The DPA defines personal information as “information which relates to an identified or identifiable natural person, and the definition may include, but is not limited to, your name, sex, gender, address, contact details, identity number and medical or health information.
The Privacy Notice applies to any website, application, form, document, product or service which references this Privacy Notice. It should be read together with the Terms and Conditions of Use for other Sanlam products and services. Where there is a conflict, this statement will prevail.
This statement applies to all customers, suppliers, agents, vendors and all visitors frequenting any of Sanlam premises.
In this Statement:
We collect personal information about you and any other person whose details you provide to us in accordance with the relevant laws, either:
We will also collect your information where you have only partially completed and/or abandoned any information which you began to apply to our website and/or other online forms. Given that we already consider you a customer at this stage, we may use this information to contact you to remind you to complete outstanding information.
Where we require personal information to provide you with our products and services, your failure to provide us with the necessary information, may result in Sanlam being unable to provide you with our products and services. Where such services include financial advice, the appropriateness of the advice may be compromised if you do not provide complete and accurate information. You are responsible for informing Sanlam if your information changes.
Owners or information system administrators of third-party websites that have links to the Sanlam website, may collect personal information about you when you use these links. Sanlam does not control the collection or use of personal information by third parties and this privacy statement does not apply to third parties. Sanlam does not accept any responsibility or liability for third-party policies or your use of a third-party app, platform or service.
Sanlam also uses certain social networking services such as Facebook, WhatsApp, Instagram and Twitter to communicate with the public and Sanlam clients. When you communicate with Sanlam through these services, that social networking service may collect your personal information for its own purposes. These services may track your use of our digital channels on those pages where the links are displayed. If you are logged into those services (including any Google service) while using our digital channels, their tracking will be associated with your profile with those service providers. These services have their own privacy policies which are independent of Sanlam’s privacy policies and practices. Please ensure that you fully acquaint yourself with the terms of any such third-party privacy policies and practices.
Your relationship with Sanlam determines the exact nature of the personal information Sanlam processes, and the purpose for which such personal information is collected and used. However, in many cases, if we are handling your personal information as part of our role as an insurer, the personal information we may process includes the following:
Types of data
What kind of data might be involved
Examples of how Sanlam uses the data
Personal information that is required for structuring a suitable product or service.
Information about you – for example, your name, identity number, age, gender, date of birth, nationality, occupation, lifestyle, current status of health, medical history and any existing conditions of each person insured. In the event that you make a claim, we may also collect personal information from you about the claim and any relevant third parties.
We acknowledge that information about your health is sensitive personal information. Note that we will use that information strictly in accordance with applicable laws and for insurance purposes (including assessing the terms of the insurance contract, dealing with changes to the policy and/or dealing with claims).
Information that allows an individual to be identified directly or indirectly.
Name, address, telephone number, e-mail address, information provided in your identity documents to fulfill Sanlam’s Know Your Customer (KYC) requirements.
For identification purposes, to draw up an agreement/contract or to contact you.
For example, details about the policies you hold and with whom you hold them.
To perform any risk analysis or for purposes of risk management to you or our business in general.
To enhance your experience when interacting with Sanlam and to help us improve our offerings to you.
We may process information related to payments you make or receive in the context of an insurance policy or claim.
We may process information regarding your income, expenses, assets, liabilities, investments, retirement and other financial provisions in the context of providing financial advice and intermediary services.
To ensure correct/timely processing of funds is performed. Also, for anti-money laundering/counter terrorism financing and sanctions monitoring.
Special categories of personal/health data/criminal data
Information concerning your health, information about criminal convictions, biometric data.
Health information such as smoker status or medical-related issues.
Sanlam processes biometric data for identification purposes. In the context of combating money laundering/ terrorism financing and tax obligations, we are required to record information about your country of birth. In addition, we may record special categories of data such as as criminal data in the context of anti-money laundering.
Relevant to a policy or a claim you have made.
Recorded calls, documentation of e-mails and physical access, CCTV
Online information – for example, cookies and IP address (your computer’s internet address), if you use our websites, apps and/or social media channels.
We use Closed Circuit Television (CCTV) surveillance recordings. CCTV Devices are installed at strategic locations to provide a safe and secure environment in all Sanlam premises.
We maintain a register of visitors in which we collect and keep your personal data such as names, company/institution details, telephone number, vehicle registration details and National ID number.
To enable our online services to be used and to combat fraud. To improve our website. For displaying targeted adverts or banners.
Allowing customers to carry information across pages of our site and avoid having to re-enter same information.
Enabling Sanlam to evaluate the effectiveness of its advertising and promotions.
Safety and Security reasons.
Data we receive from third parties.
Data may be obtained from third parties such as government identification databases, Company Registry, etc.
We use this information to verify KYC as part of customer due diligence.
Data we require to combat fraud, to ensure your security and ours, and to prevent money laundering and the financing of terrorism.
The data we keep in our internal and external referral registers, sanction lists, location information, transaction data, identity information, camera images and payment details, cookies, IP address and data relating to the device on which you use online services.
