1.KUSCCO MUTUAL ASSURANCE LTD PRIVACY STATEMENT
Welcome to KUSCCO Mutual Assurance Ltd (hereinafter “KMAL”) Privacy Statement.
Your right to privacy and security is very important to us. KMAL treats personal
information as private and confidential.
“KUSCCO Mutual Assurance Ltd,” “We,” “our,” “ours,” and “us,” means KMAL and
includes its successors in title and assigns, its affiliates and/or its subsidiaries as may
from time to time be specified to you.
“Personal data” or “personal information” means: Information about you or
information that identifies you as a unique individual, such as your name/s and
surname combined with your physical address, contact details and/or
“Processing” collectively means handling, collecting, using, altering, merging, linking,
organizing, disseminating, storing, protecting, retrieving, disclosing, erasing,
archiving, destroying, or disposing of your personal information.
“Sensitive personal information” includes data revealing your race, health status,
ethnic social origin, conscience, belief, genetic data, biometric data, property details,
marital status, family details including details of your children, parents, spouse or
spouses, sex or sexual orientation.
Customer – (which includes personal representatives and assigns) operating an
Account held with us and includes (where appropriate) any person you authorize to
give us instructions, the person who uses any of our products and services or accesses
our websites. “Customer” shall include both the masculine and the feminine gender as
well as juristic person.
Any agent, dealer and/or merchants who has signed an agreement with us and is
recognized as a merchant or agent in accordance with any applicable laws or
Any visitor that is a person (including contractors/subcontractors or any third parties)
who gains access to our premises.
Any supplier/ service provider who has been contracted by KMAL
Any external lawyer who has tendered his/her application and/or signed a service
level agreement with KMAL.
The word “includes” means that what follows is not necessarily exhaustive and
therefore the examples given are not the only things/situations included in the
meaning or explanation of that text.
3.HOW AND WHY WE COLLECT PERSONAL INFORMATION
Personal data means any information relating to an identified or identifiable natural
person. The personal data that we collect will depend on the context of our
relationship with you. We may collect, use, store and transfer different kinds of
personal data about you or persons connected to you which we have grouped together
a)Identification information such as name, date and place of birth, national
identity card number, passport number, Kenya Revenue Authority personal
identification number (PIN), photo, marital status, title, nationality, gender and
b)Contact information such as email address, postal address, physical address,
residential address and telephone number.
c)Financial information such as bank account details, payment card details,
mobile money statements, income, credit history, credit worthiness, bank
statements, details about payments to or from you and other details of products
and services you have purchased from us.
d)Information relevant to your insurance policy or relevant to your claim or your
involvement in the matter giving rise to a claim.
e)Information about the nature of your business and commercial assets.
f)Employment information such as the name of the employer, position in the
organization and office address.
g)Children’s personal data such as the name, date of birth and gender.
h)Sensitive personal information such as marital status, property details, health
status and family details (such as next of kin and beneficiaries).
i)Marketing and communications information including your preferences in
receiving marketing information from us and communication from us.
j)Online data whenever you use our products and services through our website,
mobile applications such as cookies, login data, IP address (your computer’s
internet address), browser type and version, ISP or operating system, domain
name, access time, page views, location data, how you frequently use our online
insurance, banking and other services, our mobile applications or visit our
k)Profile data such as your username and password, purchases or orders made by
you, your interests, preferences, feedback and survey responses.
If we need information about other people connected to you, we may request you to
provide the information in relation to those people. If you are providing information
about another person, we expect you to ensure that they know you are doing so and
are content with their information being provided to us. It might be helpful to show
them this Privacy Statement and if they have any concerns, please contact us on the
The list below shows you the various ways we may collect your personal information
(please note that this list is not exhaustive):
We may collect personal data directly from you.
In most instances, we collect personal data directly from you when you fill in forms or
communicate with us through our contact details.
