1. Introduction

Trident Insurance Company Limited is committed to protecting your privacy and ensuring the security of your Personal Data. This is our main Privacy Policy which describes how we collect, use, share, and safeguard your Personal Data when you engage with our products, services, website, or applications, in accordance with applicable data protection laws and regulations, as well as other relevant laws in the regions where we operate. It also explains your rights and choices regarding the Personal Data we handle.

We encourage you to carefully read this Privacy Notice to understand how we handle your Personal Data. By providing your Personal Data or using our services, you acknowledge that you understand that we will process your data in accordance with this Privacy Notice, our Data Protection policies, applicable Data Protection Laws, and other relevant legal obligations.

This Privacy Policy will be supplemented by additional privacy policies tailored to our specific relationships with you where this is useful to provide you with a full picture of how we collect and use your Personal Information.

References to "you" or "your" means any individual with whom we have a relationship, including policyholders, insureds or claimants under an insurance policy, commercial insurance brokers, appointed representatives, witnesses, or another individual with whom we have a relationship or users of Trident Insurance Company Limited.

2. Definitions

"Personal Data" refers to any information that can identify you, either on its own or in combination with other data, whether already in our possession or likely to come into our possession.

"Sensitive Data" includes information such as your race, health status, ethnic or social origin, beliefs, genetic and biometric data, property details, marital status, and family information, including details about your children, parents, or spouse, as well as your sex or sexual orientation.

"Data Subject/You" refers to any living individual whose Personal Data is processed, including but not limited to our clients, prospective clients, former clients, agents, brokers, former agents, former brokers, job applicants, employees, former employees, visitors to our premises, suppliers, or service providers with whom we have contracts.

"Cookies" are small text files placed on your computer or device by our website when you visit certain sections or use specific features of the site.

"Data Controller" refers to any natural or legal person who determines the purposes and means by which Personal Data is processed, either alone or jointly with others.

"Data Processor" is any natural or legal person that processes data on behalf of the Data Controller.

"Data Protection Laws" refers to the Data Protection Act 2019 (DPA), Data Protection Regulations, and any other relevant data protection legislation that Trident Insurance Company Limited adheres to.

"Processing" refers to any action performed on Personal Data, including but not limited to collecting, recording, organizing, storing, modifying, retrieving, using, disclosing to third parties, combining, restricting, erasing, or disposing of the data.

"We/Us/Our" refers to Trident Insurance Company Limited Company Limited and its subsidiaries as may from time to time be specified by the Insurance to you.

3. Collection of Personal Data

We may collect, use, store and transfer different kinds of personal data about you or persons connected to you which we have grouped together as follows:

Contact information such as phone number, email address, postal address, residential address, and telephone number and social networking profile details.

Identification information such as name, date and place of birth, national identity card number, passport number, Kenya Revenue Authority personal identification number (PIN), photo, marital status, title, nationality, gender, and specimen signature.

Education and employment information such as name of the employer, position in the organization and office address.

Government and other official identification numbers such as National Identification Number, Passport Details, Driving License, Birth Certificate, KRA PIN, NSSF & NHIF details.

Financial information such as Payment card number (credit or debit card), bank account number, or other financial account number and account details, credit history, credit reference information and credit score, assets, income, and other financial information, account log-in information.

Technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use while browsing.

Photographs and video recordings: such as closed-Circuit Television (CCTV) surveillance recordings placed in strategic areas in our premises and Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law.

Children data such as include name, date of birth, birth certificate number, relationship with the applicant and any other information relevant for the provision of our products and services. We will only process such data where parental or legal guardian consent has been given. We will also ensure that the processing of such data will be done in a manner that protects and advances the rights and best interests of the child.

Event data: Information you provide to us for the purposes of attending meetings and events or our booths at events.

Claim Processing data: Information relevant to your insurance policy or relevant to your claim or your involvement in the matter giving rise to a claim.
Information to detect, investigate or prevent crime, including fraud and money laundering: such as information about previous dealings with policyholders and claimants.
Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Communication data: Recordings of telephone calls with our representatives

Information enabling us to provide products and services such as Location and identification of property insured (for example, property address, vehicle licence plate or identification number), travel plans, age categories of individuals to be insured, details of the risks to be insured, prior accident or loss history, and cause of loss, status as company officer or director, or partner, or other ownership or management interest in an organisation, history of disputes, civil or criminal proceedings or formal investigations involving you, and information about other insurance held.

