Privacy Policy

Privacy Policy

PRIVACY POLICY
 
PACIS INSURANCE PRIVACY NOTICE
Pacis Insurance Company Limited, (collectively “PACIS”, “we” and “us”) respect your privacy and are committed to protecting your personal data. We adhere to all applicable data protection and privacy laws globally. This Privacy Notice describes the types of Personal Data that we collect on our USSD, Web Portal, API Platform, website, and other communication with us, how we use Personal Data, with whom we share it and your rights and choices with regards to your Personal Data. Please read this Privacy Notice carefully and ensure that it is understood as it forms part of your agreement with Pacis Insurance.
 By supplying us with your information, you agree to the terms outlined in this policy.
 
1. DEFINED TERMS
The following terms will have the meanings indicated below. Please refer to our Terms of Service for any capitalized terms that are not defined in this notice.
 
“Other Information/Data ” is any information or Data that does not reveal your specific identity or does not directly relate to an individual, such as Services usage data.
 
“Personal Data / Information” is information or Data that identifies you as an individual or relates to an identifiable person, such as name, ID, postal address, telephone number, email address, credit card number, social media account ID and any other information relating thereto. It does not include strings of code such as browser cookie IDs.
 
2. HOW /WHEN WE COLLECT YOUR PERSONAL DATA
Most of the personal data we process is provided to us directly by you when you:
  1. Create an account on the Web Portal Platform and USSD.
  2. Start using our services, visit our website, or register for more information on a specific service and/ or product.
  3. Register to attend or have attended an event organized by Pacis Insurance Co Ltd, subscribe to our e- newsletter, blog or a webinar or participate in discussions on our social media platforms and handles.
  4. Participate in market studies, surveys, or promotions.
  5. Fill in application proposal forms.
  6. Fill in claim forms.
  7. Fill in intermediary application forms.
We also collect personal and device information when you:
  1. Make payments to us.
  2. Apply to us for employment or internship.
  3. Call or otherwise contact us including via SMS, USSD, email, website, or social media handles.
  4. Apply to us for supply pre-qualification.
We also receive Personal Data indirectly when:
  1. Our clients or suppliers provide us with contact details of their representatives and personnel who will be our business contact points.
  2. An employee or job applicant gives us contact details of their referees.
  3. Our background check services feed us with information when you apply for a job at Pacis Insurance Co Ltd.
We may collect data directly or through our approved and authorized insurance intermediaries and those appointed or acting on your behalf.
 
We may collect information about you from various approved service providers.
  1. Re-insurance companies, locally and internationally.
  2. Our external advocates
  3. Valuers
  4. Investigators
  5. Assessors
  6. Loss adjusters
  7. Medical practitioners and medical institutions
  8. Insurance investigators

We also automatically collect certain information, such as your Internet protocol (IP) address, user settings, cookie identifiers, and other unique identifiers, browser or device information, and location information (including approximate location derived from IP address)

3. PERSONAL DATA COLLECTED
The information we collect may vary depending on the product or service we are offering or the relationship you have with us. Personal information we may collect, and process include but is not limited to:
 

Type of Information

Examples

Identity data & general information

Name, telephone number, mobile phone number, email address, postal address, physical address, gender, marital status, Date of birth

Government generated information

National ID number, Passport number, KRA PIN, NHIF number, NSSF number

Employment & educational information

Educational background, employment history, professional licenses & affiliations

Financial data

Bank account details

Audio visual information

Photographs, video & audios.

Information relating to the product being offered

Personal property eg cars, houses owned, travel information, household items, claim history

Sensitive personal data

Biometric data, health status such as previous and current health conditions, habits and lifestyle such as whether one smokes or takes alcohol, hospital admission history, major medical procedures undertaken, dependents personal information

 
 
Sensitive personal data will only be processed under strict legal grounds, including your explicit consent, the fulfilment of legitimate legal obligations, the protection of vital interests, or as required by law. To ensure the highest privacy standards, this data will be safeguarded through robust measures such as encryption, strict access controls limited to authorized personnel, and other advanced security protocols.
 
