Privacy policy

Nassure Microinsurance Nigeria Limited (hereafter referred to as “the company”) takes its customers’ privacy very seriously. This Data Privacy Policy states the grounds for the collection, use and disclosure of personal data by the company and in accordance with applicable data protection laws. Personal Data comprises all the details we hold or collect on our employees, customers, stakeholders vendors and other interested parties, directly or indirectly and includes any offline or online data that makes a person identifiable such as names, addresses, phone number, passport ID, usernames, passwords, digital footprints and photographs (hereinafter collectively referred to as “Personal Data”). These data may be received from third parties or collected using our website(s), mobile app, USSD code and other digital channels.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. For the purposes of this Privacy Policy, references to “we” or “us” shall refer to the company and its entities/subsidiaries. From time to time we may need to make changes to this privacy policy, for example, as a result of government regulations, new technologies, or other developments in data protection laws or privacy generally. You should check the company’s website periodically to view the most up to date privacy policy

• Personal Data you provide is processed fairly, lawfully and in a transparent manner;
• Personal Data you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose which the company collected it;
• Your Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
• Your Personal Data is kept accurate and, where necessary kept up to date;
• Your Personal Data is kept no longer than is necessary for the purposes for which the Personal Data is processed;
• We will take appropriate steps to keep your Personal Data secure;
• Your Personal Data is processed in accordance with your rights;
• We will only transfer your Personal Data to another country or an international organisation outside of Nigeria where we have taken the required steps to ensure that your Personal Data is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards;
• The company will not sell your Personal Data and we also will not permit the selling of customer data by any companies who provide a service to us.

We collect Personal Data directly from you:

• via enquiry, registration, claim forms, feedback forms and forums
• when you purchase any of our products or services;
• when you fill out a survey, or vote in a poll on our website;
• through quotes and application forms;
• via cookies. You can find out more about this in our cookies policy elsewhere on our website;
• via our telephone calls with you, which may be recorded;
• when you provide your details to us either online or offline;
• via live chat, chatbot and profilers;
• through web analytics tags.

We also collect your Personal Data from several different sources including:

• directly from an individual who has a policy with us under which you are insured;
• from social media, when fraud is suspected; and Other third parties including
• your family members where you may be incapacitated or unable to provide information relevant to your policy;
• contractors, consultants, business partners who sell our products and services via their platforms and channels;
• third parties such as companies who provide consumer classification for marketing purposes e.g. market segmentation data; and
• third parties who provide information which may be used by the company to inform its risk selection, pricing and underwriting decisions.

The information that we collect will depend on our relationship with you. Where other people are named on your policy, we may ask you to provide the information below in relation to those people too, if this is relevant to your insurance.
Where the company is the data controller of your Personal Data, we may collect the following about you:

• Personal Data contact details such as name, email address, home/office address and telephone number;
• details of any other persons included on the policy where they are named on your policy and the relationship to you as policyholder;
• identification information such as your date of birth, national identity number, Bank verification number including other identification number from your passport, driving license and other valid means of identification;
• financial information such as bank details;
• information relevant to your insurance policy;
• information relevant to your claim or your involvement in the matter giving rise to a claim;
• information obtained through our use of cookies. You can find out more about this in our cookies policy elsewhere on our website;
• your marketing preferences.

We respect the privacy of children. We do not knowingly collect names, email addresses or any other Personal Data from children except where this is required to register them as beneficiaries in relation to a policy or other products. We do not knowingly market to children nor do we allow children under 18 to purchase any of our products or services.

How do we use your Personal Data?

Under applicable data protection laws we need a reason to use and process your Personal Data and this is called a legal ground. We have set out below the main reasons why we process your Personal Data and the applicable circumstances when we will do so:

• Processing is necessary in order for us to provide your insurance policy and services, such as assessing your application and setting you up as a policyholder , beneficiary, administering and managing your insurance policy or benefits, providing all related services, providing a quote, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we will be unable to offer you a policy or process your claim;
• We may use Cloud storage solutions within or outside Nigeria which are chosen to ensure efficiency and improved performance through up to date technology;
• Where we have a legal or regulatory obligation to use such Personal Data , for example, when our regulator such as the National Insurance Commission (NAICOM) and our data protection regulator, the National Information Technology Development Agency (NITDA) wish us to maintain certain records of any dealings with you;
• To comply with local or foreign laws, regulations, voluntary codes, directives, judgments or court orders, agreements between the company and any authority, regulator, or enforcement agency; policies (including the company’s policies), good practice, government sanctions or embargoes, reporting requirements under financial transactions legislation and demands or requests of any authority, regulator, tribunal, enforcement agencies including but not limited to the Nigerian Financial Intelligence Unit (“NFIU”) and the Economic and Financial Crimes Commission (“EFCC”);
• Where we need to use your Personal Data to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves;
• Where we need to use your Personal Data for reasons of substantial public interest, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks, identification checks;
• Where we need to communicate with you to resolve complaints or other issues;
• Where we have a specific legal exemption to process sensitive Personal Data for insurance purposes. This exemption applies where we need to process your Personal Data as an essential part of the insurance cover;
• Where you have provided your consent to our use of your Personal Data. This will be made clear when you provide your Personal Data. If we ask for your consent, we will explain why it is necessary. Without your consent in some circumstances, we may not be able to provide you with cover under the policy or handle claims or you may not be able to benefit from some of our services. Where you provide sensitive Personal Data about a third party, we may ask you to confirm and provide proof that the third party has provided his or her consent for you to act on their behalf.

Who do we share your Personal Data with?

