PRIVACY POLICY – THE JW SEAGON GROUP

Reputable and trusted

The JW Seagon Group is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us through any of our contact points with a view of requesting an insurance quote or ultimately purchasing an insurance policy with us. The interaction points you may have with us could be over the phone, in person, over email or indeed via our enquiry forms on our website or social media platforms.

It also explains how we’ll store and handle that data, keep it safe and tell you about your privacy rights and how the law protects you. We know that there’s a lot of information but we want you to be fully informed about your rights, and how the JW Seagon Group uses your data, so it is important that you read this privacy policy.

We hope the following sections will answer any questions you have but if not, please do get in touch with us. It is likely that we will need to update this Privacy Policy from time to time. We will notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

The JW Seagon Group is an an independent international insurance broker offering expert, impartial advice on a wide range of Private Medical Insurance, General Insurance, Travel Insurance, Life Insurance and Savings & Investments Plans.

The JW Seagon Group – which we’ll refer to as ‘the Group’ in this document – is made up of a number of related businesses:

  • JW Seagon & Company Limited
  • JW Seagon & Co. Insurance Brokers (Kenya) Limited
  • Tan Management Insurance Brokers Limited (Representatives of the Group in the United Republic of Tanzania).
  • JW Seagon & Co. Insurance Brokers (Mauritius) Limited
  • JW Seagon & Co. Insurance Brokers (UK) Limited
  •  JWS Africa Healthcare Services Limited

Full contact details for our businesses can be found in our Terms and Conditions.

The Group is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy policy).

We have appointed a data privacy officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights (as detailed below), please contact the data privacy manager using the following details.

Contact details

Our full details are:

Full name of legal entity: JWS Africa Healthcare Services Limited
Email address: [email protected]
Postal address: 1st Floor, Bld. B, Nautica Commercial Centre, Royal Road Black River, Republic of Mauritius.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 30th of June 2018.
We will seek to keep your data and information accurate and up-to-date but can only do so effectively if you provide us with the information that is needed. If there are any changes to your data, please notify us so we can update our records.

The law on data protection of most jurisdictions sets out a number of different criteria based on which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent. We will ensure that consent is requested from you in an explicit manner.

For example, when you tick a box to receive email newsletters when you make an online enquiry.

When collecting your personal data, we will always make clear to you, which data is necessary in connection with a particular service. All data provided by you will be used for legitimate purposes only and the company undertakes to use such information only in connection with services you will normally expect from us.

Consent for minors

Children are deemed to have the same rights as adults over their personal data. For children under 16, we will ask for the consent of the person holding parental responsibility for them and we will most probably process their data in different manner from that of adults.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, if you request a quote for an insurance policy, we would require you to furnish us with your medical history or say value of your assets you want insured in order for us generate you a quote.

Legal compliance

If the law requires us to, we may need to collect and process your data.

For example, we can pass on details of people involved in fraud or other criminal activity affecting the Group to relevant law enforcement.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably and legally be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, we will use your purchase history and your address details to send you direct marketing information by post or via email telling you about products and services that we think might interest you.

Vital Interest

In specific situations, we may be required to process your data to protect or save your life.

For example, in the unfortunate scenario where by you need urgent hospital treatment due to a medical emergency and we need to be able to generate a guarantee of payment from your insurer or get extensions of stay in order for you to receive the treatment you need.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e. anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First Name, Maiden Name, Last Name, System Generated Unique User ID’s or Contact Reference Numbers, Marital Status, Title, Salutation, Date of Birth, Gender, Nationality, Passport Number, ID number, Biometric Data, Driver’s License, Country of Residence, Marriage Certificates, Death Certificates, Certificate of Incorporation, KRA Pin, Certificate of Registration, Employment Contracts, Memorandum & Articles of Association, C12 forms.
  • Contact Data: Residential Address, Correspondence Address, Office Address, Billing Address, Email Address, Telephone Numbers, Social Media Contact Details.
  • Medical Data: Health Profiles, Medical History, Medical Reports, Ongoing Treatment.
  • Financial Data: Utility Bills, Bank Statements, Credit Card Details, Payslips, Audited Company Financials, Physical Assets
  • Transaction Data: Includes details about payments to and from you, and other details of products and services you have purchased from us.
  • Technical Data: includes Internet Protocol (IP) address, Your Login Data, Browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data: Includes your username and password, policies bought by you, preferences, feedback and survey responses.
  • Usage Data: Includes information about how you use our website
  • Marketing & Communications Data: includes your preferences in receiving marketing from us and our third-parties.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

The Medical data we collect falls under the Special Categories of Personal Data about you under GDPR Regulations as this is sensitive information that requires more protection. Under the lawful basis of contractual obligations as described above, we share this information only with your explicit consent to insurers to complete the transaction of purchasing an insurance policy under the conditions set in Article 9(2) A and D.

