2. What Personal Data do we collect?
- Personal Identification Information – When filling out a proposal form, we will request for your full name, date of birth, age, nationality, gender, signature, utility bills, photographs, phone number, home address, and email address.
- Formal Identification Information – These include National Identification Number (NIN), International Passport details, Drivers’ License details, Voter’s card details.
- Online Identifiers – Browser fingerprint, Operating System (OS), browser name and version, and/or personal IP addresses.
- Financial Information – We may process information related to payments that Data Subjects make or receive in the context of an insurance policy or claim. These include information such as Bank Verification Number (BVN) and information obtained from credit reference agencies.
- Contractual Information – We may process details about the policies a data subject holds and with whom the data subject holds them.
- Health Information – We may process medical related issues relevant to a policy the data subject holds or a claim the data subject has made.
- Other Sensitive Personal data – These include health background / information, marital status, criminal history record, biometric details, academic records, gender, etc.
We also collect personal data in the following ways:
- Information from our social media sites: We may collect information through your engagement with us on our social media sites (Facebook, Instagram, LinkedIn, Twitter, Whatsapp) This includes your replies to our posts, your comments, enquiries and support messages. However, we will only ask for information required to help us be of service to you.
- Other information we collect related to your use of our site or services: We may collect additional information from or about you when you contact us with an enquiry, register on the site, request us to provide you with information, request a quote or take advantage of a promotion.
- Third Parties: We may also receive your information from third parties such as financial institutions and service providers.
- Job Application: When you apply for a job with us, we will request Personal Data about your education, employment and state of health. As part of your application, you will be asked to provide your express consent to our use of this information to assess your application and any monitoring activities which may be required of us under applicable laws as an employer.
We may also carry out screening checks (reference, background and criminal record checks).
We may exchange your Personal Data with academic institutions, recruiters, health maintenance organisations, law enforcement agencies, referees and your previous employers.
Without your Personal Data, we may not be able to process your application for positions with us.
We do not collect the information of minors.
If you are below 18, do not provide us with your personal information. Personal information of individuals below the contractual legal age will not be collected. If we receive notice or believe that someone under 18 has provided us with personal information, we will make every reasonable effort to remove such personal information from our files and/or flag such personal information and retain it for the sole purpose of ensuring that it is not used any further.
3. Why Do We Collect your Personal Data?
- Underwriting our business with you
- Managing claims
- Assessing, improving and developing our services
- Enhancing our knowledge of risk and insurance markets in general
- Fulfilling legal or regulatory obligations and protecting ourselves and you against fraud. Such regulators include NAICOM, Nigerian Financial Intelligence Unit (NFIU) and other relevant regulatory agencies.
- For the protection of public interest such as investigation of fraudulent claims and Anti-Money Laundering/ Combating the Financing of Terrorism (AML/CFT) compliance checks.
- For archiving purposes in the public interest or statistical purposes.
- For the purpose of assessment of proposed Data Subjects’ employability and other employee benefits-related purposes.
- Market our products and services to you. We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them. Additionally, you can withdraw your consent at any time and free of charge.
4. What are our Collection Methods?
- Know Your Customer (KYC) forms
- Claim forms
- Forums and feedback forms
- Enquiry and Quote forms
- Recorded telephone conversations
- Digital touch points
- Electronics means (emails and apps)
- Employee engagement personal data forms (inclusive of medical report)
Third party’s data collection source:
- Individuals or employers with policies with Universal Insurance under which a data subject is insured i.e. a named individual within a group life insurance policy.
- Credit reference agencies including credit ratings.
- Family members in the event of incapacitation or death of the insured for purpose of claims payment
- Medical professionals and hospitals
- Loss adjusters, claim assessors, etc.
In the case of data obtained from third party source, a copy of your consent given to the third party to transfer the data to Universal Insurance shall suffice for our use and processing.
6. Record Retention Period
7. Sharing your Personal Data
- With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, verify your identity or provide customer support.
- With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for our business purposes or as permitted or required by law, including:
- if we need to do so to comply with a law, legal process or regulations;
- to law enforcement authorities or other government officials, or other third parties pursuant to a court order or other legal process or requirement applicable to us or our corporate family;
- with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;
- to investigate violations of or enforce a user agreement or other legal terms applicable to any service;
- to companies that we plan to merge with or be acquired by; and
- to support our audit, compliance, and corporate governance functions.
