Welcome to The Heritage Insurance Company Kenya Limited’s (hereinafter “Heritage”) Privacy Statement. Your right to privacy and security is very important to us. Heritage, (Heritage, we, us, our) treat personal information as private and confidential.
Personal data means any information relating to an identified or identifiable natural person. The personal data that we collect will depend on the context of our relationship with you. We may collect, use, store and transfer different kinds of personal data about you or persons connected to you which we have grouped together as follows:
If we need information about other people connected to you, we may request you to provide the information in relation to those people. If you are providing information about another person, we expect you to ensure that they know you are doing so and are content with their information being provided to us. It might be helpful to show them this Privacy Statement and if they have any concerns, please contact us on the same.
The list below shows you the various ways we may collect your personal information (please note that this list is not exhaustive):
We may collect personal data directly from you
In most instances, we collect personal data directly from you when you fill in forms or communicate with us through our contact details. This includes personal data you provide when you:
We may collect your personal data from a number of third parties or publicly available sources; such as the National Transport and Safety Authority (NTSA) or other government institutions that may hold your personal data.
In some instances, we will receive your personal data from various third parties or publicly available sources including:
2.2. Use of Personal Information
We will only use your personal data within the confines of the law. Most commonly, we will use your personal data in any of the following circumstances:
2.3. Retention and Disposal
We will only retain your personal data for as long as may be reasonably necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting information.
We may retain your personal data for a longer period if the retention is:
It is important that the personal data we hold about you is accurate and the most recent. We encourage you to keep us informed in case of any changes of your personal data during your relationship with us.
2.5. Third Party Disclosure
Subject to your rights and the applicable laws, we may share your personal data with the third parties set out below:
2.6 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify
you and any applicable regulator of a breach where we are legally required to do so.
2.7. Cross Border Transfer of Personal Data
Sometimes we will process your personal information in other countries, either to carry out your instructions or for ordinary business purposes.
Where we will make a transfer of your personal data outside Kenya, we will ensure that adequate steps are taken to protect your privacy rights and your personal data.
2.8. Your Rights as a Data Subject
You have the right to:
We collect and examine information about visits to this website. We use this information to find out which areas of the website people visit most. This helps us to add more value to our services. This information is gathered in such a way that we do not get personal information about any individual or their online behaviour on other websites. We may use any of the cookie types shown below.
We use cookie technology on some parts of our website. Cookies are small pieces of text that are saved on your Internet browser when you use our website. The cookie is sent back to our computer each time you visit our website. Cookies make it easier for us to give you a better experience online. You can stop your browser from accepting cookies, but if you do, some parts of our website or online services may not work. We recommend that you allow cookies.
Types of cookies
Session cookies, also known as 'temporary cookies', help websites recognise users and the information provided when they navigate through a website. Session cookies only retain information about a user's activities for as long as they are on the website. Once the web browser is closed, the cookies are deleted. These are commonly used on shopping websites or e-commerce websites.
Permanent cookies, also known as 'persistent cookies', remain in operation even after the web browser has closed. For example, they can remember login details and passwords, so web users don't need to re-enter them every time they use a site.
First-party cookies are installed directly by the website (ie domain) the user is visiting (ie the URL shown in the browser's address bar). These cookies enable website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience.
Third-party cookies are installed by third parties with the aim of collecting certain information from web users to carry out research into, for example, behaviour, demographics or spending habits. They are commonly used by advertisers who want to ensure that products and services are marketed towards the right target audience.
Flash cookies, also known as 'super cookies', are independent of the web browser. They are designed to be permanently stored on a user's computer. These types of cookies remain on a user's device even after all cookies have been deleted from their web browser.
If you give us permission, we may use your personal or other information to tell you about products, services and special offers from us or other companies that may interest you. We will do this by post, email or text message (SMS). If you later decide that you do not want us to do this, please contact us and we will stop doing so. This may be done by any of the following as applicable;
4.1. Phoning us through +254 0711 039 000; or
4.2. via email on email@example.com.; or
4.3. SMS – by opt out message
5. Our website may contain links to or from other websites. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. We recommend that you always read the privacy and security notices on these websites.
6. When will we use customers personal information to make automated decisions about them?
Where the law allows, Automated decisions make use of your personal information to reach a decision without humans involved. This decision may influence you and you have the right to query such decision and Heritage is obliged to provide the reason(s) for the decisions as far as reasonably possible.
7.1. We are committed and obliged to implement all reasonable controls to safeguard access to your personal information.
7.2. Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other legal requirements, we ensure that they are contractually bound to apply the appropriate security practices.
7.3. All use of our website and transactions processed through it are protected through secure encryption in line with best practice international standards.
7.4. We may share with, or receive, personal information from parties as set out above, where these parties reside outside of the Republic of Kenya.
Different online services or businesses of Heritage may have their own privacy and security policies because the service or product they offer may need different or extra policies. These specific policies will apply to your use of the service where they are different from our general policies.
Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Heritage. Whilst our employees are bound by strict usage policies and security safeguards, we do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that applies.
We may, from time to time, amend this privacy and security notice in keeping with amended legislation or business practices. We will effect all changes on our website. The latest published version of our privacy and security notice will replace all earlier versions of it, unless otherwise stated.
Where the law allows, Automated decisions make use of your personal information to reach a decision without humans involved. This decision may influence you and you have the right to query such decision and Liberty is obliged to provide the reason(s) for the decisions as far as reasonably possible.
We have appointed a data protection officer who is responsible for overseeing questions in relation to this Privacy Statement. If you have any concerns about the use of your personal data, questions about this Privacy Statement including any requests to exercise your legal rights under the law, please contact us using the
details set out below:
Email address: firstname.lastname@example.org
Postal address: P.O. Box 30390 – 00100, Nairobi
Physical address: Liberty House, Mamlaka Rd, Nairobi
Telephone number: +254 0711 039 000
We will respond to your questions or concerns as soon as reasonably possible.