1.1. Welcome to the AAR’s Agents Privacy Policy. We appreciate you taking the time to read all our notices carefully.
1.2. AAR Insurance Limited (“AAR”, “We” “Us” “Our”) is committed to processing your personal information in a lawful, fair and transparent manner and in accordance with data protection laws in Kenya.
1.3. This Privacy Policy outlines how we collect, use, disclose, and protect personal information in connection with our services, including provision of medical and general insurance products and services.
1.4. Please take time to read this Privacy Policy to understand how and why we collect and use your information in connection with our insurance business.
2.1. AAR Insurance Kenya Limited is a leading medical and general insurance company, providing innovative underwriting solutions to individuals, families, and businesses. We offer products ranging from Family Plans, Personal Accident Insurance, School Insurance, Homeowners Insurance, Medical Insurance for SMEs and Corporates, Professional Indemnity, WIBA Cover, Travel Insurance, Marine Insurance and Landlord Insurance.
2.2. Our offices are located at Real Towers, Upperhill, Nairobi, Kenya.
3.1. This Privacy Policy applies to all AAR Insurance Kenya Limited Agents in connection with our insurance business.
4.1. In this Privacy Policy, "personal data" refers to any information relating to an identified or identifiable individual. This includes, but is not limited to, identification details, contact details, commissions, lead management details, performance appraisals, social media profiles, HMIS Code and any other data that can be used to directly or indirectly identify an individual.
4.2. Personal data may also include sensitive information, such as racial or ethnic origin, religious beliefs, health information, family information including children’s information, biometric data, property records, financial information, transaction records, where applicable and subject to applicable laws and regulations.
5.1. We collect Personal Data directly from you as well as from other available sources to the extent permitted by law. We endeavour to only collect Personal Data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed are:
Data Subject |
Type of personal data collected |
Purpose of Collection |
Lawful Basis |
Agents |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6.1. We collect your information directly when you call, message, email or populate your details on the Agents’ platform My Wakalaar.
6.2. We also collect personal data indirectly when you use our website or access My Wakalaar, social medial platforms or when you visit our offices, and your images are captured by CCTV.
7.1. In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fulfil our contractual obligations or provide you requested services or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.
7.2. For example, if you fail to provide us accurate bank account details, we may fail to process your commission statements.
7.3. We encourage you to carefully consider personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if there are any legal or contractual obligations that require the provision of the requested data.
8.1. We may share your personal data within the Company to facilitate our internal operations and provide you with efficient services.
8.2. We may share your personal data with third parties in the following circumstances:
8.3. When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
8.4. We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.
9.1. We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information, including: -
9.2. While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information
9.3. If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by sending us an email on privacy@aar.co.ke
10.1. We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations.
10.2. Once the retention period expires, we securely delete or anonymise your data to ensure it is no longer identifiable or accessible.
10.3. The retention periods for each category of data subjects and their respective personal data may vary based on the specific circumstances and legal requirements.
10.4. Your personal data such as contact details, identification details, contract details, payment details, CCTV records, social media profiles, complaints/requests, and cookies/online identifiers, is generally retained for the duration of the business relationship and for six [6] years thereafter. This allows us to maintain effective communication, fulfil contractual obligations, and comply with legal requirements.
11.1. Under the Data Protection Act, 2019, you have serval rights regarding your personal data.
12.1. If you wish to exercise any of the rights outlined above, please write an email to the Data Protection Officer (DPO) on privacy@aar.co.ke
12.2. We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
12.3. To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner./p>
12.4. While we strive to fulfill all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfill your request.
13.1. As part of our business operations, we may transfer personal data to recipients located in countries outside Kenya.
13.2. We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth by the Data Protection Act, 2019.
13.3. We prioritise the security and protection of your personal data throughout the transfer process. Therefore, we have implemented the following policy regarding international data transfers:
13.4. We are committed to maintaining the privacy and security of your personal data, regardless of its location. If you have any questions or concerns regarding our international data transfer practices, please contact our Data Protection Officer (DPO) at privacy@aar.co.ke We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.
14.1. As a data subject, it is important that you understand and fulfill certain responsibilities to ensure the protection and privacy of your personal data. By providing your personal data to the Company, you agree to adhere to the following responsibilities:
15.1. We may periodically update or revise this Privacy Policy to ensure its alignment with legal requirements and our evolving business practices. We encourage you to review this Policy periodically to stay informed about how we handle your personal data.
15.2. If we make any material changes to this Policy, we will notify you through appropriate means, such as by posting a notice on our website or sending a direct communication. Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.
Awaiting Content
AAR Insurance Company Limited values your loyalty and respects your fundamental right to privacy. As part of our business operations, we collect and use your personal data in various instances including assessing your performance and processing your commissions. Below are some frequently asked questions to help you better understand how we handle your personal data:
We employ a diverse range of technical and organisational measures to safeguard your data. These measures include encryption to secure information during transmission and storage, regular security assessments to identify and address vulnerabilities, strict access controls to ensure data is only accessible to authorised personnel, and secure storage practices.
We obtain your explicit consent before collecting and processing your personal data. Specifically, we seek consent when the data is intended for marketing purposes, entails the transfer of personal data outside Kenya or involves changes in processing purposes. For example, when you register on My Wakalaar, we present clear and concise marketing consent statements that explain why we need your data and how it will be used. You have a right to withdraw your consent. If you wish to withdraw your consent, kindly contact the DPO at privacy@aar.co.ke
We take your data security seriously. Your personal information is protected through encryption and security measures, ensuring that only authorized personnel can access it. For more details on how the types of data we collect about you, please refer to our Privacy Policy.
We do not share your personal data with third parties without your consent, except when required by law or for legitimate business purposes, such as processing claims or payments. Our Privacy Policy provides more details on data sharing.
Yes, your payment information is secured using industry-standard encryption protocols to protect it during transactions. We do not store your full payment card information on our servers.
Your data is retained as long as it is necessary for the purposes for which it was collected and in compliance with legal requirements.
You have several rights concerning your personal data, including the right to access, rectify, and erase your data. You can also restrict or object to the processing of your data and request data portability. These rights are detailed in the Agents’ Privacy Policy, and you can exercise them by contacting our customer service teams or Data Protection Officer at privacy@aar.co.ke
You can opt out of receiving marketing communications from us at any time. We provide an "unsubscribe" link in our emails, and you can also manage your communication preferences in My Wakalaar settings. Each SMS sent contains an embedded opt-out mechanism that allows you to effortlessly discontinue receiving such messages. In addition, you will also have the option to opt-out of any marketing related phone calls.
If you provide us personal data of third parties for example your clients during the recruitment process (for agents on contract basis), it is your responsibility to obtain their prior written consent and refer them to our company’s Corporate Privacy Policy available on our website.
If you suspect a data breach or unauthorized access, please notify us on privacy@aar.co.ke. We will investigate and take appropriate actions to secure your account and data. All notifications must be made within 48 hours of becoming aware of the breach. You are also under obligation to coordinate and cooperate with AAR in the timely investigation and remediation of a suspected or actual data breach.
If you choose to close your account, we will securely delete or anonymize your data in accordance with our Data Retention and Disposal Policy, unless legal obligations require us to retain it.
If you receive any suspicious communication claiming to be from AAR Insurance and requesting your personal information, please do not provide any details. Contact our official customer service number or email to verify the communication's authenticity before taking any action.
If you have any questions or concerns regarding how we process your personal data, including data access requests, complaints, or inquiries about our data protection practices.