Skip to main content
search

Privacy Notice

26/04/2024

INTRODUCTION

Madison Group Limited is a financial service holding Company offering life assurance, retirement benefits, general and healthcare insurance and investment management services. The services are offered through the subsidiaries; Madison Life Assurance Kenya Limited, Madison General Insurance Kenya Limited and Madison Investment Managers Limited. Throughout this Privacy Notice, “We”, “Us”, “Our” or “Madison Group” refers to Madison Group and its subsidiaries.

Madison Group is committed to protecting your privacy and ensuring the security of your Personal Data. This Privacy Notice explains how We collect, use, share, and protect your Personal Data when you engage with our products, services, website or applications in accordance with applicable data protection laws and regulations and other relevant laws in the market we operate. It outlines your rights and choices concerning the Personal Data We process.

We encourage you to read this Privacy Notice carefully to understand how We handle your Personal Data. By providing your Personal Data to Us or using our services, you acknowledge that you understand that We will process your data in accordance with this Privacy Notice, the Group’s Data Protection-related policies, Data Protection Laws and any other applicable laws.

PRIVACY NOTICE STATEMENT

This Privacy Notice informs you of Our data collection, processing and usage of your data and it describes your choices regarding use, access and correction of your Personal Data.

This Privacy Notice describes how We process your Personal Data and aims to address all possible data processing scenarios that may be undertaken with your data. Madison Group may inform you of product or service-specific data processing activities through supplementary Privacy Statements provided before collection.

This Privacy Notice supplements Madison Group’s Data Protection Policy and any other relevant Privacy Statements.

DEFINITIONS

  • “Personal Data” means any information, either by itself or jointly with other data, that can be used to identify you, either from the information currently in Our possession or likely to come into Our possession;
  • “Cookies” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site;
  • “Data Controller” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the way any Personal Data are, or are to be, processed.;
  • “Data Protection Laws” means the Data Protection Act 2019 (DPA), Data Protection Regulations and any other relevant Data Protection Laws that the Group complies with.
  • “Data Processor” means any natural or legal person who processes the data on behalf of the Data Controller;
  • “Data Subject/You” means any living individual who is the subject of Personal Data and may include and is not limited to Our client, prospective client, former client, agent, broker, former agent, former broker, job applicant, employee, former employee, visitor to any of Our premises, supplier or services provider whom We have contracted;
  • “Processing” means any activity carried out on Personal Data including, among others; collecting recording, structuring, storing, altering, retrieving, using, disclosure to third parties, combining, restriction, erasure, or disposing of your Personal Data;
  • “Sensitive Data” means data revealing your; race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including details of your child, parents or spouses; sex and or sexual orientation;
  • “We/Us/Our” means Madison Group Limited and its subsidiaries Madison Life Assurance Kenya Limited, Madison General Insurance Kenya Limited, and Madison Investments Managers Limited and or its affiliates as may from time to time be specified to you.

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

Depending on the service or product We provide to you or the nature of our relationship, We may collect and process your personal information including but not limited to:

  • Basic identification information such as name, user name or similar identifier, title, date of birth/age, nationality, gender, and signature specimen;
  • Government-related Data such as National Identification Number, Passport Details, Driving License, Birth Certificate, KRA PIN, NSSF & NHIF details.
  • Occupation/employment information such as name of employer, position, educational background, professional membership, employment history, terms of employment, and office address;
  • Contact information such as phone number, email address, postal address, social media handle;
  • Location data such as physical address and residential address;
  • Sensitive data such as property details- (e.g. car, house, personal assets, business and shareholding information), health data (e.g. medical history, current & previous health status, medical reports, prescriptions), biometric data , disability, habits and pursuits, marital status, family details including details of a child (ren), parent(s), spouse(s), sex.
  • Financial information such as bank account details, card payment details, transactional data when you use electronic and digital platforms, estimated monthly income, evidence of source of funds, credit reference information, account information such as account number and type, investment preferences, goals and financial objectives, risk tolerance, investment holdings and performance;
  • Multimedia data such as passport photos, videos, and phone recordings;
  • Technical information such as online account details (username, profile settings and preferences), login data, IP address, browser type, details about your Internet Service Provider, operating system, domain name, access time, cookies, geolocation data, usage data, device ID;
  • Insurance-related information such as member number, previous insurance covers, claims history and other claim-related information;
  • Your communication with Us such as when you reach out to Us or interact with Us through email or calls (We may record the conversation) Our social media platforms, or other interactions with Us;
    CCTV surveillance footage when you visit Our premises;
  • Feedback and survey responses.

