Data Privacy Statement - Geminia Insurance

Home » Data Privacy Statement

1 INTRODUCTION AND GENERAL TERMS

Geminia Insurance Company relies on the goodwill and trust of the public. We are committed to safeguarding your personal data. When you provide us with your personal data, we are legally obliged to use the personal data in line with all laws concerning the protection of personal data, including the Data Protection Act 2019 (the “Data Protection Act” or the “DPA”) and its subsidiary regulations. We are also bound by Companying sector rules of confidentiality.

Please read this Data Privacy Statement carefully to understand our personal data management practices. This Data Privacy Statement explains:

What personal data we process
How we use the personal data.
Why we need the personal data.
Who we will share your personal data with.
Your rights and how to exercise them.
When we will use your personal data to contact you; and
How to contact us.

2. WHAT PERSONAL DATA DOES THE COMPANY COLLECT?

Any information about you and/or information from which you can be directly or indirectly recognized is referred to as personal data. Your name, phone number, address, national identity card number, and other information are examples of personal data.

Different types of personal data about our customers, employees, service providers, agents, and other stakeholders may be collected, processed, stored, and transferred by us.

The table below summarizes the type of personal data that we collect and process.

Type of information	Examples
Identification Information	Individual Accounts (Adults): Birth Certificate, passport, national ID, military ID, driving license, KRA pin. Individual Accounts (Minors): Birth Certificate, parent’s/guardian’s national ID, passport, military ID, driver’s license, KRA pin. Incorporated and Unincorporated Bodies: Identities of the shareholders, beneficiaries, partners, trustees and directors of an entity.
Contact Information	Telephone/mobile number, postal address, physical address, email address. .
General information	Date of birth, marital status, age, gender, dependents details, profession.
Employment and educational information	Employment history, educational background including educational institutions attended, professional membership etc.
Medical Information	Health status, previous and current ailments, hospital admission history, injury or disability information, personal habits such as whether one smokes or drinks alcohol, major medical procedures undertaken.
Financial & Credit Information	Bank Account number, credit/debit card number, financial statements, previous transactions, credit information from licensed credit rating bureau, etc.
Digital Information	We process your digital information such as your IP address, the device type used to access the service and the duration for which your session lasted when you use our digital services. Such digital information will be collected by our systems and processed in line with our IT Policy and our Cookie Policy. We shall, however, ask for your consent prior to placing cookies on your devices.
Audio-visual information	Photographs, telephone recordings, CCTV surveillance videos.
Information relating to a specific product we are offering.	Property information such as cars, houses, personal household items and other personal assets, travel information, business and shareholding information, claim history.
Sensitive Personal Information	Property details, race, health status, marital and family status including names of children, gender.

3. DO YOU COLLECT DATA FROM ANY OTHER SOURCES?

Geminia Insurance always aims to collect your personal information directly from you but sometimes it may not always be possible to do so. We may also obtain personal information from other third parties, such as governmental organizations, open databases, etc. When you use our website and other digital platforms, we might additionally collect personal information via the use of technology like cookies. In situations where personal information is collected from third parties, we must do it strictly in accordance with the terms of the Data Protection Act 2019 and its subsidiary Regulations.

We may collect personal data from sources such as:

Application forms, proposal forms, claim forms and other forms that you fill in.
Meetings, telephone conversations and other forms of communication.
People appointed to act on your behalf.
Social media applications such as Twitter, Instagram, Facebook, LinkedIn, etc.
Our website (https://www.geminia.co.ke)
Employers
Other Companies and financial institutions working with us to serve you.
Licensed credit rating bureau.
Fraud prevention agencies.
Publicly available sources, such as media stories and online registers or directories.

4. WHAT LEGAL BASIS DOES THE COMPANY HAVE TO COLLECT MY DATA?

The Company may only process your personal data where there is a lawful basis to do so.