This includes personal data you
provide when you:
∙Apply for our products or services;
∙Create an account on our website;
∙Register for our products offered through mobile and online platforms;
∙Request marketing information to be sent to you;
∙Give us feedback or contact us;
∙Provide goods or services to us as a supplier or contractor; or
∙Interact with our website. We collect this personal data by using cookies and
You can find out more about this in our cookies and website policy;
We may collect your personal data from a number of third parties or publicly available
sources; such as the National Transport and Safety Authority (NTSA) or other
government institutions that may hold your personal data.
In some instances, we will receive your personal data from various third parties or
publicly available sources including:
∙Identity and contact data from the Government of Kenya’s e-citizen and
Integrated Population Registration Services platforms;
∙Identity and contact data from publicly available sources such as the Companies
Registry and the Business Registration Service;
∙Contact, financial and transaction data from land registries, industry databases
such as credit reference agencies, fraud prevention agencies and providers of
technical, payment and delivery services;
∙Medical professionals and hospitals;
∙Social media. If you are a potential candidate for employment with KMAL, we
may have received your personal data from third parties such as recruiters or
∙Directly from an individual or employer (or your employer’s service provider)
who has a policy with us under which you are insured.
∙Directly from an employer which funds a cover that we administer where you are
∙Directly from a person who is making a claim or application and they include
information about you which is related to their claim or application.
∙From your family members when they make enquiries about purchasing a
product for you or including you on their insurance, when you ask them to make
a claim on your behalf, or where you may be incapacitated or otherwise unable to
provide information yourself when we need it;
∙Your insurance intermediary if you have one.
∙Third parties who assist us in checking that claims are eligible for payment.
3.2 Use of Personal Information
We will only use your personal data within the confines of the law. Most commonly, we
will use your personal data in any of the following circumstances:
∙Where we need to perform the contract, we are about to enter into or have
entered into with you.
∙To assess whether you are eligible for our products and services.
∙Where you consent to our use of your personal data.
∙Where we need to comply with or fulfil legal or regulatory obligations and
protecting ourselves and our clients against fraud.
∙Where we need to protect your vital interests and the vital interests of third
parties (for example when paying out sums to beneficiaries under your policies).
∙Where it is necessary for our legitimate interests (or those of a third party) such as
maintaining our records, developing, assessing and improving our products and
services, risk evaluation, underwriting, managing arrangements with reinsurers,
managing claims, improving our customer administration and engagement as
well as complying with our Know Your Customers (KYC) requirements.
∙To establish, exercise or defend our legal rights such as when we are faced with
any legal claim or where we want to pursue any legal claims.
∙To advertise and market to you our latest products and services (please note that
if you do not want to receive our marketing information you may opt-out
anytime by contacting us at any time).
∙To send you important notices such as changes to our terms, conditions and
policies or unusual activity with respect to any of your accounts with us.
∙If you apply for an employment position at KMAL or we note that you are a
potential candidate for employment, we may use your personal data in
evaluating your candidacy and to contact you about the employment
∙Where we receive your personal data from third parties, we may use it to validate
the information you have provided to us or for fraud prevention purposes.
∙To enable you use the services available through our website and mobile and
online applications including registering you for our services and verifying your
identity and authority to use our services.
∙To address fraud or safety concerns, or to investigate complaints or suspected
fraud or illegality.
∙To monitor and analyse the use of our products and services for system
administration, operation, testing and support purposes.
∙To cooperate with, respond to requests from, and to report transactions and/or
other activity to, government, tax or regulatory bodies, financial markets, brokers
or other intermediaries or counterparties, courts or other third parties.
3.3 Retention and Disposal
We will only retain your personal data for as long as may be reasonably necessary to
fulfil the purpose we collected it for, including for the purposes of satisfying any legal,
regulatory, tax, accounting or reporting information.
We may retain your personal data for a longer period if the retention is:
∙Required or authorized by law;
∙Reasonably necessary for a lawful purpose.
∙Authorized or consented by you.
∙Is necessary for purposes of responding to a complaint or if we reasonably
believe there is a prospect of litigation in respect to our relationship with you.
