1. Introduction
Arybit Insurance, a division of Arybit Technologies ("we," "us," "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our InsurTech services, software solutions, and platforms.
We recognize the importance of privacy in the insurance industry and are committed to maintaining the highest standards of data protection in compliance with Kenyan data protection laws, international regulations, and industry best practices.
Key Privacy Principles
- Transparency: We're clear about what data we collect and how we use it
- Purpose Limitation: We only use data for specified, legitimate purposes
- Data Minimization: We collect only what's necessary for our services
- Security: We protect your data with industry-leading security measures
- Your Rights: You have control over your personal information
2. Information We Collect
We collect information in several ways when you use our services:
2.1 Information You Provide Directly
- Account Information: Name, email address, phone number, company details, job title
- Professional Information: Insurance license numbers, certifications, business registration details
- Communication Data: Information in emails, messages, support requests, and feedback
- Payment Information: Billing addresses, payment method details (processed by secure third-party providers)
2.2 Insurance-Related Data
- Policy Data: Policy holder information, coverage details, premium calculations
- Claims Information: Claim details, documentation, processing history, settlement information
- Risk Assessment Data: Information used for underwriting and risk analysis
- Customer Data: Information about your customers and their insurance needs
2.3 Technical Information
- Usage Data: How you interact with our services, features used, time spent
- Device Information: IP address, browser type, operating system, device identifiers
- Log Files: Server logs, error reports, performance data
- Cookies and Tracking: Information collected through cookies and similar technologies
2.4 Information from Third Parties
- Integration Data: Information from systems we integrate with
- Reference Data: Information from insurance regulatory bodies and industry databases
- Verification Data: Information used to verify your identity or professional status
3. How We Use Your Information
We use your information for the following purposes:
3.1 Service Provision
- Providing and maintaining our InsurTech solutions
- Processing insurance policies and claims
- Performing risk assessments and analytics
- Managing customer relationships and communications
- Facilitating digital distribution of insurance products
- Ensuring regulatory compliance and reporting
3.2 Account Management
- Creating and managing your account
- Authenticating your identity
- Processing payments and billing
- Providing customer support
3.3 Communication
- Sending service-related notifications
- Providing technical support
- Sharing product updates and improvements
- Conducting customer satisfaction surveys
3.4 Legal and Compliance
- Complying with legal obligations and regulations
- Preventing fraud and ensuring security
- Protecting our rights and interests
- Responding to legal requests and court orders
3.5 Service Improvement
- Analyzing usage patterns to improve our services
- Developing new features and functionality
- Conducting research and development
- Optimizing system performance
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Service provision and account management | Contract performance |
| Legal compliance and regulatory reporting | Legal obligation |
| Fraud prevention and security | Legitimate interest |
| Service improvement and development | Legitimate interest |
| Marketing communications (where applicable) | Consent |
5. Data Sharing and Disclosure
We may share your information in the following circumstances:
5.1 Service Providers
We work with trusted third-party service providers who assist us in delivering our services:
- Cloud Infrastructure: Secure hosting and data storage providers
- Payment Processors: Secure payment handling services
- Communication Services: Email and messaging service providers
- Security Services: Cybersecurity and monitoring providers
All service providers are required to maintain appropriate security measures and use data only as instructed.
5.2 Legal Requirements
We may disclose information when required by law:
- To comply with legal obligations and court orders
- To respond to regulatory inquiries and investigations
- To cooperate with law enforcement agencies
- To protect our rights, property, or safety
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to appropriate confidentiality protections.
5.4 Consent-Based Sharing
We may share information with your explicit consent for specific purposes not covered in this policy.
6. Data Security
We implement comprehensive security measures to protect your information:
6.1 Technical Safeguards
- Encryption: Data encrypted in transit and at rest using industry-standard protocols
- Access Controls: Multi-factor authentication and role-based access controls
- Network Security: Firewalls, intrusion detection, and monitoring systems
- Secure Infrastructure: SOC 2 compliant data centers with physical security
6.2 Organizational Safeguards
- Staff Training: Regular security and privacy training for all employees
- Access Management: Strict controls on who can access personal data
- Incident Response: Comprehensive procedures for security incidents
- Regular Audits: Periodic security assessments and compliance reviews
6.3 Data Backup and Recovery
- Regular automated backups stored in secure locations
- Disaster recovery plans to ensure business continuity
- Testing of backup and recovery procedures
7. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of service relationship + 7 years | Legal and regulatory requirements |
| Policy Data | As required by insurance regulations | Regulatory compliance |
| Claims Records | As required by insurance regulations | Legal obligations |
| Communication Records | 3 years from last communication | Customer service and legal protection |
| Technical Logs | 90 days to 2 years | Security and system optimization |
We regularly review our retention practices and securely delete or anonymize data when it's no longer needed.
8. Your Privacy Rights
You have several rights regarding your personal data:
8.1 Access Rights
- Request information about what personal data we hold about you
- Obtain a copy of your personal data in a structured format
- Understand how we process your information
8.2 Correction Rights
- Request correction of inaccurate or incomplete data
- Update your account information directly through our platform
- Notify us of changes to your contact information
8.3 Deletion Rights
- Request deletion of your personal data (subject to legal limitations)
- Close your account and request data removal
- Withdraw consent where processing is based on consent
8.4 Portability Rights
- Request your data in a portable format
- Transfer your data to another service provider
- Receive your data in commonly used electronic formats
8.5 Objection Rights
- Object to processing based on legitimate interests
- Opt out of marketing communications
- Request restriction of processing in certain circumstances
Important Note
Some rights may be limited due to legal or regulatory requirements in the insurance industry. We'll explain any limitations when responding to your requests.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for basic functionality and security | Session/Persistent |
| Performance Cookies | Help us understand how you use our services | Up to 2 years |
| Functional Cookies | Remember your preferences and settings | Up to 1 year |
9.2 Managing Cookies
- You can control cookies through your browser settings
- Blocking essential cookies may affect service functionality
- We provide cookie preference controls in our platform
10. International Data Transfers
Your data may be transferred to and processed in countries other than Kenya:
- Cloud Services: Our cloud infrastructure may be located in various countries
- Service Providers: Some third-party providers may operate from different jurisdictions
- Safeguards: We ensure appropriate safeguards are in place for international transfers
- Adequacy Decisions: We prioritize transfers to countries with adequate data protection laws
All international transfers are conducted in compliance with applicable data protection laws and include appropriate contractual protections.
11. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.
Parents or guardians who believe their child has provided personal information to us should contact us immediately using the information provided in this policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements:
- Notification: We'll notify you of material changes by email and platform notifications
- Effective Date: Changes take effect on the date specified in the updated policy
- Review: We encourage you to review this policy periodically
- Continued Use: Continued use of our services constitutes acceptance of the updated policy
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Arybit InsuranceGTC ST, Red Hill Rd
Nairobi, Kenya
Email: privacy@arybit.co.ke
Phone: +254 (0) 720 989 818
Privacy Rights Requests
To exercise your privacy rights:
- rights@arybit.co.ke
- Response within 30 days
- Identity verification required
Regulatory Authority
If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya or other relevant supervisory authority in your jurisdiction.
Your Privacy Matters
By using our services, you acknowledge that you have read and understood this Privacy Policy. We're committed to protecting your privacy and maintaining your trust as we provide innovative InsurTech solutions.