African Reinsurance Corporation (henceforth known as “Africa Re”, “the Corporation”, “we”, “us” or “our”) is committed to protecting the information that you share and explaining how that information is processed. Protecting your privacy is very important to the Corporation. We would like you to understand what information we collect and how we use it. This policy outlines Africa Re’s personal information collection and sharing practices in relation to the personal information of policyholders, beneficiaries or claimants, and their agents or relatives that we collect and use for the administration of reinsurance contracts. This policy sets out the Corporation’s collection and sharing practices in relation to the personal data of all individuals who apply for jobs and training programs with the Corporation, or for grants managed by the Africa Re Foundation and its related Corporate Social Responsibility (CSR) stakeholders. The policy also describes how we process the personal information of individuals representing our business partners and vendors, any personal information collected through the use of our website as well as the personal data (i.e. live images) collected via the CCTV cameras at our office premises. Furthermore, this policy describes your rights in connection with the applicable personal information.
This policy does not apply to any websites maintained or operated by other companies or linked to our websites.
We obtain information about individuals through the mediums defined below. In addition to the purposes set out below, we may use all or a combination of this information to defend our legal rights and comply with the law and regulatory requirements.
a. Category of Data Subjects: Job Applicants
Personal Data Processed: Name, address, telephone number, email, resident country, marital status, gender, date of birth, nationality, passport photograph, CV/ resume, details of dependents, academic qualifications and certifications, employment history.
b. Category of Data Subject: External Trainees
Personal Data Processed: Name, marital status, gender, date of birth, number, email, current employer, nationality, address, academic qualifications, institution attended, professional certificates and experiences, employment history, passport photograph, CV and reference letter.
c. Category of Data Subject: Business Partners
Personal Data Processed: Name, nationality, identity documents etc., of significant parties, Name of contact personnel, telephone number, email address.
d. Category of Data Subject: Insured
Personal Data Processed: Name, date of birth, contact details, and medical status and history of policy holders and associated third parties; claims-related data i.e., insurance application or contract, cause of policyholder’s death (where applicable), policy number, premium, type and amount of insurance cover and risk or proposal form details such as location, identity of assets insured, income and security information.
e. Category of Data Subject: Vendors
Personal Data Processed: Name of contact personnel, telephone number, email address.
f. Category of Data Subject: CSR Funds Applicants
Personal Data Processed: Name, email, telephone number.
g. Category of Data Subject: Website Visitors
Personal Data Processed: Name, number, company, email, location, Unique ID, IP address.
h: Category of Data Subject: CCTV
Personal Data Processed: Physical appearance of individuals captured on video footage
Africa Re obtains your personal information through the mediums defined below. In addition to the purposes set out below, we may use all or a combination of this personal information to defend our legal rights and comply with the law and regulatory requirements.
The reasons why Africa Re processes personal data:
To conduct recruitment exercises in order to identify qualified candidates to fill job openings (i.e., sourcing CVs, shortlisting, communicating with applicants during the recruitment process and making decisions on their suitability for roles applied for).
To identify qualified candidates for each training cohort and to ensure gender parity between participants.
To carry out the Know-Your-Customer (KYC) checks prior to onboarding/engaging new business partners, to establish business relationships, and facilitate correspondence for the provision of services.
To enable underwriters to conduct risk assessments and pricing on original assureds for lines of business such as medical and life where personal information facilitates this process, and to set the appropriate terms and conditions for the contract.
To process and verify claims, cede risks to other reinsurers etc., in fulfilment of the contractual relationship with cedants and also fraud prevention and detection.
To establish correspondence and facilitate the provision of the goods and services for which the vendors are contracted.
To identify, assess and communicate with prospective or successful applicants for grants and other stakeholders of the Africa Re Foundation or Africa Re on relevant CSR initiatives or projects being funded.
To address requests contained within the forms and to generate statistics on website usage.
To monitor activities within our premises to ensure the safety of personnel and equipment. This monitoring is conducted in the public interest toward ensuring a secure environment.
When we disclose personal information for a business purpose to our headquarters, regional or subsidiary offices, or other external third parties, the same standards of security and confidentiality described in this privacy policy will be upheld.
These third parties act as data processors, acting solely on our instructions and on our behalf, and we establish contracts with them to ensure personal data is adequately protected. These contracts prohibit them from retaining, using, or disclosing any personal data for any purpose other than performing services under our direct instructions and in line with the purposes set out in this policy.