Information from other sources: We may supplement the Personal Information we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third-party commercial information sources, and information from our business partners). We will use any such supplemental information in accordance with applicable law (including obtaining your consent where required)

4. How we collect your personal data

We collect your personal data in various ways, depending on how you engage with us. This can happen through:

Direct Interactions:

• When you apply for our products or services.
• When you register for our products via mobile or online platforms.
• When you request marketing information from us.
• When you make any inquiries.
• When you create an account on our website.
• When you supply goods or services to us as a supplier or contractor.
• When you use our website, through cookies and similar technologies.
• When you are captured by CCTV when you visit our premises.
• When you use our Wi-Fi.
• When you apply for a job with us.
• When you are appointed as a director, employee, or agent.
• When you attend an event hosted or sponsored by us.
• When you visit our premises and provide details like identification, device information, or vehicle information.

From Third Parties or Publicly Available Sources:

• From agents or brokers.
• From public records like the Companies Registry or Business Registration Service.
• From medical professionals and hospitals.
• From your employer if they take out a product or service on your behalf, such as group life insurance, retirement funds, or medical insurance.
• From individuals making claims or applications that involve you.
• From family members who inquire or include you in their insurance, when you've authorized them to make a claim for you, or if you're unable to provide the needed information yourself.
• From individuals making claims who include your information in their claim.
• From your authorized representative.
• From anyone you’ve authorized to act on your behalf.
• From land registries, credit reference agencies, fraud prevention agencies, and service providers involved in payments, technical services, or deliveries.
• From the Government of Kenya’s e-Citizen platform and the Integrated Population Registration Services.

5. How we use your personal data

We collect and use your personal data for various purposes, including:

• To complete the contract, we are about to enter or have already agreed upon with you.
• To verify your identity using publicly available or restricted government databases, ensuring we comply with Know Your Customer (KYC) requirements.
• To address any concerns about fraud, safety, or potential illegal activities, and to investigate them if needed.
• To manage compliance activities like audits, reporting, risk assessments, maintaining financial records, preventing fraud and money laundering (AML), and adhering to sanctions and anti-terrorism laws. This includes identity checks, verifying address details, screening for politically exposed persons (PEPs), and checking clients and their representatives against sanctions lists.
• To cooperate with and respond to requests from government authorities, tax bodies, regulators, financial markets, brokers, intermediaries, courts, or other third parties, and to report transactions or other required activities.
• To record and monitor phone calls for quality control, security, staff training, fraud prevention, and to address complaints or disputes. These recordings, where allowed by law, are owned solely by us.
• To stay in touch with you and keep you updated about the products or services you’ve applied for.
• To monitor and analyze how you use our products and services, helping us with system management, troubleshooting, and operational support.
• To verify age and consent when personal data relates to a child.
• To confirm your identity and physical address.
• To meet legal or regulatory obligations and protect both us and our clients from fraud.
• To protect our legal rights, such as when defending against or pursuing a legal claim.
• To share with your news about our latest products and services.
• To protect your vital interests or those of others, for instance, by ensuring beneficiaries receive payouts under your policies.
• If you're a Trident Insurance Company Limited director, to create and maintain a record of your directorship in our system.
• If you're a supplier to Trident Insurance Company Limited, to process your information for due diligence, risk assessments, administrative tasks, and payments.
• If you've applied for a role at Trident Insurance Company Limited, to conduct background checks and applicant screenings.
• If you're employed by Trident Insurance Company Limited, to keep a record of your employment and ensure ongoing monitoring during your time with us.
• If we receive your data from third parties, to confirm the information you’ve provided or to prevent fraud.

6. Disclosure of Information

We also may disclose your personal information where required by law, to enforce other agreements, or to protect the rights, property, or safety of our business, our clients, customers, employees, or others.

We may share your personal data with the following parties, as needed:

• Any individual authorized by you to act on your behalf.
• A legally appointed guardian or administrator who is authorized to manage your affairs.
• Intermediaries such as your agent or broker, serving as your primary contact.
• Fraud prevention and anti-money laundering agencies, to safeguard our vital interests and ensure compliance with legal obligations.
• Our co-insurers and reinsurers, to manage risks and facilitate claims processing.
• Government agencies and regulatory authorities such as the Insurance Regulatory Authority (IRA), Capital Markets Authority (CMA), Kenya Revenue Authority (KRA), National Transport and Safety Authority (NTSA), National Social Security Fund (NSSF), National Hospital Insurance Fund (NHIF), Business Registration Service (BRS), Integrated Population Registration Services (IPRS), Financial Reporting Centre (FRC), and advisory bodies like the Association of Kenya Insurers (AKI), to meet public and legal obligations and protect your interests.
• Custodial and trustee services, government bodies, public authorities, and courts to comply with our legal obligations.
• Service providers, suppliers, subcontractors, affiliates, or partners who assist in delivering our services to you. This may include:
o Healthcare service providers and benefit management services.
o Risk surveyors, claims investigators, valuers, and loss adjusters.
o Garages, car hire companies, and debt collection agencies.
o Credit reference agencies and IT service providers such as software and email systems.
o Financial institutions involved in processing your payments or transactions.
o Mobile network operators facilitating communications. Professional advisors, including