To comply with legal obligations and prevent you, the financial sector, Sanlam or our employees from becoming the victims of fraud, for security reasons and to protect the financial markets, we might check whether you appear in our external or internal referral registers and we have to check whether your name appears in sanction lists.
We may use your IP address, device details and cookies to combat online fraud (DDoS attacks) and botnets.
In certain instances, we may need consent to process your personal information. If you give us your consent for a specific context, you are free to withdraw this consent at any time. Please note that where you have withdrawn your consent, this will not affect the processing that took place prior to such withdrawal and it will not affect the processing of your personal information where consent is not required.
You may refuse to provide us with your personal information in which case we may not be able to provide you with a relevant service or would have to terminate our business relationship. The supply of certain items of personal information, especially those collected to comply with regulation, is legally mandatory.
We have regulatory obligations, including compliance with anti-money laundering legislation, which require us to process your personal information. This includes verifying your identity or the identity of your beneficial owner and/or controlling persons. We are also required by various laws to maintain a record of our dealings with clients.
For us to provide clients with the financial products and services they have requested and to notify them of important changes to such products and services, we need to collect, use and disclose the personal information of clients, their representatives, controlling persons of entities, business contacts, staff of clients and service providers.
To the extent permissible under applicable laws, Sanlam may use your information:
Entities within Sanlam will only share your personal information with third parties if there is a legitimate reason to do so. We may disclose the personal information you provide to us to the following entities:
Sanlam will not sell, rent, or trade your personal information to any third party. Sanlam will share information about you with financial advisers that are Sanlam representatives or who have intermediary agreements with Sanlam. Sanlam may also share information within Sanlam where it is in Sanlam’s legitimate interest to do so.
Sanlam will disclose information when lawfully required to do so:
On occasion, Sanlam may – for legitimate purposes – share aggregated information with its stakeholders and business partners (for example, demographic data) in a manner that does not identify the persons to whom the information applies. However, Sanlam will not disclose your personal information to third parties unless there is valid processing ground as set out in applicable law.
Some of the persons to whom we disclose your personal information may be situated outside of the Republic of Kenya in jurisdictions that may not have similar data protection laws to Kenya. In this regard, we may send your personal information to service providers outside of the country for storage or processing on Sanlam’s behalf. However, we will not send your information to a country that does not have information protection legislation similar to that of Kenya, unless we have ensured that the recipient agrees to effectively adhere to the principles for processing of information in accordance with the Kenya Data Protection Act.
Sanlam intends to protect the integrity and confidentiality of your personal information. Sanlam has implemented appropriate technical and organisational information security measures (including, but not limited to, using encryption for transmission of financial information) to keep your information secure, accurate, current, and complete. However, we cannot guarantee the security of any information you transmit to us online and you do so at your own risk.
Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other lawful requirements, we ensure that they are contractually bound to apply the appropriate security practices.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.
Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your personal data. These are listed below:
If you wish to exercise any of the rights set out above, kindly complete the subject access request form, for general enquiries please contact us on firstname.lastname@example.org.
We try to respond to all legitimate requests within reasonable time. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Where you provide your personal information to a Sanlam Group entity in the context of a sale of one of our products or services, you agree to such Sanlam Group entity sending you information on news, trends, services, events and promotions for our own similar products and/or services, always subject to your right to opt out of receiving such marketing at the time your information is collected and on each subsequent marketing communication thereafter. You may object to receiving direct marketing from Sanlam at any time by contacting the Sanlam Client Care Centre on 020 5138200 or +254 719035035).
Where you choose to exercise your right to opt out of direct marketing, please allow up to 21 days for Sanlam to effect that change.
In the interests of better customer service, Sanlam may collect anonymous information from visitors to its websites. For example, Sanlam keeps track of the domains from which people visit its website and also measures visitor activity on its website. In the process, Sanlam ensures the information cannot be used to identify you. This information is sometimes known as "clickstream data". Sanlam or its analytics vendors (including Google Analytics) may use this data to analyse trends and statistics and to provide better customer service.
The information, referred to as traffic data, which may be collected includes:
As mentioned, the traffic data is aggregated and not personally identifiable and our website analysis will also respect any ‘do not track’ setting you might have on your web browser.
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (for example, a computer or smartphone) when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.
What cookies do we use?
How do I disable cookies?
If you do not want to receive a cookie from the website, you have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not. However, please be aware that if you do turn off 'cookies' in your browser, you will not be able to fully experience some of the features of the website. For example, you will not be able to benefit from automatic log-on and other personalisation features.
While few, if any, of Sanlam's websites are directed towards children, Sanlam is committed to complying with all applicable laws aimed at the protection of children and in particular the protection of their personal information.
This privacy statement was last updated on 14 October 2021. A notice will be posted on the Sanlam website's homepage whenever the Privacy Notice is materially changed.
Questions, comments and requests regarding this statement may be directed to email@example.com for clarification.
As a Data Controller and Processor, below are the contact details of our Data Protection Officer:
Sanlam Kenya Plc
Sanlam Tower, Waiyaki Way, Westlands
P.O. Box 10496 Nairobi 0100, Tel: +2542781000, +254722206900
For more information on Sanlam, please visit our website.