∙For historical, statistical, journalistic, literature and art or research purposes.
It is important that the personal data we hold about you is accurate and the most
recent. We encourage you to keep us informed in case of any changes of your personal
data during your relationship with us.
3.5 Third Party Disclosure
Subject to your rights and the applicable laws, we may share your personal data with
the third parties set out below:
∙Entities comprising KMAL or its affiliates.
∙Public authorities or governments when required by law, public interest, national
security, regulation, legal process or enforceable governmental request.
∙Our third-party service providers who help us manage our products and services
including those service providers who maintain our IT and office systems and
provide marketing and advertising services.
∙To service providers that provide application processing, fraud monitoring, call
centre and/or other customer services, hosting services and other technology
and business process outsourcing services.
∙Persons or entities that you explicitly request us to transfer your personal data to
∙Your relatives, guardians or persons acting on your behalf where you are
incapacitated or for the purposes of paying out claims to your beneficiaries.
∙Financial advisers, business partners and third-party administrators who help us
manage our products and services.
∙Banks or financial institutions within the country and outside the country where
you either transfer or receive payments from the said banks or financial
∙Insurers, reinsurers and brokers who help us manage and underwrite our
products and provide us with reinsurance and insurance services.
∙Our professional advisers such as auditors, tax advisers, insurers, reinsurers,
medical agencies, legal advisers who act on our or your behalf, or who represent
another third party.
∙Investigators and claims experts who help us handle claims.
∙Medical institutions and professionals where we may require to access your
health records and assessments for the purpose of arranging or facilitating your
∙Third parties connected with the sale, transfer or disposal of our business.
∙To counterparty banks, payment infrastructure providers and other persons from
whom we receive, or to whom we make, payments on our clients’ behalf.
∙Debt collection agencies, credit reference agencies, fraud detection agencies and
other agencies that we will contract to provide services to us.
3.6 Data Security
We have put in place appropriate security measures to prevent your personal data
from being accidentally lost, used or accessed in an unauthorized way, altered or
disclosed. In addition, we limit access to your personal data to those employees,
agents, contractors and other third parties who have a business need to know. They
will only process your personal data on our instructions, and they are subject to a duty
We have put in place procedures to deal with any suspected personal data breach and
will notify you and any applicable regulator of a breach where we are legally required
to do so.
3.7Cross Border Transfer of Personal Data
Sometimes we may process your personal information in other countries, either to
carry out your instructions or for ordinary business purposes.
Where we will make a transfer of your personal data outside Kenya, we will ensure that
adequate steps are taken to protect your privacy rights and your personal data.
3.8Your Rights as a Data Subject
You have the right to:
∙Request access to your personal data that we hold about you;
∙Object to the processing of all or part of your personal data;
∙Request correction of inaccurate, false or misleading data that we hold about you;
∙Request deletion of false or misleading data that we hold about you.
∙Lodge a complaint regarding the processing of your personal information.
4. OUR USE OF TECHNOLOGY TO FOLLOW YOUR USE OF OUR WEBSITE
We collect and examine information about visits to this website. We use this
information to find out which areas of the website people visit most. This helps us to
add more value to our services. This information is gathered in such a way that we do
not get personal information about any individual or their online behaviour on other
websites. We may use any of the cookie types shown below.
We use cookie technology on some parts of our website. Cookies are small pieces of
text that are saved on your Internet browser when you use our website. The cookie is
sent back to our computer each time you visit our website. Cookies make it easier for
us to give you a better experience online. You can stop your browser from accepting
cookies, but if you do, some parts of our website or online services may not work. We
recommend that you allow cookies.
Types of cookies
Session cookies, also known as ‘temporary cookies’, help websites recognize users and
the information provided when they navigate through a website. Session cookies only
retain information about a user’s activities for as long as they are on the website. Once
the web browser is closed, the cookies are deleted. These are commonly used on
shopping websites or e-commerce websites.