Disclosures to third parties
We may disclose your Personal Data to the third parties listed below for the purposes described in this Privacy Policy. This might include:

• Your relatives or, guardians (on your behalf where you are incapacitated or unable) or other people or organisations associated with you such as your insurance broker or your lawyer;
• Where you have named an alternative contact (such as a relative) to speak with us on your behalf. Once you have told us your alternative contact, this person will be able to discuss all aspects of your policy (including claims and cancellation) with us and make changes on your behalf;
• Our insurance partners such as brokers, other insurers, reinsurers or other companies who act as insurance distributors;
• Other third parties who assist in the administration of insurance policies;
• We may share the Personal Data of any persons named on the policy with third parties to obtain information which may be used by the company to inform its risk selection, pricing and underwriting decisions;
• Fraud detection agencies and other third parties who operate and maintain fraud detection registers;
• The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
• Nigerian Insurance Industry Database;
• Our third-party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, research specialists, document management providers and tax advisers;
• Other suppliers, providers of goods and services associated with this insurance and/or to enable us to deal with any claims you make;
• Customer satisfaction survey providers;
• Financial organisations and advisers;
• Other insurers for the purpose of obtaining a claim contribution where there is another insurance covering the same loss, damage, expense or liability;
• Selected third parties in connection with the sale, transfer or disposal of our products;
• Disclosure of your Personal Data to a third party outside of the company will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.
• We may also disclose your personal information to other third parties where:
• We are required or permitted to do so by law or by regulatory bodies such as where there is a court order, statutory obligation or Prudential Regulatory Authority / Financial Conduct Authority; or
• We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest; or
• Exemptions under the data protection legislation allow us to do so
• Some of the recipients and technical solutions set out above may be in other countries outside Nigeria. Where we make a transfer of your Personal Data outside of Nigeria, in all cases where Personal Data is transferred to a country which is deemed not to have the same standards of protection for personal data as Nigeria, the company will ensure appropriate safeguards have been implemented to ensure that your Personal Data is protected where standards are not the same or similar to those standards within Nigeria. Such steps may include placing the party we are transferring Personal Data to under contractual obligations to protect it to adequate standards. Occasionally, there may also be some circumstances where we are required to transfer your Personal Data outside of Nigeria and we shall rely on the basis of processing it for being necessary for the performance of your contract.

How long do we keep records for?

We keep your Personal Data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The length of time we retain Personal Data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

• You can ask us to do various things with your Personal Data. For example, at any time you can ask us for a copy of your Personal Data, ask us to correct mistakes, change the way we use your information, or even delete it. We will either do what you have asked or explain why we cannot – usually because of a legal or regulatory issue.
• You have the following rights in relation to our use of your Personal Date.

The right to access your Personal Data:

You are entitled to a copy of the Personal Data we hold about you and certain details of how we use it. Your Personal Data will usually be provided to you in writing, unless otherwise requested. We may charge you a reasonable fee to cover the cost.

The right to rectification:

We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

The right to erasure:

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of  Personal Data we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restriction of processing:

In certain circumstances, you are entitled to ask us to stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to process your Personal Data.

Right to data portability:

In certain circumstances, you have the right to ask that we transfer any Personal Data that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your Personal Data.

The right to withdraw consent:

For certain uses of your Personal Data , we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your Personal Data. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

Changing and accessing your Personal Data:

To the extent required by applicable law, you may be able to request that we inform you about the Personal Data we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your Personal Data. We will respond to your access requests within the period specified by relevant legislation and make all required updates and changes within the time specified by applicable law and as required by law.

When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Where the timeline specified in an applicable law cannot be met, we will communicate same to you and take steps to notify you where we require an extension.

How we protect Personal Data:

• We take reasonable measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction to ensure that Personal Data is accurate and up-to-date as appropriate because We have put in place strict measures and technologies to prevent fraud and intrusion.
• Our employees are trained in data protection and security to respect and preserve confidentiality, integrity and availability of information held by us.

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information, the company shall within 72 (seventy two) hours of having knowledge of such breach report the details of the breach to NITDA. Furthermore, the company shall within 7 (seven) days of having knowledge of the occurrence of such breach take steps to inform the Data Subject of the breach incident, the risk to the rights and freedoms of the Data Subject resulting from such breach and any course of action to remedy said breach.

We may share information with other the company’s marketers in order to inform you of other products and services that may be of interest to you or members of your family, but we will only do this where you have provided your consent. You can always change your mind by contacting us using the details shown in your documentation and telling us you no longer wish to be contacted.

If you wish to unsubscribe from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise you can always contact us using the details set out in your documentation to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

We would like to keep you informed, from time to time about relevant products and services. We may do this by mail, email, telephone or other electronic methods such as text message. In order to help us get to know you and identify what products and services may interest you we obtain information about you from other sources inside and outside the company for example, companies who provide consumer classification and market segmentation data for marketing purposes.

From time to time, we may run specific marketing campaigns through social media and digital advertising that you may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings.

If you do not want to receive such promotional materials from us, you can opt out at any time by sending an email to info@nassuremicroinsurance.com. Please note that we may retain any data provided to us on our websites for a limited period, even if you do not complete your quote. The information may be used to enquire as to why you did not complete your quote or for us to better understand your needs. Alternatively, it is retained for your convenience should you come back and complete the quote at a later date

If you would like any more information about the way we use your information, or if you wish to exercise the rights listed above, please contact us using the details below:

The Data Compliance Officer Nassure Microinsurance Nigeria Limited.

Customer Care Hotline: General Enquiries: Email: customersupport@nassuremicroinsurance.com

You have a right to complain to the Information Regulator if you think that your information has been misused. The contact details are:

National Information Technology Development Agency 

Tel: +234929220263, +2348168401851, +2347052420189

Email: info@nitda.gov.ng

Website: nitda.gov.ng