Privacy Policy

HEIRS GENERAL INSURANCE LIMITED – WEBSITE PRIVACY NOTICE

Heirs General Insurance Limited (“HGI”, “we”, “us”) is committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently in line with the Nigeria Data Protection Act (NDPA) 2023 and the NDPC General Application and Implementation Directive (GAID) 2025.

1. Who we are (Data Controller/Processor)

Company: Heirs General Insurance Limited Address: Heirs Towers, Plot 107B Ajose Adeogun Street, Victoria Island, Lagos. Email: [email protected] Call Us: 0700 434 7746 WhatsApp: 09122222200 Data Protection Officer’s Contact: Name: Vincent Anosike Email:  [email protected]

2. Personal Data We Collect

Depending on how you interact with us (e.g., customer/policyholder, claimant, employee, vendor/service provider, or other stakeholder), we may collect:

• Identity and contact data (such as name, phone number, email address, address, gender, and photograph).
• KYC/verification data (such as ID details and related verification information where applicable).
• Policy and claims data (such as policy details, claims information, communications, and supporting documents).
• Employment or vendor data (where applicable for employees, candidates, suppliers, and service providers).
• Technical and usage data (such as IP address, device identifiers, browser type, pages visited, interactions, and cookie identifiers).

Where permitted by law and necessary for certain insurance services, we may also process Sensitive Personal Data (e.g., health-related data for specific claims or underwriting) with appropriate safeguards and explicit consent where required.  

3. How We Collect Your Data

We collect personal data when you:

• Submit information through our website forms or contact channels;
• Purchase or use our products/services or request information;
• Communicate with us (email, phone, chat, social media, where applicable);
• Visit and browse our website (including via cookies and similar technologies);
• Permit third parties to share data with us;
• Where your information is publicly available and lawful to use.

4. Why We Use Your Data (Purposes)

We use personal data for purposes including:

• Providing insurance products and services (including onboarding, policy administration, claims handling);
• Customer care, communications, and billing;
• Service messages and operational updates;
• Fraud prevention, security, and risk management;
• Managing, securing, and improving our systems and digital channels;
• Marketing and promotional communications (where lawful), with a clear opt-out at any time.

5. Lawful Bases for Processing

We process personal data only where a lawful basis applies, including:

• Consent (where required, e.g., certain marketing activities and optional cookies);
• Contract (where processing is necessary to provide services or take steps at your request);
• Legal obligation (to meet regulatory/statutory requirements);
• Vital interests (to protect life);
• Public interest/official mandate (where applicable);
• Legitimate interests (e.g., fraud prevention and improving our services), where permissible and balanced against your rights.

For marketing, we rely on a valid lawful basis such as explicit consent or legitimate interests supported by a documented balancing test, and we provide a clear and effective opt‑out.  

6. Consent (Where We Rely on It)

Where consent is required:

• We request it in clear language for a specific purpose;
• It must be freely given and obtained without coercion;
• It must be a clear affirmative action (no pre‑ticked boxes);
• You can withdraw consent at any time (without affecting earlier lawful processing).

Where we process Sensitive Personal Data based on consent, we obtain explicit consent.  

7. Cookies and Similar Technologies (Google Analytics & Marketing Cookies)

We use cookies and similar technologies to:

• Keep the website functional and secure (strictly necessary cookies);
• Analyse site usage and performance, including through Google Analytics (analytics cookies); and
• Support marketing/advertising where enabled (marketing cookies).

You can manage cookies through:

• Our cookie preferences tool
• Your browser settings (you can block or delete cookies); and
• Relevant third‑party opt‑out tools where applicable.

8. Who We Share Your Data With

We may share your personal data with:

• Service providers/vendors/contractors (e.g., IT, hosting, analytics, claims support) under written contracts and appropriate safeguards;
• Regulators, government bodies, courts, and law enforcement, where required or permitted by law;
• Professional advisers (e.g., auditors, legal advisers) where necessary;
• Entities involved in mergers/acquisitions/reorganisation, subject to lawful safeguards.

We do not sell your personal data.  

9. Cross‑Border Transfers

If we transfer personal data outside Nigeria, we do so in line with the NDPA and GAID 2025 by:

• Conducting and documenting a Transfer Risk Assessment (TRA) where required;
• Using NDPC‑approved adequacy decisions or lawful transfer mechanisms;
• Implementing appropriate technical, contractual, and organizational safeguards;
• Obtaining DPO clearance before transfer.

Where residual risk remains high, we will not proceed without prior consultation with the NDPC where required.  

10. Automated Decision‑Making and Profiling (Underwriting, Claims & Fraud)

We may use automated tools or profiling (for example, underwriting support, fraud detection, or claims triage) to help us make consistent and efficient decisions. Where such processing produces legal or similarly significant effects, we apply safeguards such as appropriate governance and documented decision logic;  measures to reduce bias and unfair outcomes;  appropriate human review and escalation processes;  and transparency about your rights and available redress.  

11. Data Retention

We retain personal data only for as long as necessary for the purposes in this Notice and as required by applicable laws and regulatory guidelines, after which we securely delete or anonymize it. Retention may depend on contract terms, statutory obligations, ongoing investigations or legal claims, or other lawful bases to retain information.  

12. Your Rights (Data Subjects)

Subject to applicable law, you have rights, including:

• Access to your personal data;
• Information about how your data is used;
• Rectification of inaccurate data;
• Deletion/erasure (subject to legal/contractual restrictions);
• Restriction of processing in certain cases;
• Objection to processing in certain cases;
• Data portability (where applicable);
• Rights relating to automated decision‑making/profiling (where applicable).

How to exercise your rights: Email [email protected] or contact the DPO at [email protected].  You can also submit a request via: Subject Access Request Form (SAR Form). We may verify your identity before completing your request. Marketing opt‑out: You can opt out of marketing at any time by clicking “unsubscribe” in our messages or emailing [email protected] with the subject “Marketing Opt‑Out”.  

13. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Our measures include access controls, encryption, audit logging, restrictions on removable media, and physical security where applicable.  

14. Personal Data Breaches

We maintain a data breach management procedure and require staff to report suspected incidents immediately. Where required, we will notify the NDPC and affected individuals within applicable timelines.  

15. Complaints

If you have questions or complaints about how we handle your personal data, contact us at [email protected], call us at 0700 434 7746, WhatsApp: 09122222200 or the DPO at [email protected] You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).  

16. Updates to This Privacy Notice

We may update this Notice from time to time. The latest version will be published on our website.