4. PURPOSE FOR PERSONAL DATA COLLECTION
We may process your Personal data for legitimate business purposes or to comply with a legal obligation, including but not limited:
  1. To enter a contract with you. As part of our Know-Your- Customer (KYC) and Customer Due Diligence (CDD) process, it is important that you provide us with Personal Data that will enable us to perform our contract with you. If you do not provide or enable us to collect the necessary information, we shall not be able to provide Pacis Insurance Services and/or Products to you.
  2. To create, and administer policies, fulfil and record transactions, and provide you with related assistance (e.g. technical help, answer inquiries relating to Personal Information, etc.).
  3. To send administrative information to you, for example, information regarding our services and changes to our terms, conditions, and policies.
  4. To send you marketing communications and offer other materials that we believe may be of interest to you, such as to send you newsletters or other direct communications.
  5. To facilitate social sharing functionality if you choose to do so.
  6. For carrying out research such as customer satisfaction surveys and risk assessments or actuarial analysis to enhance our products and services.
  7. For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements.
  8. For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
  9. For responding to legal duties, insurance related, such as requests from public and government authorities such as Financial Reporting Centre (FRC), Insurance Regulatory Authority (IRA), KRA etc. 
5. DATA COLLECTION BEING PURSUANT TO THE LAW & CONSEQUENCE FOR NON-PROVISION 
In pursuant to the provisions of legal & regulatory requirements and obligations, you are obliged to provide personal data to us. The data availed aids in customer verification ahead of provision of our products or services to you. Failure to provide your personal data may mean we cannot be able to avail our products or services to you as a fulfillment to the contract.
 
6. HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
Pacis insurance is committed to keeping your personal information confidential and secure. We may sometimes share your information with third parties in cases where we have a legitimate reason to do so or are required by law to disclose it. In such cases, we will only share the information necessary for achievement of data collection purpose, legal, protection or safety purposes.
 
 

Purpose

Legal Framework

Third Party

Maintaining good customer relation- Communicating with clients

Renewal notification

  1. Client’s consent
  2. Fulfilment of Contractual obligation.
  3. Robust data protection measures including data sharing Agreement.
  4. Legitimate interest e.g. sharing of fraud prevention data, improving customer service
  1. Telcom service Providers
  2. Intermediaries

Premium collection/ refund, debt recovery, Claims, Service provider, commission, and any other payment

  1. Fulfilment of Contractual obligation.
  2. Robust data protection measures including data sharing Agreement.
  3. Legitimate Interest e.g. sharing outstanding debt and other related financial details
  1. Banks
  2. Debt recovery agencies
  3. Micro-finances Banks
  4. Intermediaries

Claims Settlement/ Management

  1. Fulfilment of Contractual obligation
  2. Legitimate interests (providing efficient claims processing and validity of claims, fraud prevention.)
  3. Legal compliance
  4. Claim assessment and Valuation.
  5. To establish, defend or prosecute legal claims
  1. Claims investigators.
  2. Lawyers
  3. Loss Adjustors
  4. Experts/ Assessors
  5. Garages
  6. Health professionals
  7. Re-insurance

Legal and regulatory Compliance

  1. Compliance with Legal and regulatory Obligation
  2. Legal authority where the regulator may request your data.
  3. Legitimate Interest e.g. Fraud prevention data, Suspicious Transactions Activity data
  1. Regulatory/Supervisory Bodies (e.g. KRA, IRA, FRC)
 
7. TRANSFER OF YOUR PERSONAL DATA
In the event that we transfer your data outside Kenya, we shall ensure that we do it in line with the guided legal & regulatory standards. Circumstances that may make us transfer your data outside Kenya include when we need appropriate data protection safeguards e.g storage of your data in a server located outside Kenya but in a country that is guided by the General Data Protection Regulations or when following your express consent that we transfer your data outside the country among other reasons in furtherance to our legitimate interest. Safeguards for these transfers may include transferring data only to countries that provide an adequate level of data protection, using legally binding agreements such as Standard Contractual Clauses, or obtaining your explicit consent before proceeding with the transfer.
 
8. HOW WE SECURE YOUR PERSONAL DATA
We secure your personal data by taking adequate security measures that are commensurate with the type of personal data collected or processed. To this end, Pacis Insurance will maintain appropriate physical, technical, and administrative security measures which may include encryption, Pseudonymization, access Control, data Minimization, regular Audits and Assessments, with a view to protecting personal data against theft, accidental loss, access, unauthorized alteration, unauthorized or accidental access, processing use, erasure, or unlawful destruction. 
 