- With your consent: We also will share your Personal Data and other information with your consent or direction.
8. What Are Your Rights?
1. Access Request
You have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form, unless you want to receive it in another way (for example, a paper copy). In addition, you can ask us for information on how we use your Personal Data, who we share it with, how long we keep it, where it is stored, and other information to help you understand how we use it.
2. Rectification Request
You have the right to ask us to correct your Personal Data (including by means of providing a supplementary statement) if it is inaccurate and to have incomplete Personal Data updated without undue delay. If we cannot correct the Personal Data, we include a note on our files regarding your request to correct your Personal Data.
3. Erasure Request
You have the right to ask us to erase your Personal Data if:
- Your Personal Data are no longer necessary for the purpose(s) they were collected for
- Your Personal Data have been unlawfully processed
- Your Personal Data must be erased to comply with a regulation
- You withdraw your consent for the processing of the Personal Data (and if this is the only basis on which we are processing your Personal Data)
- You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
- You object to processing for direct marketing purposes.
If we have made the Personal Data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your Personal Data.
We may refuse to act on your request to erase your Personal Data if the processing of your Personal Data is necessary:
- To exercise our right of freedom of expression and information
- To comply with the NDPR and relevant Nigerian laws
- For the performance of a task carried out in the public interest or to exercise official authority vested in us
- To establish, exercise or defend legal claims.
In these cases, we can restrict the processing instead of erasing your Personal Data if requested to do so by you.
- Requests to Object
You have the right to object at any time to the processing of your Personal Data if we process it based on our legitimate interests. This includes any so-called “profiling”. Our privacy notice informs you when we rely on legitimate interests to process your Personal Data. In these cases, we will stop processing your Personal Data unless we can demonstrate compelling legitimate reasons for continuing the processing. We may reject your request if the processing of your Personal Data is needed to establish, exercise or defend legal claims. You have the right to object at any time if we process your Personal Data for direct marketing purposes. You may also object at any time to profiling supporting our direct marketing. In such cases, we will stop processing your Personal Data when we receive your objection.
III. Requests to Restrict
You have the right to ask us to restrict the processing of your Personal Data if:
- You contest the accuracy of your Personal Data and we are in the process of verifying the Personal Data we hold
- The processing is unlawful and you do not want us to erase your Personal Data
- We no longer need your Personal Data for the original purpose(s) of processing, but you need them to establish, exercise or defend legal claims and you do not want us to delete the Personal Data as a result, or
- You have objected to processing carried out because of our legitimate interests while we verify if our legitimate grounds override yours.
If processing is restricted, we may process your Personal Data (except for storage purposes), only:
- If you have given us your consent
- For establishing, exercising or defending legal claims
- For protecting the rights of another natural or legal person, or
- For reasons of important public interest as defined under the NDPR and relevant Nigerian laws
Once processing is restricted following your request, we will inform you before we lift the restriction.
IV. Requests for Portability
You have the right to ask that we transfer any personal information that you have provided to us to another third party. Once transferred, the other party will be responsible for safeguarding such personal information.
Even if you request the portability of your Personal Data, you retain your right to also request their erasure.
V. Requests to Object to Automated Decisions
Generally, you have the right to object to any decision producing a legal effect concerning you or which otherwise significantly affects you if this is based solely on the automated processing of your Personal Data. This includes automated decisions based on profiling.
We may refuse your request if the decision in question is:
- Necessary to enter into a contract with you, or for the performance of your contract with us
- Permitted by regulations, or
- Based on your explicit consent.
We will only make decisions relying solely on automated processing that involve your sensitive Personal Data if you have given your explicit consent or the processing is necessary for reasons of substantial public interest, based on the NDPR and relevant laws.
9. How Do We Protect Your Personal Data?
We will inform you of any breaches which may affect your Personal Data.
10. Remedies for Violation and Timeframe for Remedy
11. Contact Us
UNIVERSAL INSURANCE PLC
8, Gbagada Expressway
Phone Number: (01-2934645)