Privacy Policy

Introduction

KraalTech Limited ("KraalTech", "we", "our", or "us") is committed to protecting the privacy and personal data of users accessing our web and mobile applications for insurance quotation, policy application, policy issuance, premium payment, claims processing, and related insurance services.

This Privacy Policy explains how we collect, use, process, store, share, and protect your personal information when you access or use the KraalTech Insurance Platform ("Platform").

By accessing or using the Platform, you consent to the collection and processing of your personal data in accordance with this Privacy Policy and applicable laws of Kenya.

Information We Collect

2.1 Personal Identification Information

We may collect the following personal information:

• Full name
• National Identity Card Number
• Passport Number (where applicable)
• Date of Birth
• Gender
• KRA PIN
• Nationality
• Postal Address
• Physical Address
• Mobile Phone Number
• Email Address
• Occupation and Employment Information
• Passport Photograph or Selfie Verification Images

2.2 Insurance Application Information

To facilitate insurance quotations and policy issuance, we may collect:

• Vehicle registration details
• Vehicle ownership documents
• Vehicle valuation reports
• Driver details and driving history
• Claims history
• Existing insurance information
• Policy preferences and coverage requirements
• Beneficiary and nominee information
• Property details for asset insurance
• Medical declarations where applicable
• Uploaded supporting documents

2.3 Financial Information

We may collect:

• Premium payment details
• Transaction references
• Mobile money payment confirmations
• Bank account information where necessary
• Billing and invoicing information
• Refund payment details

2.4 Technical and Usage Information

When you use the Platform, we may automatically collect:

• IP address
• Device type and identifiers
• Operating system
• Browser type and version
• Session information
• Login activity
• Platform usage statistics
• Error logs
• Location information where authorized
• Cookies and similar tracking technologies

How We Use Your Information

Your personal information may be used for the following purposes:

• Processing insurance quotations
• Assessing insurance eligibility
• Facilitating insurance applications
• Issuing insurance policies and certificates
• Verifying customer identity
• Conducting Know Your Customer (KYC) checks
• Processing premium payments
• Managing policy renewals
• Handling claims notifications and claims processing
• Detecting and preventing fraud
• Providing customer support services
• Sending service-related communications
• Improving Platform functionality and user experience
• Generating analytics and operational reports
• Complying with legal, regulatory, and contractual obligations

Legal Basis for Processing Personal Data

We process personal data based on one or more of the following lawful grounds:

• Your consent
• Performance of an insurance contract or pre-contractual obligations
• Compliance with legal and regulatory requirements
• Protection of legitimate interests pursued by KraalTech, insurers, or regulatory authorities
• Protection of vital interests where applicable

Data Sharing and Disclosure

To facilitate insurance services, we may share personal information with:

5.1 Insurance Providers

Licensed insurance companies and underwriters for:

• Quotation generation
• Risk assessment
• Policy issuance
• Claims administration

5.2 Service Providers

Authorized third-party service providers including:

• Payment service providers
• Identity verification providers
• Document management systems
• Cloud hosting providers
• SMS and email communication providers
• Customer support providers

5.3 Regulatory and Government Authorities

Where required by law, we may disclose information to:

• The Insurance Regulatory Authority (IRA)
• The Office of the Data Protection Commissioner (ODPC)
• Law enforcement agencies
• Courts and tribunals
• Other government agencies

5.4 Corporate Transactions

In the event of a merger, acquisition, restructuring, or transfer of business assets, personal information may be transferred as part of the transaction subject to appropriate safeguards.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Data Retention

We retain personal data only for as long as necessary to:

• Provide insurance services
• Fulfill contractual obligations
• Maintain policy and claims records
• Meet legal and regulatory requirements
• Resolve disputes
• Enforce contractual agreements
• Support audit and compliance obligations

Upon expiry of applicable retention periods, personal information will be securely deleted, anonymized, or destroyed.

Data Security

We implement appropriate technical and organizational security measures to protect personal information, including:

• Data encryption during transmission and storage
• Secure cloud infrastructure
• Multi-factor authentication controls
• Role-based access management
• Network monitoring and intrusion detection
• Secure backups and disaster recovery processes
• Staff confidentiality obligations
• Regular security reviews and audits

While we take reasonable steps to protect information, no system can guarantee absolute security.

User Rights

Subject to applicable law, users have the right to:

• Access personal data held about them
• Request correction of inaccurate or incomplete information
• Request deletion of personal data where legally permissible
• Withdraw consent at any time
• Restrict or object to certain processing activities
• Request portability of personal information where applicable
• Receive information about how personal data is processed
• Lodge complaints with the Office of the Data Protection Commissioner (ODPC)

Requests relating to personal data may be submitted through the contact details provided below.

Cookies and Tracking Technologies

The Platform may use cookies, analytics tools, and similar technologies to:

• Authenticate users
• Maintain user sessions
• Improve Platform performance
• Analyze traffic and usage patterns
• Enhance security
• Personalize user experience

Users may manage cookie preferences through browser settings, although some Platform functionality may be affected.

Cross-Border Data Transfers

Where personal information is transferred outside Kenya, KraalTech shall ensure that:

• Appropriate safeguards are implemented
• The receiving party provides adequate levels of protection
• Transfers comply with the Data Protection Act, 2019 and related regulations

Children's Privacy

The Platform is intended for use by persons aged eighteen (18) years and above.

We do not knowingly collect personal information from minors unless permitted by law and supported by appropriate parental or guardian consent.

Third-Party Links and Services

The Platform may contain links to third-party websites, insurer portals, payment gateways, and external services.

KraalTech is not responsible for the privacy practices, content, or security of third-party websites and services.

Users are encouraged to review the privacy policies of such third parties before providing personal information.

Automated Decision-Making

Certain insurance quotations, underwriting assessments, fraud detection checks, and eligibility determinations may be partially automated.

Where automated processing materially affects users, reasonable measures will be taken to ensure fairness, transparency, and compliance with applicable laws.

Changes to This Privacy Policy

KraalTech reserves the right to update or modify this Privacy Policy from time to time.

Any changes will be published on the Platform and shall become effective upon publication unless otherwise stated.

Users are encouraged to review this Privacy Policy periodically.

Regulatory Compliance

This Privacy Policy is intended to comply with:

• The Constitution of Kenya, 2010
• The Data Protection Act, 2019
• The Data Protection (General) Regulations, 2021
• The Insurance Act (Cap. 487)
• Insurance Regulatory Authority (IRA) Guidelines
• Consumer Protection laws applicable in Kenya
• Any other applicable laws and regulations governing data protection and insurance services

Contact Information

For questions, requests, or concerns regarding this Privacy Policy or the processing of personal information, please contact:

Data Protection Officer

KraalTech Limited

Email: Info@kraaltech.com