HOW WE COLLECT YOUR PERSONAL DATA

Depending on the nature of your relationship with Us, We may collect your Personal Data from the following avenues;

Directly from you;

  • When you fill out the proposal/application/claim or other applicable form and or subscribe to Our product/service;
  • When you contact Us through calls, emails, messages or Our social media pages;
  • When you use Our Websites or when you subscribe to any of Our products through Our digital channels.  For example, We may use technologies like cookies or receive use data from software running on the website/web application;
  • When you create an account on our web applications;
  • When you interact with us through our social media pages;
  • When you apply for a job with Us;
  • When you are Our director, employee or agent;
  • When you provide Us with goods or services;
  • When you participate in a competition or promotion that We offer;
  • When you give Us feedback such as through surveys;
  • When you attend an event hosted or sponsored by Us;
  • When you visit Our premises and submit your identification details, device information and or vehicle information.
  • Through CCTV surveillance that captures your images or videos when you enter Our premises including Our headquarters and branches.
  • When you use Our Wi-Fi.

b. From third-party sources such as;

  • Your agent/broker;
  • Your duly authorized representative;
  • A person duly authorized by you;
  • Our Service Providers such as Benefit Management, Medical Service Providers, IT Systems and Service Providers, Legal Services, Debt Collectors, Investigators, Loss Adjusters, Motor Assessors, Motor Valuers, Risk Surveyors, Garages, Car Hire, Training services, Credit Reference Agencies, Direct Marketing Services, financial institutions through which your payment is received or transmitted; Mobile network operators, Trustee & Custodial Services, recruiters;
  • Public sources including but not limited to government agencies such as IRA, CMA, KRA, NTSA, BRS, IPRS, HELB;
  • Fraud prevention agencies;
  • Your employer when they take out a service, or product from Us (e.g. group life, retirement funds, medical insurance scheme etc.);
  • In the event of a claim, from an individual who is making a claim and has included your information as part of the information related to their claim;
  • Subsidiaries within the Madison Group.

We encourage you to provide us with the requested Personal Data as and when requested. Failure to provide such necessary information may impede our ability to effectively deliver the product or service you have engaged us for, or fulfil our contractual obligation to you.

To help Us maintain an accurate record of your Personal Data, kindly ensure that the Personal Data you provide Us is accurate and up to date. We will endeavour to conduct periodic data update exercises and invite you to participate in the same when called upon. Additionally, We encourage you to promptly inform Us of any changes in your data.

In instances you have submitted Personal Data about another person, kindly ensure that you capture the correct information and notify them that their information is being submitted to Us.  It is also crucial that you show them this Privacy Notice and direct them to Us if they have any questions or concerns about the use of their Personal Data.

HOW WE USE YOUR PERSONAL DATA.

We may process your Personal Data for the following purposes:

  • Performing Our contractual obligation of providing insurance and wealth management products or services including;
  • Verifying the accuracy & validity of the information provided;
  • Assessing eligibility for cover & underwriting;
  • Pricing & setting premiums;
  • Creating your record and issuing you with a member/account and policy number;
  • Executing your instructions (top-ups, withdrawals, cancellations, refunds, surrender);
  • Updating & changing your details;
  • Investigating, processing and payment of claims;
  • Payment of a claim to a legal personal representative;
  • Handling disputes;
  • General servicing and or administration of the product/service/claim;
  • Communication on general updates relating to the product/service/claim.
  • Assessing the suitability of an applicant for potential employment (including conducting background checks).
  • To administer the employment, agent, or directors’ contracts to fulfil Our obligations under the contract. This may include onboarding, payroll, benefits administration (e.g. medical insurance, group life, personal accident etc.), pension administration, leave management, reporting, performance reporting etc.
  • To fulfil and manage Our contractual obligations with Our service provider/ suppliers;
  • To comply with any legal, regulatory, tax, accounting or reporting obligations such as Know your Client (KYC) requirements, Anti-
  • Money Laundering requirements and sanctions screening, where We are under a duty to disclose or permitted or compelled by law;
  • Where you give your consent, particularly where We use your Personal Data for direct marketing, where We process Personal Data relating to a child and where We process sensitive Personal Data outside Kenya;
  • To protect your vital interest or the vital interests of another person such as; verifying your identity to safeguard your interests,
  • For Our legitimate interests which can include;
  • Utilizing Our CCTV surveillance and collection of Personal Data when you visit Our premises  to maintain a safe and secure environment within Our premises;
  • Protecting Our business interests and developing business strategies;
  • Business operation and maintenance including maintenance of Our website, web applications,
  • Enhancing your experience when interacting with Our products or services conducting risk analysis or risk management activities;
  • Detecting, preventing and investigating unlawful activities such as fraud;
  • Debt recovery or debt tracing;
  • Publishing images or news bulletins on Our website and social media pages when you attend an event hosted or sponsored by Us.
  • For the establishment, exercise or defence of a legal claim;
  • Public interests;
  • To carry out statistical analysis/market research/surveys on Our products and services;