Information	Lawful basis
Contact Information	Required for the Company to verify your instructions and act on them accordingly. Required to communicate with you on the provision of our services to you, to help you manage your account and to keep you updated on developments affecting your account. Required to meet our reporting requirements under local and international laws Protects the legitimate interests of the Company as it enables us to provide you with information about our products and services that you may be interested in. We will make sure your consent is obtained prior to sharing any marketing material.
Transaction Information	Required in order for the Company to provide you with the services you require. Required to meet our reporting requirements under local and international laws. Protects the legitimate interests of the Company as it enables the Company to detect, prevent and investigate fraud, money laundering and other crimes. Protects the legitimate interests of the Company as it enables us to optimize our products depending on your needs and usage patterns. Your transaction information may be aggregated and processed in an unidentifiable form for purposes of statistical analysis and market research. With your consent, our analysis of your spending patterns may be used to market certain products and services to you. You may withdraw your consent to such marketing at any time after giving it.
Identification Information	Required in order for the Company to enter into a contract with you. It also enables the Company to verify your instructions and act on them accordingly. Required to meet our reporting requirements under local and international laws.
Credit Information	Protects the legitimate interests of the Company as it enables us to better provide credit services in a more cost-effective manner by allowing us to provide better lending rates to customers with a proven history of repaying their outstanding loans. It also enables us to run our business with care and prudence by making sure assets are protected.
Digital Information	Required in order for the Company to provide you with the services you require. Protects the legitimate interests of the Company for cybersecurity purposes and enables the Company to optimize our products depending on your needs and usage patterns.
Surveillance Data	Protects the legitimate interests of the Company in detecting and preventing crime. Protects the legitimate interests of the Company as it enables us to monitor complaints, train our staff and be more responsive to your needs.

5 . HOW LONG WILL MY DATA BE HELD?

Your personal data will be held for as long as you are a customer of the Company. Once you cease to be a customer, we will only retain the personal data necessary for the purposes of:

Establishing or defending a legal claim.
Fulfilling a legal obligation.
Fraud monitoring; or
Business analysis or audit purposes.

We may, however, retain any derivative information (such as statistical data and analytics) for an indefinite amount of time on the condition that such data will have all personal markers removed and your personal data will be unidentifiable.

6. YOUR RIGHTS AND HOW TO EXERCISE THEM

You have rights when it comes to how we handle your personal data. These include rights to:

Description of Right	When is the right applicable?
Right to object to processing of personal data – You have the right to object to how your personal information is processed. You must use the legal form titled "Request for restriction or objection to the processing of personal data" that is available on our website to exercise this right.	The right is not absolute, and we may decline a request if we have valid grounds and can show that doing so would be contrary to your interests. This would be the case, for example, when we must provide your personal information to a government agency acting within its legal authority, despite your request not to, or when doing so is necessary for our defense against a legal claim. If we have to deny your request, we will always let you know why. This right, however, is unassailable in the case of direct marketing.
*Right to restrict processing of personal data* – In some situations, you have the right to request that the processing of your personal data be stopped. You should use the legal form titled "Request for restriction or objection to the processing of personal data" that is available on our website to exercise this right.	This right is not absolute and is only applicable in the following situations: You contest the accuracy of your personal data. Your personal data has been unlawfully processed and you oppose its erasure and request restriction instead. You no longer need your personal data, but we need to keep it to establish, exercise, or defend a legal claim. You have objected to the processing while we investigate whether our use of your personal data is justified.
*Right to access personal data* - You have the right to access your personal information and learn how it is being used and processed. You should use the official "Request for access to personal data" form that is available on our website to exercise this right.	If you need to access your personal data in another format, you can fill out the form as long as you give us the proper notice and follow any other instructions we may give you.
*Right to rectification of personal data*- You have the right to ask that inaccurate, untrue, outdated, misleading or incomplete personal information be corrected/updated. To do this, you need to utilize the legal "Request for rectification" form found on our website to exercise this right.	The option to decline with justification is always open, subject to our discretion. Where the request to rectification is denied, we will notify you in writing of that refusal within 7 days and shall provide reasons for refusal.
*Right to erasure*– YYou have the right to request that your personal information be deleted or otherwise removed from our systems. This right is also known as "the right to be forgotten." You must use the official "Request for erasure of personal data" form found on our website to exercise this right.	The right to erasure does not apply when processing of your personal data is required for one of the following reasons: To exercise the right to freedom of expression and information. To comply with a legal obligation, such as our need to keep your personal information on file in the event of an ongoing investigation. To carry out a task carried out in the public interest or in the exercise of official authority. For scientific research, historical research, or statistical purposes if erasure is likely to render such purposes impossible or seriously impair their accomplishment. For the establishment, exercise, or defense of a legal claim.
*Right to complain to the Office of the Data Commissioner.*	This right is available always in a manner recommended by the Data Protection (General) Regulations 2021 and The Data Protection (Complaints Handling and Enforcement Procedures) Regulations 2021.
*Right to withdraw consent to processing of personal data.*	This right only applies where personal data is processed based upon your consent.
*Right to data portability*- You have the right to get your personal information in a structured, generally accepted, and machine-readable format so that you can easily transfer it to another third party. You must use the statutory "Request for Data Portability" form that is available on our website to exercise this right.	This right is always available as long as it is technically possible for us to give the personal data in the required format.
*Rights relating to automated decision*- making and profiling- You have the right to be free from decisions that are purely the result of our automated processing, including profiling, and that have a significant and legally binding effect on you.	This right is not applicable when a decision is: Required for the formation or performance of a contract between you and us. Permitted by a legislation that we are required to follow and that specifies appropriate safeguards for your rights, freedoms, and legitimate interests. Based on your consent.