The following describes the various scenarios for which we may share personal data with a third party:
a. Sharing for Legal/Regulatory Purposes
We may share personal data with third parties such as appropriate security agencies and competent legal/regulatory authorities where disclosure is reasonably necessary to:
comply with applicable legislation and regulation;
comply with legal process or a regulatory investigation (e.g. a subpoena or court order);
investigate potential violations;
detect, prevent or otherwise address fraud or security issues;
protect against harm to the rights, property, or safety of the Corporation, its customers, or the public, as required or permitted by law.
b. Sharing with Reinsurance Intermediaries and other Reinsurers
We may also share personal information with other reinsurance companies and/or through reinsurance intermediaries to enable us to meet our obligations under our reinsurance relationships. Africa Re may pass on a portion of the risks reinsured with us to other reinsurers for the purpose of risk mitigation.
c. Sharing within Africa Reinsurance Corporation
We may share personal data with personnel within our headquarters, regional or subsidiary offices:
to provide the services individuals have requested or authorised;
to manage risk;
facilitate the necessary role of supervisory and group reporting functions;
to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements;
for recruitment administration and management.
d. Sharing with Service Providers
The Corporation may share any personal data we collect with our service providers, which may include providers involved in cloud services, recruitment services, due diligence, background checks and secretarial services. We may also share personal data with service providers who otherwise assist us to manage the applications we process. We may also share personal data with external service providers who act as legal representatives or perform Information Technology security and data privacy external audits.
During business operations, personal data collected may be hosted, stored or otherwise processed in and transferred between any of the countries in which Africa Re operates to enable us to use the personal data as defined in this privacy policy.
Additionally, we transfer personal data to countries outside Africa Re’s base countries of operation; as we manage servers in various locations, and our processors operate worldwide.
To ensure that these transfers are in line with permissible conditions outlined by applicable data protection laws, we have taken appropriate and suitable safeguards to ensure that personal data will remain protected when cross-border transfers occur. These safeguards include transferring personal data to countries with adequate data protection regulations and ensuring standard contractual clauses are in place to mandate that personal data is secured using best practices.
A “cookie” is a string of information which assigns a unique identifier that is stored on an individual’s computer. The browser then provides that unique identifier to use each time a query is submitted to the site. We use cookies on the site to, among other things, keep track of services which have been used, record user preferences, and track the pages visited. Where the use of cookies is not strictly necessary for the basic function, we rely on your explicit consent for processing in line with the purposes of their operation.
The following cookies are used when visiting the website:
a. Cookie: _ga
Domain: .africa-re.com
Type: Analytics
Description: The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
Duration: 2 years
b. Cookie: _gid
Domain: .africa-re.com
Type: Analytics
Description: Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Duration: 1 day
c. Cookie: JSESSIONID
Domain: .nr-data.net
Type: Necessary
Description: The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
Duration: Session
d. Cookie: _AfricaReHomepage_session
Domain: .africa-re.com
Type: Other
Description: No Description.
Duration: Session
e. Cookie: _gat
Domain: .africa-re.com
Type: Performance
Description:This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
Duration: 1 minute
It is possible to limit the use of cookies or prevent them from being set entirely. Most Internet browser software allows the blocking of all cookies or enables users receive a warning before a cookie is stored, either through built-in functionality or by using third-party plugins. Please be advised that disabling cookies may result in some features or services performing sub-optimally.
For further information, please refer to internet browser software instructions.
We will retain and use personal data for as long as is necessary, in any case until the purpose of data collection is achieved and subject to any requirements to retain information in order to comply with any applicable law, regulation, professional requirements or standards. This is contained within our Personal Data Retention Policy information, which will be made available on request for specific details.
We have implemented appropriate technical and organisational security measures (such as Secure Sockets Layer (SSL) on our website and access controls on our information systems) to protect the personal data in our care, both during transmission and once we receive it. This includes measures to protect personal data from accidental or unauthorised destruction, loss, or alteration, and from unauthorised disclosure or access.
Africa Re takes reasonable and practicable security measures to ensure data privacy. In the event of a data breach, we shall report such breach to the relevant authorities, where applicable, within 72 hours of becoming aware of the breach and if necessary, notify the affected individuals of the data breach (where the personal data breach will likely result in high risks to the freedoms and rights of the individual). We will take steps to investigate and recover personal data and will ensure security controls are improved to prevent a re-occurrence of the data breach.
A personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that area result of both accidental and deliberate causes.
