data-privacy

Data Protection & Privacy Policy

Introduction

THE MONARCH INSURANCE COMPANY LIMITED is committed to protecting the
privacy and security of our customers’ personal data. This Data Protection Policy outlines how
we collect, store, use, and protect personal data during the process of selling and advertising
our insurance packages. In accordance with the Data Protection Act, 2019 (Kenya), the
Insurance Act (Cap 487), and other relevant Kenyan legislation, we ensure that all personal
data is processed in compliance with the applicable laws and regulations.

Scope

This policy applies to all personal data collected, processed, and stored by the Monarch
Insurance Company in the course of using for advertising and selling insurance products. It
covers all employees, contractors, and third-party vendors who have access to customer data
through our communication channels.

1. Data Collection

We collect personal data only as necessary for the purposes of advertising and selling insurance
products. The types of personal data we may collect include:
Contact Information: Full names, Identification card or passport details, phone
number, email address, physical address, place of residence, citizenship taxpayer
identification number etc
Demographic Information: sex, age, date of birth, place of birth, marital status.
 Insurance Needs: Information about the type of insurance products the customer is
interested in.
Transactional Data: including but not limited to bank details, and/or Information
about previous purchases or communications with our company, if applicable.

Cookies and Usage Data
Information stored on your Device, including contact lists, call logs, SMS logs,
contact lists from other social media accounts, photos, videos or other digital content
(need basis as technology evolves and the company adopts more artificial intelligence
and Machine learning).
Usage Data include information such as the type of mobile device you use, your mobile
device unique ID, the IP address of your mobile device, your mobile operating system,
the type of mobile Internet browser you use, unique device identifiers and other
diagnostic data.
 Location Data – we may use and store information about your location if you give us
permission to do so (“Location Data”). We use this data to provide features of our
Service, to improve and customize our Service.
You can enable or disable location services when you use our Service at any time by
way of your device settings.
We may use your Personal Data to contact you with newsletters, marketing or promotional
materials and other information that may be of interest to you. We will never contact people in
your contact list without your consent. You may opt out of receiving any, or all, of these
communications from us by following the unsubscribe link.
We will collect personal data only with the customer’s explicit consent or where such collection
is necessary for the performance of a contract or compliance with legal obligations (as per the
Data Protection Act, 2019).

2. Purpose of Data Collection
We collect personal data for the following purposes:
Advertising Insurance Packages: To send targeted marketing and promotional
messages about our insurance products and services including but not limited to special
offers and general information about other goods, services and events which we offer
that are similar to those that you have already purchased or enquired about unless you
have opted not to receive such information.
Sales: To facilitate communication regarding the sale of insurance policies, including
quotes, policy information, and terms and conditions.
Customer Support: To address queries and provide customer service related to our
products and services including the provision of notices regarding your account and/or
subscription, including expiration and renewal notices, email-instructions as well as
notifying you about changes to our services;
Analysis: To monitor the usage of our service, and gather analysis or valuable
information so that we can improve our Service;
Compliance: To meet regulatory obligations under applicable law, including record-
keeping and verification of identity for anti-money laundering (AML), Know Your
Customer (KYC) purposes, the detection, prevention and addressing of technical and
data-privacy issues; and the enabling of the carrying out of our obligations and enforce
our rights arising from any contracts entered into between you and us, including for
billing and collection;

3. Consent
Before collecting any personal data, we will obtain explicit consent from the individual. By
engaging with us via our channels, customers acknowledge and consent to the collection, use,
and processing of their personal data in accordance with this policy.
Opt-In for Marketing Communications: If customers agree to receive marketing
messages, they can opt-in by replying to our communication channels or explicitly
providing consent in writing.
Opt-Out: Customers can opt-out of receiving further marketing communications at any
time by disabling or opting out of any correspondence from us.

