+
Medical portal +256 414 673181 Help centre
Kenya Tanzania Uganda GA Life GA Life GA Group
+

Data Protection Policy

Protecting your information is important to us

Privacy Policy

Welcome to GA Insurance Ltd.

Thank you for visiting our site. To keep you informed about our products and any other special Insurance products, we have stored your contact details in our database.

In order to meet privacy laws, such as Data Protection and Privacy Act, 2019 and also the General Data Protection Regulation (GDPR) where applicable, we are providing you with a copy of our data protection policy statement on the link below.

With your consent, you will enable us to serve you better as we collect your data and process the same under the data protection law. By clicking on the link below, you acknowledge receipt of our information on data protection in accordance with the Data Protection Act 2019, Kenya and the privacy statement that may apply to you locally.

We attach great importance to the confidentiality and integrity of your data. By applying for insurance coverage or any other services, you are deemed to have given consent to the handling and processing of your personal data.

1. Introduction

This Policy applies to all personal data of past, present and prospective employees, including candidates applying for, temporary and permanent roles, contractors, consultants and trainees, data that is collected, maintained, or used by directors, officers, managers, and employees of GA Insurance as part of an actual or prospective employment relationship. Personal data collected, maintained, or used outside of the employment relationship, such as personal data arising from the use of consumer products or commercial offerings, is not covered by this Policy. Nothing in this Policy is intended to form a contract of employment or otherwise. At our discretion and as necessary, we may amend this Policy from time to time. We will notify you when updates are made.

2. Our Approach

We value our employees and appreciate the importance of treating personal data as confidential, we therefore hold the employees’ data with highest fidelity and in accordance with the law. In this Policy we outline our standards for Human Resources personal data privacy practices so that you have an opportunity to understand our approach. We require any directors, officers, managers, and employees entrusted with your personal data as part of their job responsibility to treat it as confidential and in conformity with this Policy. We will also seek to ensure that any third-party service providers we use to administer our Human Resources programs, as described under the Employment Act of 2006 Laws of Uganda and Data Protection and Privacy Act 2019 Law as may be amended from time to time and in, are bound to maintain confidentiality when handling your personal data on our behalf, in a manner that is consistent with this Policy.

This Human Resources Data Privacy Policy (“this Policy”) describes a baseline set of common principles governing the handling of Human Resources personal data within the GA.

This approach ensures that GA has complied with data protection law and board approved human recourse manual in the context of Human Resources personal data protection and any other laws governing employment.

3. Personal Data Categories

We generally process the following personal data about you over the course of recruitment or employment:

  1. Your biographical information, including your name, gender, date of birth, details of family members, marital status, nationality.
  2. Your recruitment information such as your application form and CV, references, qualification and membership of professional bodies and any pre-employment assessments collected directly from you in the course of your application for employment.
  3. Your contact information, including your home and postal addresses, telephone number, email address and country of residence.
  4. Your identification numbers, including government-issued identification number or passport information.
  5. Your performance information, including management metrics, appraisals, feedback, Communications and internet information like your correspondence and details of internet use held on or made through GA systems subject to relevant restrictions under applicable law.
  6. Payroll information, including your salary details and bank account information.
  7. Your images whether captured on CCTV or by photograph or video.
  8. We may also use other sources, subject to restrictions under applicable law, to assist in obtaining relevant personal data about you. For example, third parties contracted to support recruitment process, credit checks, reference and background checks, investigations of possible employee wrongdoing, and help us to locate former employees and beneficiaries for purposes of administering certain benefits plans.
  9. Our Human Resources require personal data about you to function properly. In limited circumstances some programmes may involve certain sensitive health information (e.g., medical certificates submitted to us or other health-related benefits processes), financial data (e.g., payroll) or data about race or religion when mandated by local laws. Such sensitive personal data will be treated with the utmost care and in accordance with specific requirements set out in applicable data protection and other laws, including the European Union’s General Data Protection Regulation (“GDPR”).
  10. We will endeavor to collect only the minimum amount of personal data required to administer our function and to comply with applicable employment and other relevant laws.

4. Lawfulness and Legitimate Reasons of Processing your Personal Data

Generally, Human Resource process your personal data because it is necessary to do so to implement your employment agreement between you and the company, and where our legal duties as an employer require it. In other circumstances, we may process your personal data where it is necessary for us to defend, prosecute or make a claim in a court of law. We may also process personal data for “legitimate interests” under Data Protection and Privacy Act 2019. In practice, this means that we must put in place appropriate privacy safeguards to ensure that we are respecting your interests, as well as your fundamental rights enshrined in statutes. Where we take this latter approach, it is our policy to document and assess the progress made in the privacy measures that are in place for review purposes upon request by contacting our Data Protection Office via the email address data.privacy@gauganda.com.

We may seek your explicit consent for an activity from time to time, which you may decline if we ask, or revoke even after you have previously agreed, by contacting your Human Resources representative.