Depending on location and applicable data protection regulation, an individual may be able to exercise some or all of the following rights regarding their personal data. An individual may be able to:
request further details about how we process personal data;
request for a copy of any personal data which we hold;
withdraw consent to process personal data, where we rely on consent as a legal basis to justify personal data processing;
object to the processing of personal data (including the right to object to processing on grounds relating to the context where we are relying on our legitimate interests as a legal basis for processing, and to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you)
request to update or delete personal data which we hold;
request to transfer personal data to a third-party provider of services (data portability).
Please note that, in some cases, we may ask individuals to provide us with the information necessary to confirm their identity, where such information is essential to the service we provide. We will aim to acknowledge enquiries within 72 hours and respond within one month unless otherwise required by law. Complying with your request may be subject to a fee to meet our associated costs.
We will consider all individual requests; however, we may not fulfil requests under circumstances where exemptions exist, which include a need to keep processing information for our legitimate interests or to comply with a legal obligation. If such an exception applies, we will notify individuals when responding to their request.
Africa Re may periodically change its privacy policy to reflect updates to personal data processing activities conducted in the course of handling these applications. Changes will become effective as of the published effective date. Hence, our privacy policies will be dated to reflect the most recent update.
Africa Re respects and is sensitive to the rights as granted in the data protection laws in the different jurisdictions it operates in. Should an individual have questions about this privacy policy or our information collection, use and disclosure practices in relation to Africa Re, they may contact the Data Protection Office as per the details given below. We will use reasonable efforts to respond promptly to requests, questions, or concerns regarding the use of personal data and sensitive personal data.
dataprotection@africa-re.com
African Reinsurance Corporation
Africa Re Building
Plot 1679 Karimu Kotun Street,
Victoria Island
PMB 12765
Lagos – Nigeria
Africa Re Help Desk at +234 (1) 4616820
Information you may need to know about the processing of personal information by ARCSA as well as your rights related to the protection of your personal information.
How is your personal information collected?
Personal information is collected directly from the Primary Insurers and/or Brokers. If you are a service provider, your information might be collected via Google or other similar websites and publicly accessible sources.
Why are we collecting your personal information?
ARCSA is a reinsurance company; in other words, we provide insurance for insurance companies. Insurance companies transfer or “cede” a portion of their financial risk accepted in insuring cars, homes, and businesses, to ARCSA as a reinsurance company.
Reinsurance is a highly complex process and ARCSA is involved in various stages of the life cycle of a policy and may collect and request additional information regarding a policy and/or claim submitted to us.
All the information collected will be processed in line with the Protection of Personal Information Act and depending on the contract between the insured and his/her insurer and/or broker, may include but will not be limited to, the following:
Data collected will only be used for the purpose they were collected for. This may include but will not be limited to the following:
In many cases, information received from direct Insurers and/or Brokers is rendered anonymous. ARCSA will not be able to identify an individual from the data received as it has been stripped of all identifiers. In these cases, all personal information is held by the specific Insurer and/or Broker and we therefore will be unable to access or provide any details and/or information.
Categories of recipients of personal information
Data processing and sharing within the Africa Re group of companies
Personal information received from primary insurers and/or brokers, may also be processed by the Africa-Re group employees located outside of the Republic of South Africa for:
Additional reinsurers
To enable us to meet our obligations under our reinsurance relationships, ARCSA may pass on a portion of the risks reinsured with us to other reinsurers for the purpose of risk mitigation.
External Service Providers
In some cases, we use external service providers in the following categories in order to meet some of our contractual and statutory obligations:
Client Rights
ARCSA must notify the relevant authorities, regulating bodies, direct Insurers and/or Brokers when personal information has been accessed or taken by an unauthorised person.
Clients may request to access, update, rectify, or remove the personal information submitted to us by contacting us or their direct Insurer and/or Broker.
In certain cases, clients may also:
Data Storage
All information will be stored and safeguarded within the framework as set out in the Act. Personal data will only be saved for as long as it is required whereafter it will be deleted and/or destroyed permanently.
Who are we?
African Reinsurance Corporation South Africa (ARCSA) is a subsidiary of African Reinsurance Corporation Group (Africa Re), an International Financial Institution with Headquarters in Lagos (Nigeria). Africa Re has six Regional Offices in Casablanca (Morocco), Nairobi (Kenya), Abidjan (Côte d’Ivoire), Ebene (Mauritius), Lagos (Nigeria) and Cairo (Egypt).
Contact Details
Africa Re Place
10 Sherborne Road, Parktown
Johannesburg, 2193
Complaints and General email: arcsa@africa-re.com
Any questions? Please contact our Information Officer at the above address.
Information Regulator
JD House
27 Stiemens Street, Braamfontein
Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za