ARK Insurance

Privacy Notice

ARK INSURANCE BROKERS LIMITED PRIVACY NOTICE

Last Updated 19th February 2024

     1. Introduction

Ark Insurance Brokers Limited (“Ark”, “we”, “us”, or “our”) is a composite insurance and reinsurance broker fully licensed and regulated by the National Insurance Commission (NAICOM) operating in the Nigerian and West-African Sub-region markets for over four decades. As the only Nigerian broker accepted as a member of the Worldwide Brokers Network (the largest network of independent brokers in the world), Ark offers benefits of the local market expertise, combined with global insurance knowledge. We have specialist divisions in Property/Casualty, Construction, Marine-cargo and Hull including P & I Haulage and other complex risk services (“Services”).

While on our website and while doing business with us, we will collect your data and determine the purposes for which and the manner through which your data may be processed. This makes us data controllers under the extant data protection laws in Nigeria. We have, therefore, dedicated this page to describe the types of personal data we obtain through our website which is accessible at https://www.arkinsurancegroup.com and social media pages (“Online Channels”) that link back to or reference this Privacy Notice; offline collection in connection with sales, marketing, partnership and supplier engagement; and third-party sources with which we may collaborate or conduct business.

Apart from explaining in clear terms how we use your personal data, with whom we share it, and how you can exercise your rights regarding our processing of the information, this Privacy Notice also contains the measures we take to safeguard the personal data we obtain, how we manage data breaches and how you can contact us about our privacy practices.

     2. The Personal Data We Collect About You

Visitors to our website can access every area of our website, without having to disclose any personal data. However, we may collect information captured in our web logs, such as device information (e.g. device brand and model, screen dimensions, etc.), unique identification numbers (e.g. IP address and device ID), browser information (e.g. URL, browser type, pages visited, date/time of access), website traffic and pages viewed, behavioral information, and other information about how you interacted with our website.

During our business relationship with you, we may collect certain personal data that can be used to contact, identify you or for performance of our obligation. Personal data may include, but is not limited to:

  1. contact information about you or related parties, such as principals in your organisation;
  2. financial information, such as payment information, including name, billing address and payment details (e.g, credit/debit cards, bank details, and other information required for billing and fraud prevention);
  3. contact information you provide about other people you would like us to contact; and
  4. other personal data when you reach out to us through the Contact Us form on our website, communicate with us over the phone, or via email and other electronic means to initiate a business relationship, make general enquiries, or suggestions about our services.

Apart from the personal data provided in the manner described above, we usually require your personal data to be able to provide our insurance brokerage or other insurance or financial industry services for you and on your behalf.  Typically, you will provide this required information to us directly within our insurance applications or when you complete the Ark Know Your Customer (KYC) – Due Diligence Form or the Ark Currency Transaction Reporting Form and provide us with a copy of the supporting documents requested in the Form or otherwise in connection with other interactions you have with us.

     3. How We Use Your Personal Data

We may use the personal data collected from you:

  1. to contract with you and provide our Services to you;
  2. to analyse and improve the safety and security of our products and Services;
  3. to create, administer, and communicate with you about your account (including any purchases and payments);
  4. to fulfil a specific request and provide customer support, such as responding to inquiries and handling complaints;
  5. to improve the accuracy of our records so that we can better understand your needs and preferences;
  6. to carry out communication with you, deal with any complaints, and administer claims you may have;
  7. to carry out KYC checks and screening, in compliance with extant anti-money laundering laws and regulations in Nigeria, prior to starting a new engagement;
  8. to contact you in relation to current, future and proposed engagements, send you our newsletters, know-how, promotional material and other marketing communications;
  9. to defend ourselves against fraud (and this may include the verification of identity), or to verify the legitimacy of a legal claim;
  10. to maintain and protect the security of our products, Services and Online Channels, preventing and detecting security threats, fraud or other criminal or malicious activities. This may involve us using your IP address to track you in the event of a security threat, fraud etc.;
  11. in the event of a merger, sale, or other transfer event, your personal data held by us will be transferred held by us about you is among the assets transferred;
  12. for commercial purposes: to contact you about products and services that we believe may be of interest to you; and to provide your information to third parties upon your consent;
  13. to meet comply with statutory requirements imposed by our regulators as well as other legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms; and
  14. to fulfil other purposes disclosed at the time you provide personal data or otherwise where we are legally permitted or are required to do so. Where we need to process your personal data for additional purposes that we have not identified at the time of collection, we will make sure to obtain your consent or the appropriate legal basis for these additional uses to the extent required by applicable law. 

     4. Our Principles of Data Processing

  1. Personal data will be processed lawfully and transparent manner;
  2. Personal data will be processed for a specific purpose and not in a way which is incompatible with the purpose which we have collected it;
  3. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  4. Personal data will be kept accurate and, where necessary kept up to date;
  5. Personal data will not be kept for no longer than it is necessary for the purposes for which it is processed;
  6. Appropriate steps will be taken to keep personal data secure.

