. We may share your information with law enforcement agencies, legal advisers, investigators, other organisations and public bodies.

If we find that false or inaccurate information has been given to us, or we suspect fraud, we will take appropriate action. Law enforcement agencies may access and use this information.

Consent and the Legal Basis for Processing Your Personal Information

Most of the personal information you provide to us is needed for us to assess your request for insurance, to enter into the insurance contract with you and then to administer that contract. Some of the information is collected for fraud prevention purposes.

If we need your consent to use any specific information, we will make that clear at the time we collect the information from you. You are free to withhold your consent or withdraw it at any time, but if you do so it may impact upon our ability to provide insurance or pay claims.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a data breach where we are legally required to do so.

Retention

We will keep your personal data only for as long as is necessary for the purpose for which it was collected. In particular, we will retain your information for as long as there is any possibility that either you or we may wish to bring a legal claim under or relating to your insurance, or where we are required to keep your information for legal or regulatory purposes. We have various different retention periods for different types of claims and other records. If you would like more information about this, please contact us at info@aicare.co.ke .

We may keep anonymised data for longer periods for analysis and modelling purposes.

Your Rights

You have rights under the Data Protection laws including the right to access the information we hold about you and receive a copy of that information (subject to any legal restrictions that may apply), to have the information corrected if it is inaccurate, and to have it updated if it is incomplete.

You can also find out about any automated decisions we make that affect your insurance or premiums.

We may ask for proof of your identity before we can respond to your request.

We will ask your permission before carrying out any marketing. You have the right to opt out of receiving marketing at any time. You can use the unsubscribe option that is included in all our marketing emails or contact us at info@aicare.co.ke.

In very limited circumstances and only where you have given us your express consent, we may pass your data to a third party so that they can contact you for marketing purposes. In such circumstances, we may act as a data processor in collecting your consent and sending it to the third party, and the third party will be a data controller in respect of the relevant data. You should refer to the relevant third party’s privacy policy for further information on how they use your data.

In certain circumstances you may also have the following rights:

  • The right to have your data deleted
  • The right to restrict or object to the processing of your personal data
  • Where you have provided personal data voluntarily, or otherwise consented to its use, the right to withdraw your consent
  • The right to receive a copy of the personal information which you have provided to us, in a structured, commonly used and machine-readable format or to request that we transfer that information to another party (known as “data portability”)