We continuously train all our staff on data security and privacy to ensure they handle all the information they receive with the utmost confidentiality. Further, before we engage any third-party processor vendor and service provider, we check their security practices and alignment with the applicable Data Protection Laws, implement legally binding agreements such as data protection agreements and regularly conduct our vendors’ and service providers’ security and privacy assessments.
 
9. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Subject to Applicable Data Protection Laws, you have the following rights:
  1. To be informed of how Pacis Insurance will use your data.
  2. To access your personal data in our custody.
  3. To object to processing all or part of your personal data unless we can demonstrate a compelling legitimate interest for the processing which overrides your interest or for the establishment, exercise or defence of a legal claim. – FORM
  4. To request that we correct your personal data where it is false, misleading, inaccurate, or incomplete. – FORM
  5. To request that we erase your personal data. In some situations, we may have a legitimate basis to continue processing your data even if you withdraw your consent. This is because any processing that was done before you withdrew your consent remains lawful. – FORM
  6. Right to data portability. You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another controller or processor without hinderance.
  7. To not be subjected to automated decision making, including profiling. We may from time to time make decisions based on the automated processing of your personal data. In such instances, you will be informed, in writing, whenever a decision based on automated processing is taken.
 
10. HOW TO ACCESS, CORRECT, DELETE OR EXERCISE OTHER RIGHTS REGARDING YOUR PERSONAL INFORMATION
If you would like to make a request to access, correct, object to the use, restrict or delete Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at dataprotectionoffice@paciskenya.com with the subject line “Data Subject Request.” We will respond to your request consistent with applicable law.
 
You have a right to lodge complaints pertaining to the processing of your personal data with the relevant data protection supervisory authority.
 
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
 
Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. 
 
11. MARKETING RELATED EMAILS
The information you provide may be used by Pacis Insurance for marketing purposes, such as one-off promotional emails, mobile text messages, direct mail, and sales contacts. When we process your information for marketing purposes, we do so on the basis that it is in our legitimate interest to do so, or, in the case of our email notification service, that it is necessary to perform our contract with you.
 
If at any point you no longer wish to receive marketing-related communications, you may opt out by clicking the unsubscribe link in any marketing-related email sent by us. To stop receiving marketing-related SMS, you can reply “STOP” to any SMS message you receive from us. You can also contact us to update your marketing preferences. 
 
Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
 
12. TRACKING AND ADVERTISING
We and our third-party service providers may collect Other Information in a variety of ways. 
 
We and/or our third-party partners may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on the Services by informing us what content is effective. We will seek your explicit consent before placing certain types of cookies on your device. For other tracking technologies, we rely on legitimate interests to improve our services, provided that such interests are not overridden by your privacy rights.
 
You can view our Cookies Policy for more details. To manage your preferences, you can adjust your cookie settings through your browser at any time.
 
13. SIGN-IN SERVICES
You can log in to some of the Services using sign-in services such as Google OAuth, or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address.
 
14. TESTIMONIALS, RATINGS AND REVIEWS
If you submit testimonials, ratings or reviews to the Services, any Personal Information you include may be displayed in the Service.  If you want your testimonial removed, please contact us at dataprotectionoffice@paciskenya.com
 
We may also partner with third-party service providers to collect and display ratings and review content on our website.
 
15. LIMITATION
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft or any other app developer, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Services, including our social media pages.
 
16. HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain your Personal Information for as long as needed or permitted considering the purpose(s) for which it was obtained and consistent with applicable law.  In compliance with the Kenya National Archives and Documentation Service Act, we are required to retain personal data for seven years after the termination of your contract, the data will either be securely destroyed or anonymized after this period, ensuring it cannot be accessed or reconstructed.
 
17. CHANGES TO THIS PRIVACY NOTICE
We may make changes to this Privacy Notice from time to time. Any changes we make will become effective when we post a modified version of the Privacy Policy to https://www.pacisinsurance.com/privacy-policy. If we make any material changes to the Privacy Notice, we will notify you by posting notice within the applicable Services, or by sending you an email. 
 
If you continue using the Services after any notice of any such changes, it means you have accepted them. If you do not agree to any changes, you must stop using the Services, as applicable. It is your obligation to ensure that you read, understand, and agree to the latest version of the Privacy Policy. The “Version History” table at the top of the Privacy Policy indicates when it was last updated.
 
This Website Privacy Statement was updated on 24th October 2024.
 
18. CONTACT US
If you have any questions or clarification regarding this Privacy Policy, you can contact us via email at dataprotectionoffice@paciskenya.com