7. WILL I BE SUBJECT TO ANY AUTOMATED DECISION MAKING?

We may use automated decision-making to evaluate certain aspects relating to you, in particular to analyze or predict aspects concerning your economic situation, credit limits, money laundering involvement, political exposure, payment reliability, behavior and dormant account status. Any decision the Company makes based on automated processing will be reviewed by a Company official in order to avoid algorithm bias and similar loopholes. We will let you know of this and will give you an opportunity to request for a review of any decision made by automated means.

We may also use automated decision making for marketing purposes to choose personalized offers, discounts or recommendations to send you.

8. WILL I BE CONTACTED FOR MARKETING PURPOSES?

In accordance with your email and contact settings, we may send you marketing information about our financial products or services using your personal data, such as your contact details (such as your name, address, email address, and telephone number).

The Company will only contact you for marketing purposes where you have provided us with freely given consent to do so. We may market our services through post, telephone, text message and any other digital methods that may become available in the future. Consent will be sought before any such marketing applications commence.

You can opt out of receiving marketing information from us by clicking “Unsubscribe” in any email or text message (SMS) you get from us or from us through one of our many communication channels.

9. WILL THE COMPANY SHARE MY PERSONAL DATA WITH ANYONE ELSE?

The Company may, from time to time, share your personal data with third parties. Such disclosures will be done in accordance with the law and, where necessary, with your consent. Below are some of the circumstances under which your personal data may be shared:

Type of Third Party	Example
Geminia Companies	Geminia Insurance and Geminia Life Insurance
Government Authorities	We may share personal data with Regulators such as Insurance Regulatory Authority, Capital Markets Authority, Financial Reporting Centre and Retirement Benefits Authority in compliance with a legal requirement.
Business Partners	Where legally permitted including to establish, exercise or defend our legal rights, we may share personal data with third party service providers such as auditors, lawyers, actuaries, accountants, medical service providers, banks, assessors, loss adjustors, re-insurers insurance brokers and agents, Independent Financial Advisers, other insurance companies, stock brokers, fund managers, licensed Credit Rating Bureaux, other business partners and other third party vendors and outsourced service providers that assist in carrying out business activities.
Industry Associations	Where legally permitted personal data may be shared with industry associations such as Association of Kenya Insurers.
Law Courts	Your personal data may be shared in the event that a court order is obtained requiring that such information be shared.

The Company will not, under any circumstances, share with, or sell your personal data to, any third party for marketing purposes and you will not receive offers from other companies or organizations as a result of sharing your personal data with us.