4. Data Storage and Security
We are committed to securing the personal data we collect. All personal data provided via our
channels will be stored securely in accordance with industry’s best practices and data protection
regulations.
 Data Retention: Personal data will be retained for as long as is necessary for the purposes
set out in this Privacy Policy. We will retain and use your Personal Data to the extent
necessary to comply with our legal obligations (for example, if we are required to retain
your data to comply with applicable laws), resolve disputes, and enforce our legal
agreements and policies. As required by the Insurance Act (Cap 487) and the Anti-Money
Laundering Act, certain records may need to be retained for a period of up to five (5) years.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally
retained for a shorter period, except when this data is used to strengthen the security or to
improve the functionality of our Service, or we are legally obligated to retain this data for
longer time periods.
 Encryption and Secure Storage: All personal data shared via collaboration channels will
be encrypted during transmission and stored securely in accordance with the Data
Protection Act and industry standards to prevent unauthorized access.
Access Control: Only authorized employees and third-party service providers with a
legitimate need to access customer data will be granted access. We will maintain strict
internal controls to ensure compliance with data protection laws.
 Transfer of Data: Your information, including Personal Data, may be transferred to – and
maintained on – computers located outside of your state, province, country or other
governmental jurisdiction where the data protection laws may differ from those of your
jurisdiction.
If you are located outside the United States and choose to provide information to us, please
note that we transfer the data, including Personal Data, to the United States and process it
there. Your consent to this Privacy Policy followed by your submission of such
information represents your agreement to that transfer.
Monarch Insurance Company Limited, will take all the steps reasonably necessary to ensure
that your data is treated securely and in accordance with this Privacy Policy and no transfer
of your Personal Data will take place to an organization or a country unless there are
adequate controls in place including the security of your data and other personal
information.
Disclosure of Data: We may disclose personal information that we collect, or you provide:
a) Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if
required to do so by law or in response to valid requests by public authorities.
b) Business Transaction.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, your
Personal Data may be transferred.
c) Other cases.
We may disclose your information also: to our subsidiaries and affiliates; to
contractors, service providers, and other third parties we use to support our business;
to fulfil the purpose for which you provide it; for the purpose of including your
company’s logo on our website; for any other purpose disclosed by us when you
provide the information; with your consent in any other cases; if we believe disclosure
is necessary or appropriate to protect the rights, property, or safety of the Company,
our customers, or others. Any third-party providers are required to comply with data
protection regulations and are bound by contracts to ensure data security.
We do not sell or share personal data with unauthorized third parties for
marketing purposes.
Analytics: We may use third-party Service Providers to monitor and analyse the use
of our Service.
5. Data Subject Right
Customers have the following rights with respect to their personal data:
 Right to Access: Customers may request a copy of the personal data we hold about
them.
Right to Rectification: Customers can request correction of any inaccuracies in their
personal data.
Right to Erasure: Customers can request the deletion of their personal data when it is
no longer necessary for the purposes for which it was collected.
 Right to Restrict Processing: Customers can request that we limit the use of their
personal data under certain circumstances.
 Right to Data Portability: Customers may request their data in a structured, commonly
used format for transfer to another service provider.
 Right to Object: Customers can object to the processing of their data for direct
marketing purposes.
To exercise any of these rights, customers can contact us at info@monarchinsurance.co.ke
6. Data Protection Impact Assessments
We will conduct regular Data Protection Impact Assessments (DPIAs) to assess the risks
associated with the processing of personal data for marketing and sales. These assessments will
help ensure that we are complying with applicable data protection laws and identifying ways
to mitigate any potential risks.
7. Data Breach Notification
In the event of a data breach, The Monarch Insurance Company Limited, will follow its internal
data breach response protocol. We will notify the relevant authorities within 72 hours of
becoming aware of the breach, as required under the Data Protection Act, and will inform
affected individuals if their data is at risk.
8. Training and Awareness
All employees involved in the handling of personal data will undergo regular data protection
and privacy training to ensure they understand their responsibilities under this policy and
applicable data protection laws.
9. Insurance Legislation Compliance
In addition to adhering to data protection laws, we also comply with the Insurance Act, Cap
487 (Kenya), which regulates the conduct of insurance business in Kenya. This includes:
Anti-Money Laundering (AML) and Know Your Customer (KYC): We will collect and verify
personal data as part of our KYC process to comply with AML requirements, ensuring that all
customers are properly identified before any insurance policies are issued.
Record-Keeping: We will maintain necessary records related to insurance policies, including
the personal details of policyholders, as required by the Insurance Act.
10. Policy Updates
This Data Protection Policy will be reviewed and updated as necessary to comply with changes
in data protection laws and/or our business practices. Any changes to this policy will be
communicated to our customers through appropriate channels.
11. Contact Information
For any questions or concerns about this Data Protection Policy or how we handle personal
data, customers can contact our Data Protection Officer (DPO) at:
 Email: srobia@monarchinsurance.co.ke
 Phone: 0737138760

Conclusion
At Monarch Insurance Company Limited, we are committed to protecting the privacy and
security of your personal data. This policy ensures that we meet the highest standards for data
protection as prescribed under the Data Protection Act, 2019, Insurance Act, and other relevant
Kenyan legislation, while providing the best possible experience when selling and advertising
our insurance products via our channels.