    5. Lawful Basis for Processing Your Personal Data and Purposes of Processing

Here, we have set out the relevant lawful basis upon which we process your personal data and purposes for processing same:

LAWFUL BASIS PURPOSE OF PROCESSING
Consent We may process your personal data where you have given us explicit consent to do so, for instance, to share marketing information, to share newsletter updates, to share details of events etc. If we have to use consent as a legal basis, we will provide you with a consent form and you have the right to refuse to consent or withdraw your consent at any time by contacting us at compliance@arkinsurancegroup.com. However, withdrawal of consent will not affect the lawfulness of any processing carried out before you withdraw your consent.

Performance of a Contract

We may also process your information on the basis that we need to perform and fulfill a contract with you for the provision of our Services or to take steps at your request prior to entering a contract.

Legal Obligation

We may process your information where a legislation specifically mandates us to or if it is necessary to respond to a lawful request from a law enforcement or regulatory authority, body or agency; in the defense of legal claims or in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person.

Legitimate interests

We may process your data for our legitimate interests or the legitimate interests of a third party, provided these interests are not outweighed by your rights and interests. Our processing for legitimate interests may include for website improvement, network security, direct marketing etc.

Vital Interests

 

We may process your information where it is necessary to protect an interest, which is essential for your life, health, and bodily safety. This basis is limited in scope.

     

     6. What Constitutes Consent?

We will not ask for your personal data unless we need it to provide services to you. At any point where consent is the appropriate lawful basis for processing of your personal data, we will provide you with the option to either accept or not. In addition, whenever we introduce new services and technologies, we will ensure you understand and agree to any new ways in which your information will be processed.

You will be considered to have given your consent to Ark for the processing of your personal data when;

  • You complete any form issued by Ark at any of our service points (mobile, online, in-branch etc.) requesting for such personal data;
  • You register, check or tick the acceptance box on any of our electronic platforms (Online or Mobile) relating to terms and conditions of any service or product offered; and
  • You accept the installation of cookies on your device.

If we ask for your personal data for a secondary reason, like marketing, we will either ask you directly for your express consent, or provide you with an opportunity to say no. However, we should mention that withdrawal of consent would not affect the lawfulness of any processing carried out before you withdrew your consent.

How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent to the continued processing of your personal data, at any time, by contacting us at compliance@arkinsurancegroup.com.

     7. Your Rights as a Data Subject

Here is something we have not told you yet: because we determine the purposes for and the way your personal data may be processed, we are regarded as a data controller.

As a data subject, the law vests you with certain rights—they include the right to:

  1. access personal data we hold about you by requesting for a copy of the personal data we hold about you;
  2. rectify such information where you believe it to be inaccurate;
  3. restrict the processing of your personal data in certain circumstances;
  4. object to the processing of your Personal data where we intend to process such data for marketing purposes; where feasible, receive all personal data you have provided to us—in a structured, commonly used, and machine-readable format—and to transmit the information to another data controller;
  5. withdraw your consent;
  6. request the erasure of your personal data (also known as the right to be forgotten);
  7. request the portability of your data; and
  8. lodge a complaint with a relevant authority, where you have reason to believe that we have violated the term(s) of this Privacy Notice. (You may lodge a complaint or seek redress from us within 30 days from the time you first detected the alleged violation.).

You may seek to exercise any of the above rights at any time by sending us an email at compliance@arkinsurancegroup.com

For the purpose of this notice, the supervisory authority is the Nigeria Data Protection Bureau (NDPC) and the complaint can be sent via email at info@ndpc.gov.ng

     8. Cookie and Similar Technologies

A cookie is a small text file, which includes a unique identifier, which is sent by a web server to the browser on your computer, mobile phone or any other internet-enabled device when you visit an on-line site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences. For simplicity, we refer to all these technologies as “cookies”.

We do not use cookies on our website.

     9. Information Sharing with Third Parties

Occasionally, we may share your personal data with third party service providers such as entities providing insurance, claims recovery, and auditing services. We also share data with third parties during business including:

  1. We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company;
  2. We share with our business partners, agents, vendors, and affiliates, especially where we have to request another more localised or specialist insurance broker or intermediary to act as our sub-agent and assist us in the placement of an insurance contract;
  3. In connection with, or during due diligence or and negotiations of, any proposed or actual financing, merger, purchase, sale, joint venture, or any other type of acquisition or business combination;
  4. If you give your explicit consent;
  5. If we have to complete a contract on your behalf;
  6. If there is a legal obligation on us to share such data under existing laws and regulations. The Company may disclose your personal data in the good faith and belief that such action is necessary to:
    1. Comply with a legal obligation;
    2. Protect and defend the rights or property of the Company;
    3. Prevent or investigate possible wrongdoing in connection with the Service;
    4. Protect the personal safety of Users of the Service or the public; and
    5. Protect against legal liability.