COOKIES

To ensure the proper functionality of Our website, self-service portal and or web applications, We may place a small piece of data known as a cookie on your computer or mobile device. Cookies are used to ensure the proper functionality of Our Website, self-service portal and or web applications and or improve user experience such as remembering your preferences such as language, font size or other browsing settings on your computer or mobile device.

This section explains how we use cookies and the options that you have, to control and or reject them.

What are cookies?

Cookies are small text files that are stored in your web browser so that the website or web application that you are visiting recognizes you and remembers your preferences. Cookies can be used to collect, store, and share bits of information including personal data about your activities across websites and web applications, including on our website and web applications.

What cookies do we use?

We utilize several cookies on our website, self-service portal andor web applications. These include; session cookies, persistent cookies, necessary cookies, functional cookies, and analytical cookies.

A session cookie is used to identify a particular visit. These cookies expire after a short time or when you close your web browser after using our website or web application. We use these cookies to identify you during a single browsing session, such as when you log into our website or web application.

A persistent cookie will remain on your devices for a set period specified in the cookie. We use these cookies when we need to identify you over a longer period. For example, we would use a persistent cookie if you asked us to keep you signed in.

A necessary cookie is used by our website or web application to perform its basic functions. For example, to remember which page a user is on. These cookies are enabled by default and cannot be disabled as the website or web application will not function properly without them.

A functional cookie helps perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used by a third party to monitor how users reach the website and how they interact with and move around on the website. This helps us know which features on the website are working best and what features on the website can be improved.

How do third parties use cookies?

Third-party companies like analytics companies and ad networks generally use cookies to collect user information anonymously. They may use that information to build a profile of your activities on the Madison Group websites that you’ve visited.

What are your cookie options?

When you visit our page you have the option to customise your cookies using the cookie icon available at the bottom left side of the screen. The cookies you have select will remain active for a period of one year.

Regardless, Most browsers provide ways to control or reject cookies. If you decide along the way that you don’t like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and not to accept new cookies. To learn more about how to do this, visit the help page of your browser.

However, please note, that if you opt out of cookies, you may not be able to use all the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

Madison Group will not use cookies for any purposes not stated in this Privacy Notice. You have the ability to manage, control or remove the cookies based on your own preferences as most web browsers provide the option of blocking cookies. You may also access certain areas of Our Site without providing any data at all. However, in order to use all features and functions available on Our Site you may need to submit or allow the collection of certain data.

TO WHOM WE MAY DISCLOSE YOUR INFORMATION

We may disclose part and/or all your information to:

  • Intermediaries such as your agent or broker as they serve as your primary contact point;
  • A person duly authorized to act as your guardian or administrator;
  • Any person duly authorized by you;
  • A person to whom you explicitly instruct Us to disclose your Personal Data;
  • Our service providers, suppliers’ subcontractors’ affiliates or partners as reasonably necessary for providing Our services to you.
  • This may include Healthcare Service Providers, Benefit Management Service Providers, Risk Surveyors, Claim Investigators,
  • Valuers, Loss Adjusters, Garages, Car Hire Firms, Debt Collectors, Credit Reference Agencies, Information Technology service
  • providers such as software systems and email providers, financial institutions through which your payment is received or transmitted, mobile network operators, Our professional advisors such as external auditors, accountants, actuaries and Our lawyer;
  • Our co-insurers and reinsurers.
  • Our business partners who run advertising campaigns, contests, special offers, or other events or activities in connection with our services.
  • Fraud prevention and anti-money laundering agencies to protect Our vital interests.
  • Government agencies such as IRA, CMA, KRA, NTSA, NSSF, NHIF, BRS, IPRS, FRC, and Advisory bodies such as the Association of Kenya Insurers for public interests and your vital interests.
  • Custodial and Trustee services, Government agencies, public authorities and courts for compliance with legal obligations to which We are subject.
  • If Madison Group is involved in a restructuring, merger & acquisition, or a bankruptcy or liquidation lawsuit, your Personal Data may be disclosed in connection with the transaction.