10. SECURITY OF PERSONAL INFORMATION AND DATA BREACH

Personal information and data are handled with care and integrity. Geminia Insurance has implemented physical, electronic, and managerial procedures to safeguard and secure the information collected. Geminia Insurance warrants that it will monitor and test its systems from time to time, and further agrees to adjust its data safeguards from time to time in light of relevant circumstances or the results of any relevant testing or monitoring. If we suspect or become aware of any unauthorized access to your data by any unauthorized person or third party or become aware of any other security breach relating to personal data held by us under this Agreement, we shall immediately notify you in writing and shall fully cooperate with you at our expense to prevent or stop such data breach. In the event of such data breach, Geminia Insurance shall fully and immediately comply with applicable laws and shall take the appropriate steps to remedy such data breach.

11. WHERE WE STORE YOUR PERSONAL DATA AND WHERE SUCH DATA MAY BE TRANSFERRED OUTSIDE KENYA

Your data shall be stored in Kenya. It may sometimes be necessary to transfer personal data to third parties overseas, such as service providers, associated organizations, partners and agents. This will only be done where the transfer is necessary to enable us to:

Perform our obligations under a contract between the Company and yourself. For example, when the reinsurance company seeks your personal information in relation to the insurance policy and we reinsure your risk as part of our legitimate interest.
Assist in any matter of public interest as part of a decision made by the Office of the Data Commissioner. For example, in cases where the Data Commissioner has released a list of nations with adequate data protection protections, we choose to retain your data there to serve our legitimate interests.
Sue or defend ourselves from a lawsuit or exercise a legal claim.
Protect your life or that of somebody else; or
Honour your consent. For example, when you authorize the transfer of your personal data to another jurisdiction.

Your personal data shall only be shared outside of Kenya under an agreement with the third party whereby the third party will uphold certain minimum data protection standards and in accordance with any guidelines issued by the Kenyan Data Commissioner.

Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access.

12. HOW MAY I EXERCISE MY RIGHTS?

You can exercise your rights by making a written request to us or calling us on our telephone number. Your request will be promptly attended to. We undertake to respond to any request for correction, updating or deletion of personal data submitted by e-mail within 14 days and will specify the period of data deletion. Where we are unable to honor your request due to the nature of the process or to protect our own legitimate interests, we shall inform you of the reason for our denial of your request. If you wish to exercise any of your rights under the Data Protection Act, please contact us. You may:

Call us on +254 20 278 2000; or
Email us at privacy@geminia.co.ke ; or
Write to us at:
- Geminia Insurance Limited
- Le’Mac, 5th Floor.
- Church Road, Off Waiyaki Way
- P.O. Box 61316 00200 City Square, Nairobi.

13. COMPLAINTS

If you believe that we have violated your right to privacy and other provided rights regarding your personal data, you have a right to complain to us by visiting us, filling out a complain form or emailing our data protection officer at privacy@geminia.co.ke and we shall resolve the complaint. In addition to that, you have the right to contact the Office of the Data Protection Commissioner.

14. COOKIES

Cookies are small text files that are stored on your browser or device by websites, apps, online media, and advertisements. Geminia Insurance uses cookies and similar technologies to see which parts of our website people use and like as well as to count visits to our Site. We also use cookies for the following purposes:

Remembering user preferences and settings.
Determining the popularity of content.
Analyzing site traffic and trends.
Generally understanding the online behaviors and interests of people who interact with our services.

Please note that the Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Additionally, you can disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-ons settings or visiting the website of its creator. Since cookies allow you to take advantage of some of Geminia Insurance’s essential features, we recommend that you leave them turned on.

15. PRIVACY POLICY UPDATES

Geminia Insurance reserves the right to change the provisions of this privacy policy at any time as long as such changes remain in compliance with prevailing statutes. We will alert you that changes have been made by indicating on the privacy policy the date it was last revised. Your use of the Website following the posting of such revised policy shall constitute your acceptance of any such changes. We encourage you to review our privacy policy whenever you visit the Website to guarantee your understanding of how your information may be collected and used.

16. OUR DATA PRIVACY OFFICER

We have a Data Protection Officer that is responsible for overseeing our data protection initiatives. Please contact the Data Protection Officer with any questions about the operation of this Data Privacy Statement.

Email Address: privacy@geminia.co.ke Phone Number: (+254) 020 278 2000)

The Company reserves the right to change this statement at any time. All changes to this statement will be posted on the website.