     10. Data Security

We are very particular about preserving your privacy and protecting your data at Ark. Therefore, to avoid the loss, theft, misuse and unauthorised access, disclosure, alteration, and destruction of your information, we have put in place a range of administrative, technical, organisational and physical safeguards. Despite this, we cannot completely guarantee the security of any information you transmit via our Online Channels, as the internet is not an entirely secure place. We are committed to doing our best to protect you.

     11. Links to Other Websites

Please note that our Online Channels may contain links to other third-party websites and features that are not owned or controlled by Ark. We advise that you review the privacy notices of these third parties before consenting to the submission of your information or data on their platforms. Specifically, we have created a LinkedIn and a Twitter page to provide you with more information about our Services and more options for contacting us. Being public forums, please be aware that any personal data you choose to disclose through those platforms can be read, collected or used by others and that such disclosures are subject solely to the privacy and data protection practices of those forums.

     12. Retention of Personal Data

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Also, a contract between us could also prescribe a retention period, we will not retain your data beyond the duration prescribed in the contract.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

     13. International Transfer of Data

Ark is based in Nigeria and we store and process your personal data on our computers in Nigeria and in any other place where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside Nigeria or other governmental jurisdiction where the data protection laws may differ than Nigeria.

Where personal data is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such personal data. We shall among other things, conduct a detailed transfer impact assessment of whether the said country is on NITDA’s Whitelist of Countries with adequate data protection laws.

Our data transfers to the countries that do not offer an adequate level of protection are subject to either of the conditions in accordance with the Nigeria Data Protection Act and the Nigeria Data Protection Regulation. We will therefore only transfer personal data out of Nigeria on one of the following conditions:

  1. The consent of the Data Subject has been obtained;
  2. The transfer is necessary for the performance of a contract between us and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request;
  3. The transfer is necessary to conclude a contract between us and a third party in the interest of the Data Subject;
  4. The transfer is necessary for reason of public interest;
  5. The transfer is for the establishment, exercise or defense of legal claims;
  6. The transfer is necessary in order to protect the vital interests of the Data Subjects or other persons, where the Data Subject is physically or legally incapable of giving consent.

To obtain any relevant information regarding any transfers of your personal data to third countries (including the relevant transfer mechanisms), please contact our Data Protection Officer at compliance@arkinsurancegroup.com

     14. Our Personal Data Breach Management Process

While we are committed to doing our best to ensure that your personal data is protected, we acknowledge that in rare circumstances, a personal data breach may occur.

In the event of a personal data breach, our management process may take the following order.

  1. We will receive a complaint about an alleged breach through compliance@arkinsurancegroup.com.
  2. We will immediately conduct an initial assessment of the breach including confirmation of the.
    1. Extent of the breach
    2. Cause of the breach
    3. Other information concerning the breach
    4. Confirmation of possible containment
    5. If the breach is a systemic problem or an isolated incident
    6. Assessment of the risk or other harm because of the breach i.e. The loss of trust, reputational damage, legal liability, or breach of secrecy provisions
    7. If the information that has been compromised is sensitive or likely to cause humiliation or embarrassment
  3. We will assess the need to notify you where the breach is likely to result in high risks to your rights and freedoms.
  4. We will take all necessary steps to prevent future breaches, once immediate steps have been taken to mitigate the risks associated with the instant breach.
  5. Following our investigations, we make recommendations and take appropriate steps including:
    1. Making appropriate changes to our policies and procedures if necessary.
    2. Revising our internal staff practices if necessary; and
    3. Updating this data breach procedure where required.

    15. Remedy in the event of violation of Privacy Notice

Where there is any perceived violation of your rights, we shall take appropriate steps to remedy such violations, once confirmed. You shall be appropriately informed of the remedies employed. In the event of a data breach, we shall, within 72 (seventy-two) hours of having knowledge of such breach, report the details of the breach to NDPC. Furthermore, we will notify you immediately via email if the breach results in risk and danger to your rights and freedoms.

If you have any complaints regarding our compliance with this Privacy Notice, please contact our Data Protection Officer; Olamilekan Adesina at oadesina@arkinsurancegroup.com. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data within thirty (30) days in accordance with this Privacy Policy and in accordance with applicable law and regulation.

If you feel that your personal data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have a right to lodge a complaint with the NDPC. The contact details are:

Nigeria Data Protection Commission

Tel: +2349160615551

Email: info@ndpc.gov.ng

Website: www.ndpc.gov.ng

     16. Changes to Our Privacy Notice

We will continually assess our privacy and data protection practices to ensure that your privacy is guaranteed. To this end, we may amend this Privacy Notice at any time. If changes are made, we will indicate at the top of this Privacy Notice when it was most recently updated or send you a notification that the Notice has been updated. Your continued use of our Online Channels or Services will signify that you agree to any such changes. Please be assured that we will not use any previously collected personal data, to the extent that it is not collected under the new privacy notice, in a manner materially different than represented at the time it was collected.

     17. Contact Us

If you have any questions about this Privacy Notice or any suggestions on how we can improve its terms with respect to the Personal Data we collect, please email us at: compliance@arkinsurancegroup.com  .