We will only disclose your Personal Data when We have a legal justification to do so. We shall endeavour to take reasonable steps to ensure that the Personal Data We disclose is accurate, up-to-date, complete and relevant to the purpose of the use or disclosure and that all the third parties to whom your data is shared ensure the security of your data. We shall also enter into data agreements with these third parties to establish and enforce their obligations in respect to the processing of your Personal Data.

WHAT ARE YOUR RIGHTS?

Subject to the constraints imposed by applicable law and internal policies, you have the below-listed rights:

  • The right to be informed about the collection and use of Personal Data;
  • The right of access to the Personal Data We hold about you;
  • The right to rectification of any Personal Data We hold about you is untrue, inaccurate, outdated, incomplete or misleading.
  • The right to erasure i.e., the right to ask Us to delete Personal Data We hold about you.
  • The right to restrict (i.e., prevent) the processing of your Personal Data.
  • The right to data portability (obtaining a copy of your Personal Data to re-use with another service or organization);
  • The right to object to Us processing your Personal Data for additional purposes;
  • The right to complain to the Office of the Data Commissioner; and
  • The right to withdraw consent.

You may exercise any of your rights by filling out the appropriate data subject rights action form which may be downloaded on the downloads section of this page and sending it to dpo@madison.co.ke OR by sending an email to dpo@madison.co.ke.

CHILDREN’S PERSONAL DATA

We shall only process children’s Personal Data in the case where their parent or legal guardian has consented to the processing.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

Your Personal Data is primarily stored within Kenya. However, Madison Group and or Our service providers may transfer your Personal Data including your sensitive data outside Kenya. This is mainly where software solutions have been utilized (these may include email exchange services, cloud storage services and document management systems). These services are embedded in Our processes and are essential for delivering the product, service and or product you have with US.

These jurisdictions may have different data protection laws. In such circumstances, We will take measures to ensure that data is processed in accordance with this Privacy Notice, Our Data Protection Policy and applicable laws.

HOW LONG DO WE RETAIN YOUR INFORMATION?

We will retain your Personal Data for no longer than is necessary for the purposes for which it was received, unless otherwise extending the retention period is required or permitted by law. We maintain a detailed retention schedule for Personal Data which is informed by the following principles:

In the first instance, Personal Data will be retained as long as required by a relevant law (i.e., not less than Seven (7) years) after the end of the contract you have with Us)
If a relevant law no longer requires Us to maintain Personal Data (or that period has elapsed), the Personal Data may still be retained if required by any relevant contractual agreement or arrangement or as informed by Our Retention Policy; and
For Personal Data to which a relevant law or contractual agreement or arrangement does not apply, We will retain the Personal Data for as long as is required to manage Our engagement and/or relationship with you plus a reasonable period afterwards as informed by Our Retention Policy.

HOW WE PROTECT YOUR INFORMATION

We employ appropriate physical, management, and technical measures to protect your Personal Data from unauthorized access, disclosure, use, modification, damage, or loss. These measures include;

Implementation of security features on Our IT infrastructure and physical premises;
Performance of comprehensive and regular audits;
Limiting data access to authorized persons only;
Ensuring continuous data updates;

Notwithstanding the security measures that We take, it is important to note that We may not guarantee the absolute security of your data as certain factors may be beyond Our control.

UPDATES TO THIS PRIVACY NOTICE

Madison Group may update or change this Privacy Notice at any time. We will release the latest Privacy Notice on Our website and digital channels. We recommend that you periodically review this Privacy Notice to stay informed about any changes. The date of the most recent update will be indicated at the top of this Privacy Notice.

HOW TO CONTACT US

If you have any questions or suggestions, privacy complaints or issues, and want to contact the Data Protection Officer (DPO), please contact us at dpo@madison.co.ke or call us on 0709 922 000 or visit our offices at Madison House, Upper Hill Close, Upper Hill, Nairobi, Kenya.

Close Menu