Permanent cookies, also known as ‘persistent cookies’, remain in operation even after
the web browser has closed. For example, they can remember login details and
passwords, so web users don’t need to re-enter them every time they use a site.
First-party cookies are installed directly by the website (ie domain) the user is visiting
(ie the URL shown in the browser’s address bar). These cookies enable website owners
to collect analytics data, remember language settings, and perform other useful
functions that provide a good user experience.
Third-party cookies are installed by third parties with the aim of collecting certain
information from web users to carry out research into, for example, behaviour,
demographics or spending habits. They are commonly used by advertisers who want
to ensure that products and services are marketed towards the right target audience.
Flash cookies, also known as ‘super cookies’, are independent of the web browser.
They are designed to be permanently stored on a user’s computer. These types of
cookies remain on a user’s device even after all cookies have been deleted from their
5.MARKETING BY POST, EMAIL OR TEXT MESSAGES
If you give us permission, we may use your personal or other information to tell you
about products, services and special offers from us or other companies that may
interest you. We will do this by post, email or text message (SMS). If you later decide
that you do not want us to do this, please contact us and we will stop doing so. This
may be done by any of the following as applicable;
4.1. Phoning us through +254 703 440440; or +254 020 4400019
4.2. Via email on firstname.lastname@example.org.; or
4.3. SMS – by opt out message
5. Our website may contain links to or from other websites. We try to link only to
websites that also have high standards and respect for privacy, but we are not
responsible for their security and privacy practices or their content. We recommend
that you always read the privacy and security notices on these websites.
6. When will we use customers personal information to make automated decisions
Where the law allows, Automated decisions make use of your personal information to
reach a decision without humans involved. This decision may influence you and you
have the right to query such decision and KMAL is obliged to provide the reason(s) for
the decisions as far as reasonably possible.
7. OUR SECURITY PRACTICES
7.1. We are committed and obliged to implement all reasonable controls to safeguard
access to your personal information.
7.2. Where third parties are required to process your personal information in relation
to the purposes set out in this notice and for other legal requirements, we ensure
that they are contractually bound to apply the appropriate security practices.
7.3. All use of our website and transactions processed through it are protected
through secure encryption in line with best practice international standards.
7.4. We may share with, or receive, personal information from parties as set out
above, where these parties reside outside of the Republic of Kenya.
8. PRIVACY AND SECURITY STATEMENTS THAT APPLY TO SPECIFIC ONLINE
Different online services or businesses of KMAL may have their own privacy and
security policies because the service or product they offer may need different or extra
policies. These specific policies will apply to your use of the service where they are
different from our general policies.
9. PERSONAL USE OF EMAILS AND NOTICE ABOUT CHECKING ON EMAILS
Our communication and information systems are for business use. However, we
realise that our employees occasionally use our systems for personal use. Personal use
includes sending or receiving personal emails within or outside KMAL. Whilst our
employees are bound by strict usage policies and security safeguards, we do not
accept responsibility for the contents of personal emails sent by our employees using
our systems. Please note that we may intercept, check on and delete any
communications created, stored, sent, or received using our systems, according to any
law that applies.
10. RIGHT TO CHANGE THIS PRIVACY AND SECURITY NOTICE
We may, from time to time, amend this privacy and security notice in keeping with
amended legislation or business practices. We will effect all changes on our website.
The latest published version of our privacy and security notice will replace all earlier
versions of it, unless otherwise stated.
11. HOW TO REACH US
We have appointed a data protection officer who is responsible for overseeing
questions in relation to this Privacy Statement. If you have any concerns about the use
of your personal data, questions about this Privacy Statement including any requests
to exercise your legal rights under the law, please contact us using the
details set out below:
Email address: email@example.com
Postal address: P.O. Box 28403 – 00200, Nairobi
Physical address: KUSCCO Centre Upper Hill
Telephone number: +254 703 440 440 or +254 020 4400019
We will respond to your questions or concerns as soon as reasonably possible.