We do not collect any information about criminal convictions and offences.

We use different methods to collect data from and about you, including through:

Direct Interactions.

You may give us your Identity, Contact, Financial Data, Medical Data, Transactional Data and Marketing & Communications data by filling in forms or by corresponding with us via our website, post, phone, email or otherwise. This includes personal data you provide when you:

  • When you apply for a quote or purchase an insurance product;
  • When we receive claim information directly from you to pass on to the insurers on your behalf;
  • When we need to engage the insurers on generating guarantees of payment for upcoming medical treatment or emergencies;
  • When you provide proof of payment of your premiums;
  • When you subscribe to our newsletters and product updates;
  • When you request marketing information or product literature to be sent to you;
  • When you engage with us on social media
  • When you contact us by any means with queries, complaints etc
  • When you enter prize draws or competitions.
  • When you book any kind of appointment with us or book to attend an event or when you visit our stand at an industry event.
  • When you attend our webinars.
  • When you choose to complete any survey we send you.
  • When you create an account on our website.

Automated Technologies or Interactions.

As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy which is available on our site.

Third-parties or Publicly Available Sources.

We may receive personal data about you from various third-parties and public sources as set out below:

  • Technical Data from the following parties:
    analytics providers;
    marketing agencies we work with;
    advertising networks; and
    search information providers.
  • Identity, Contact, Medical or Financial Data from Sub- brokers or Sub -Agents
  • Identity and Contact Data from industry association listings;
  • Identity and Contact Data from publicly available sources.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from un-authorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We sometimes share your personal data with trusted third parties in order to administer an exceptional brokerage service proposition to all our clients. Beyond what we are contractually obligated to share with the insurance providers, for example, we would share your personal data with third party claims and administration providers, service providers such as hospitals and doctors, delivery couriers and marketing agencies.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them.
  • We work closely with them to ensure that your privacy is respected and protected at all times.
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

  • IT companies who support our business systems.
  • Operational companies such as delivery couriers.
  • Marketing agencies who help us manage our electronic communications with you.
  • Third Party Administrators (TPA’s) who support pre authorisations and claims administration on Medical Insurance claims.
  • Loss Adjusters who support on General Insurance claims;
  • Vehicle Valuers for motor vehicle cover and claims;
  • Consulates for to support client visa applications;
  • Service providers such as AMREF, doctors and hospitals for evacuation and medical treatment;
  • Auditors whom we would share transactional data for completion of audited accounts;
  • Regulatory authorities as such as Tanzanian Insurance Regulatory Authority (TIRA) where we are legally obliged to share Identity, Contact and Transactional Data;
  • Road Rescue Services such as The AA for motor vehicle insurance value add services;
  • Financial institutions such as banks when premium financing is involved.
  • Google and Social Media platforms to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.

Sharing your data with third parties for their own purposes:

We will only do this in very specific circumstances, for example:

  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
  • We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
  • We may, from time to time, expand, reduce or sell the Group and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Policy.
  • For further information, please contact our Data Protection Officer.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an un-authorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

You have the right to:

  • Request access
    to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction.
  • Request erasure.
  • Object to processing.
  • Request restriction of processing.
  • Request a transfer.
  • Withdraw consent at any time
    where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee will usually be required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Checking your identity

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.

We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Newsletters, Product Information and Blogs from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think may be of interest to you.
You will receive marketing communications from us if you have requested information from us or purchased an insurance product or service from us and, in each case, you have not opted-out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside our group of companies for marketing purposes.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Opting-out

You can ask us or third-parties to stop sending you marketing messages at any time by contacting us.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a policy/service purchase or policy/service experience or other transactions.

Cookies

We use cookies on our site to improve the usability of our site. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

There are a few ways you can stop direct marketing communications from us:

  • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
  • Call us and tell us directly on +254 709 455 000
  • Email [email protected] or [email protected]
  • Or simply drop in to any of our offices and let us know.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you using the details provided above.

It is likely that we will need to update this Privacy Policy from time to time. We will notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.