7. Security of your data

The security of your personal data is important to us. However, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

If we suspect or become aware of any unauthorized access to your data by any unauthorized person or third party or become aware of any other security breach relating to personal data held by us, we shall notify you in writing within a reasonably practical period, unless the identity of the data subject cannot be established. In the event of such data breach, Trident Insurance Company Limited shall fully and immediately take the appropriate steps to contain and remedy such data breach.

8. Cross Border Transfer of Data

Where we send your information outside the country, we will make sure that there is proof of adequate data protection safeguards in the recipient country or consent from you on transfer of your personal information.

Legal basis of processing data

Trident Insurance Company Limited will handle your personal information in accordance with applicable Data Protection Laws and its internal policies, including:

• To comply with any mandatory legal obligations to which Trident Insurance Company Limited is subject.
• With your consent.
• When processing is necessary to serve Trident’s legitimate business interests, or those of a third party, within legal boundaries.
• To fulfil a product or service contract that you are a party to.
• For the establishment, exercise, or defense of a legal claim.
• To protect your vital interests or those of another individual.

10. Retention of data

We will retain your personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including meeting legal, regulatory, tax, accounting, or reporting obligations. In some cases, we may keep your personal data for a longer period if a complaint is made or if we reasonably anticipate potential legal action related to our relationship with you. When determining the appropriate retention period, we consider factors such as the amount, nature, and sensitivity of the data, the risk of harm from unauthorized use or disclosure, the purposes for which we are processing the data, whether those purposes can be achieved by other means, and any applicable legal, regulatory, tax, or accounting requirements,

11. Your Legal Rights

You have the right to:

• • Be informed what personal data has been collected about you.
• • Access your personal data, including information on how it is processed (the reasons for processing, categories of data involved, recipients of your data, and the retention period).
• • Request the deletion of your personal data. While we may not always be able to fulfil such requests, we will notify you within 7 days of receiving your request, detailing the reasons as specified in Regulation 12(4)(b) and Regulation 12(4)(e) of the Data Protection (General) Regulations, 2021. Please note that if your request to delete your data is granted, you will no longer have access to our products or services associated with that data.
• • Receive a copy of your personal data that you have provided to Trident Insurance Company Limited in a structured, commonly used, and readable format. This will be done free of charge upon request by contacting the Data Protection Office at mydata@trident.co.ke
• • Object to and/or restrict the processing of your personal data for legitimate reasons. However, please be aware that this may disrupt our ability to provide services to you.
• • Request the transfer of your personal data to another Data Controller.
  
• • File a complaint with us at mydata@trident.co.ke
• • Modify your personal data or withdraw your consent for its processing or retention at any time. You also have the right to designate a third party to whom your data may be shared after your passing, and you agree to inform that third party of their appointment.
• • Request corrections to your personal data. Please direct all such requests to mydata@trident.co.ke We commit to responding to any request for correction or update within 14 days of receipt, provided that the correction is necessary.

12. The Use of Cookies

We may store some information (using "cookies") on your computer when you visit our websites. This enables us to recognize you during subsequent visits. The type of information gathered is non-personal (such as: the Internet Protocol (IP) address of your computer, the date and time of your visit, which pages you browsed and whether the pages have been delivered successfully.

13. Changes to the Policy

We may update this Privacy Policy from time to time. You can access the most current version of the privacy statement from www.trident.co.ke and any amendment or modification to this statement will take effect from the date of notification on the Trident Insurance Company Limited Website

14. Contact Information

If you have any concerns about the use of your personal data, questions about this Privacy Policy including any requests to exercise your legal rights under the law, please contact us using the details set out below:

Email: info@trident.co.ke

Postal address: P.O.BOX P.O.BOX 55651-00200, Nairobi, Kenya

Physical address: 1st Floor, Capitol Hill Towers, Catherdal Road, Off Processional Way, ,

Telephone Number:+254 020 2721728.