We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent, where you have made the data public, where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

5. How We Use This Data

Your personal data may be used for the following employment-related purposes:

  1. To contact and manage our relationship with you, oversee compliance with policies and applicable Laws, to assess your performance, for promotions and appraisals and training purposes.
  2. To store emails and documents generated by in systems that we administer and make available for employment related purposes, which may contain personal data.
  • To manage your benefits, including administering remuneration, relocation, insurance, payroll, pensions and other employee benefits and tax, including disclosure to other Group companies and to others such as payroll providers, accountants, occupational health providers, insurers, pensions administrators, hosting service providers and legal advisors.
  1. To manage recruitment of employees, including legal eligibility for work, vetting, hiring, promotion, and succession planning.
  2. To comply with policies, including in relation to claims, disciplinary actions or legal requirements and conducting investigations and incident response, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.
  3. For security purposes, for providing IT support and for employee authentication.
  • To manage occupational health and absence and fitness for work and notifying family members in emergencies
  • To comply with our legal obligations and to change our business structure we may disclose your personal data in connection with proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators, and third-party litigants. We may also provide relevant parts of your personal data to any potential acquirer of or investor in any part of GA’s business for the purpose of that acquisition or investment.
  1. To facilitate business travel, travel-related support including conference attendance, bookings, and emergency support services
  2. To conduct certain checks, such as anti-fraud checks where this is relevant to your position and in accordance with applicable law. We and other organizations engaged by us may access and use your personal data to conduct these credit checks and checks to prevent fraud and money laundering.
  3. To monitor equal employment opportunities, in respect of diversity categories including but not limited to age, gender, ethnicity, nationality, religion, disability, sexual orientation, and marital or family status. Such monitoring would only apply where it is either required or authorized by the specific country’s legislation and conducted in full compliance with data protection requirements governing the use of such categories of personal data.
  • To manage collective agreements for administering collective employee arrangements where these are in place.
  • For internal and external auditing, assurance, and risk management purposes.
  • For statistical analysis and research purposes in the context of employment, including predictive modelling and people planning.

6. Information Sharing & Transfer

Your personal data may be shared within our Group for the purposes and to the extent necessary to carry out the mission and vision of the group, and as permitted by law. Note that your personal data may be processed either locally in the jurisdiction where you work or reside, or in any other jurisdiction where we or our approved third-party service providers operate, worldwide, depending on the needs of the business over the course of your tenure with us, to the extent necessary and as permitted by law. Should your personal data move outside the Kenyan Jurisdiction or another jurisdiction that restricts the international transfer of personal data, we process your data in strict adherence of Data Protection and Privacy Act and in relation to receiving Jurisdiction data laws. Your personal data will only be shared outside our Group with third parties under the following circumstances:

  1. where a third-party service provider retained by us under contract to assist in administering our Human Resources activities, subject to appropriate confidentiality obligations and data processing agreements, compatible with this Policy.
  2. in the event that the company, business, or division in which you are employed is being considered for outsourcing or sale, and then only subject to contractual requirements to preserve confidentiality.
  3. with private or government authorities only when we have determined that we are required to do so under applicable laws.
  4. to investigate suspected fraud or illegality, to anticipate or defend legal claims; or to conclude a change of control of your company, business, or division; or
  5. where you have given us your prior permission to do so.

7. What are your data subject rights?

 

a. Subject access:

You have the right to access your personal data in many circumstances, within 1 month of your request.

b. Rectification:

 You can ask us to have inaccurate personal data amended.

c. Erasure:

You can ask us to erase personal data in certain circumstances, recognizing that GA must in any case respect its data retention legal obligations in the field of employment and employment contract.

d. Withdrawal of consent:

You can withdraw any consents to processing that you have given us and prevent further processing if there is no other legitimate ground upon which GA can process your personal data.

e. Restriction:

You can require certain personal data to be marked as restricted for processing in certain circumstances as defined in data protection and Privacy Act of 2019.

f. Portability:

You can ask us to provide you with a copy of your personal data in a such a form that you can send it to a third party.

g. Raise a complaint:

You can raise a complaint about our processing with the data protection regulator in your jurisdiction, or with our Data Protection Officer through this email data.privacy@gauganda.com.

8. Data security

Maintaining the security and integrity of your personal data is a high priority and we endeavor to maintain appropriate administrative, technical, personnel, and physical measures to safeguard personal data against loss, theft, and unauthorized uses or modifications. We expect you to contribute to the security culture of our Group by following appropriate security policies and procedures, completing assigned trainings, and reporting suspected incidents to relevant incident response contacts promptly.

9. Data retention

We keep records of your personal data not longer than necessary for the purpose for which we obtained them and for any other permitted compatible purposes, including compliance with legal obligations in employment contracts and relevant employment laws thereof. Group records management schedules document the applicable minimum retention periods required by local laws. We use these schedules to establish the retention time periods for various categories of records that contain your personal data. These can be consulted by contacting our Data Protection Officer’s email; data.privacy@gauganda.com. If you complete the recruitment process without receiving or accepting an offer of employment, CVs are held for a minimum of 4 weeks thereafter and, subject to your consent, for up to 1 year thereafter for future consideration if any.

10. Contacts

To exercise your data subject rights, or if you have questions about this Policy, please send an email to our Data Protection Officer at: hr@gauganda.com Or data.privacy@gauganda.com. If there are any updates or changes in your personal data, please notify us by contacting your Human Resources representative so that we can maintain its accuracy. GA is also considered a data controller and shall provide appropriate notice and contact information directly to you through our Human Resources office.

11. Review

This Policy shall be reviewed every three years as deemed appropriate. Such reviews shall be formally noted by the Board Audit & Risk Management Committee. The Board authorizes the Board Audit & Risk Management Committee to make any non-material updates to this policy, to keep them consistent with changes in organization, law and industry practices. Any significant changes shall be presented for Board approval.

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this to be the case, contact us and ask us to update or amend it.

Follow us