Mama Bima Kenya Insurance Agency Limited Definitive Privacy Policy

Article 1: Preamble and Our Commitment.

This Privacy Policy constitutes a formal and unequivocal declaration of the commitment of MAMA BIMA INSURANCE AGENCY LIMITED (“the Company”, “we”, “us”, or “our”) to the highest standards of data protection and privacy. It establishes a comprehensive and legally compliant framework governing the lawful collection, processing, storage, and safeguarding of your Personal Data in the context of your engagement with us, whether through the provision of our insurance intermediary services or via your interaction with our official digital platform accessible at https://mamabima.com/ (“the Website”).

This Privacy Policy is promulgated in strict adherence to, and in full conformity with, the provisions of the Data Protection Act, No. 24 of 2019 of the Laws of Kenya (“the Act” or “DPA”), together with all applicable subsidiary legislation and relevant regulatory guidelines. Our data processing activities are underpinned by the core principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability as prescribed by the DPA.

Through this Policy, we reaffirm our unwavering commitment to safeguarding your privacy and ensuring that your Personal Data is processed in a lawful, secure, and responsible manner at all times.

Article 2: Definitions.

1. 
   "Data Controller": The entity determining the purposes and means of processing Personal Data.

2. "Personal Data": Any information relating to an identified or identifiable natural person.

3. "Sensitive Personal Data": Data revealing race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, marital status, family details, sex, or sexual orientation.

4. "Processing": Any operation performed on Personal Data.

5. "Underwriting Partner": Premier insurance underwriters, such as CIC Insurance Group and Prudential Assurance Kenya.

Article 3: Eligibility.

Our services are intended exclusively for use by individuals who have attained the age of eighteen (18) years or the applicable age of majority in their jurisdiction of residence, whichever is higher. We do not knowingly collect, process, or retain any Personal Data relating to individuals under the age of eighteen (18). In the event that we become aware that Personal Data belonging to an individual under the age of eighteen (18) has been inadvertently collected, we shall take all reasonable and practicable steps to ensure its immediate deletion from our records, in accordance with applicable data protection laws and regulations. If you are a parent or legal guardian and you have reason to believe that your child may have provided Personal Data through our website or services, we urge you to contact us without delay. Upon receipt of such notification, we shall use all reasonable efforts to promptly investigate the matter and remove the relevant Personal Data from our systems.

Article 4: The Personal Data We Process and Lawful Basis.

We process your Personal Data based on specific, lawful grounds. Your provision of Personal Data is a prerequisite for us to provide our intermediary services.

a. To Provide Insurance Quotations & Facilitate Applications: We process your Personal Identification, Contact Details, and Asset Details (e.g., Vehicle Logbook) based on the necessity to perform a contract or to take steps at your request before entering into one.

b. To Arrange Life & Health Insurance Policies: We process Sensitive Personal Data (e.g., Health Status, Medical History) only upon securing your explicit consent.

c. To Manage Our Relationship with You: This includes notifying you about changes to our terms or privacy policy and responding to your queries. This is based on contractual necessity and our legitimate interest in maintaining high service standards.

d. For Marketing and Communications: We will only send you marketing materials with your explicit consent. You may opt-out at any time.

e. For Service Improvement and Analytics: We process aggregated and anonymized data to improve our Website, product offerings, and client experience, based on our legitimate interest.

f. To Comply with Legal & Regulatory Obligations: We process data as required by the Insurance Act, IRA Guidelines, and other statutes, based on compliance with a legal obligation

Article 5: Your Rights as a Data Subject.

As a data subject under the DPA, you have the right to:

a. Access: Request a copy of the Personal Data we hold about you.

b. Rectification: Request correction of any inaccurate or incomplete data.

c. Erasure: Request the deletion of your data where there is no compelling reason for its continued processing.

d. Restrict Processing: Request the suspension of the processing of your data in certain scenarios.

e. Object: Object to processing based on legitimate interests or for direct marketing.

f. Data Portability: Request the transfer of your data to another party in a machine-readable format. To exercise these rights, please submit a formal request to our Data Protection Officer at info@mamabima.co.ke.

Article 6: Data Security and Technology.

We have implemented appropriate and robust technical and organizational measures designed to safeguard your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to, strict access controls, encryption of data during transmission, secure storage protocols, and regular security audits and assessments to ensure the continued integrity and confidentiality of your Personal Data. Notwithstanding the foregoing, you acknowledge and accept that the transmission of data via the internet is inherently subject to certain security risks. While we employ all reasonable efforts and industry-standard practices to protect your Personal Data, we cannot guarantee the absolute security of any data transmitted to or from our website. Accordingly, any such transmission of Personal Data is undertaken at your sole risk.

Article 7: Use of Cookies.

Our Website uses cookies (small text files placed on your device) to enhance functionality and analyze site performance. We use Strictly Necessary, Analytical/Performance, and Functionality cookies. By using our Website, you consent to this use. You can manage or block cookies via your browser settings. For comprehensive information, you may visit https://www.aboutcookies.org.

Article 8: Data Sharing and Third-Party Links.

We shall only disclose or transfer your Personal Data to third parties in strictly limited circumstances. Specifically, such disclosure shall occur solely:

(a) to your designated underwriting partner or insurer for the purpose of facilitating, negotiating, or concluding your insurance policy or related transaction;

(b) to our professional advisors, including but not limited to legal counsel, auditors, and consultants, strictly on a confidential basis and only to the extent necessary for the provision of their professional services; or

(c) to governmental authorities, regulatory bodies, or other competent entities where such disclosure is required or permitted by applicable law, regulation, or legal process.

Please note that our website may, from time to time, contain links or references to external websites operated by third parties. This Privacy Policy applies solely to our website and the services provided by us. We do not control, and shall not be held responsible or liable for, the content, privacy practices, or data protection policies of any third-party websites. We encourage you to review the privacy policies of any such third party sites before providing any Personal Data to them.

Article 9: Data Retention and Policy Amendments.

We shall retain your Personal Data only for as long as is reasonably necessary to achieve the specific and legitimate purposes for which it was originally collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting obligations to which we are subject. Upon the expiration of the applicable retention period, or where the processing of such Personal Data is no longer necessary, we shall securely delete, anonymize, or otherwise dispose of the Personal Data in accordance with our internal data retention protocols and applicable data protection legislation. We expressly reserve the right, in our sole discretion and without prior notice, to modify, revise, or update this Privacy Policy from time to time in order to reflect changes in legal requirements, industry standards, or our business practices. Any such amendments shall be published on our official website and shall become effective immediately upon such publication, unless otherwise stated. Your continued access to or use of our services following the posting of any revised version of this Privacy Policy shall constitute your deemed acceptance of the revised terms.

Article 10: Changes to this Privacy Statement.

We reserve the unilateral right, at our sole and absolute discretion, to amend, revise, or otherwise modify the provisions of this Privacy Statement from time to time, in whole or in part, to reflect changes in legal, regulatory, or operational requirements, or to address evolving business practices. Any such amendments shall be duly published on this website, and the “Last Updated” date at the end of this Privacy Statement shall be correspondingly revised to reflect the effective date of the changes. Except where otherwise required by applicable law, such amendments shall take effect immediately upon publication. Your continued access to or use of this website or our services after the posting of any such modifications shall constitute your full acknowledgment, understanding, and unequivocal acceptance of the amended Privacy Statement. We therefore advise you to review this Privacy Statement periodically to ensure that you remain informed of its current terms and conditions.