Privacy Policy

1. Introduction

Welcome to BimaLink ("we," "our," "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our insurance management platform available at https://bima.navontech.co.ke.

BimaLink is an insurance management platform designed for insurance agents, agencies, and their customers. By accessing or using our services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

For Insurance Agents/Agencies:

Full name, contact details, and professional information
Business registration details and license numbers
Payment and billing information
User credentials and authentication data

For Customers (Policyholders):

Personal identification information
Contact details (email, phone, address)
Policy information and insurance history
Claims data and related documentation
Payment information and transaction history
Health and medical information (where required for insurance purposes)
Financial information for underwriting and claims processing

2.2 Technical Information

IP addresses and device information
Browser type and version
Usage data and analytics
Cookies and tracking technologies
System logs and error reports

2.3 Sensitive Information

We may process sensitive personal data including:

Health and medical information
Financial data
Government-issued identification numbers
Claims history and risk assessment data

3. How We Use Your Information

3.1 Service Provision

To provide and maintain our insurance management platform
To process insurance policies, endorsements, and claims
To facilitate communication between agents and customers
To manage user accounts and authentication
To process payments and commissions

3.2 Legal and Regulatory Compliance

To comply with insurance industry regulations
To fulfill our legal obligations under insurance laws
To prevent fraud and money laundering
To maintain proper business records

3.3 Business Operations

To improve our services and user experience
To provide customer support and training
To send service-related notifications
To conduct research and analysis

3.4 Marketing and Communications

To send promotional materials (with your consent)
To inform you about platform updates and features
To conduct customer satisfaction surveys

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contractual necessity: To fulfill our obligations under our terms of service
Legal compliance: To meet our regulatory requirements in the insurance industry
Legitimate interests: To operate and improve our business
Consent: Where required by law, we obtain explicit consent for specific processing activities

5. Data Sharing and Disclosure

5.1 Service Providers

We may share information with third-party service providers who assist us in:

Payment processing (, Paystack, M-PESA)
Cloud hosting and infrastructure
Customer support services
Analytics and monitoring
Email and communication services

5.2 Insurance Industry Partners

Insurance companies and underwriters
Reinsurance companies
Claims adjusters and investigators
Regulatory authorities

5.3 Legal Requirements

We may disclose information when required by:

Court orders or legal processes
Insurance regulatory authorities
Law enforcement agencies
Government authorities

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

6. International Data Transfers

Your information may be transferred to and processed in countries outside of Kenya. We ensure appropriate safeguards are in place, including:

Standard contractual clauses
Adequacy decisions
Binding corporate rules

7. Data Security

We implement comprehensive security measures to protect your information:

7.1 Technical Safeguards

Encryption of data in transit and at rest
Secure socket layer (SSL) technology
Regular security assessments and penetration testing
Multi-factor authentication
Access controls and role-based permissions

7.2 Organizational Safeguards

Employee training on data protection
Confidentiality agreements
Regular security audits
Incident response procedures

7.3 Insurance Industry Standards

Compliance with insurance data security requirements
Regular vulnerability assessments
Secure development practices

8. Data Retention

We retain personal information only as long as necessary for:

8.1 Retention Periods

Customer data: 7 years after policy termination (as required by insurance regulations)
Financial records: 7 years (as required by tax laws)
Claims data: 10 years (as required by insurance regulations)
User account data: Until account deletion request
Marketing data: Until consent withdrawal

8.2 Deletion Procedures

Secure deletion of data after retention periods
Anonymization of data for statistical purposes
Regular data purging schedules

9. Your Rights

You have the following rights regarding your personal information:

9.1 Access and Control

Right to access: Request copies of your personal data
Right to rectification: Correct inaccurate or incomplete information
Right to erasure: Request deletion of your personal data
Right to restriction: Limit how we use your information
Right to data portability: Receive your data in a machine-readable format

9.2 Consent Management

Right to withdraw consent: Withdraw previously given consent
Right to object: Object to certain processing activities
Right to opt-out: Opt-out of marketing communications

9.3 Insurance-Specific Rights

Right to explanation: Understand automated insurance decisions
Right to human intervention: Request human review of automated decisions

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Authenticate users and maintain sessions
Remember user preferences and settings
Analyze platform usage and performance
Deliver personalized content

You can control cookie preferences through your browser settings.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children without parental consent.

12. Insurance Industry Specific Provisions

12.1 Regulatory Compliance

Compliance with Insurance Regulatory Authority requirements
Adherence to Data Protection Act, 2019
Following industry best practices and guidelines

12.2 Professional Secrecy

Maintaining confidentiality of insurance-related information as required by professional standards.

12.3 Claims and Underwriting

Secure handling of sensitive claims information
Confidential processing of risk assessment data
Protection of medical and financial information

13. Data Breach Notification

In the event of a data breach, we will:

Notify affected users within 72 hours
Report to relevant authorities as required by law
Take immediate steps to mitigate the breach
Provide guidance on protective measures

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through:

Platform notifications
Email communications
Updated revision date

15. Contact Information

For privacy-related inquiries, please contact:

Data Protection Officer
BimaLink Insurance Platform
Email: privacy@bimalink.co.ke
Phone: [Your Contact Number]
Address: [Your Physical Address]

Insurance Regulatory Authority Contact:
Insurance Regulatory Authority of Kenya
Email: info@ira.go.ke
Phone: +254 20 499 7000

16. Complaints

If you have concerns about our data practices, you may:

Contact our Data Protection Officer
File a complaint with the Office of the Data Protection Commissioner
Contact the Insurance Regulatory Authority

17. Governing Law

This Privacy Policy is governed by the laws of Kenya, including:

Data Protection Act, 2019
Insurance Act, Cap 487
Regulations issued by the Insurance Regulatory Authority