• what personal information we collect
• how we use and handle personal information, and
• who we share personal information with. We also give you information about your legal rights
and how to contact us.
Collection of personal information
General identification and contact information
We collect general identification and contact information about you and other relevant individuals when you register with us for any of our products and services. This may include your or their: name, email address, telephone number, gender, marital status, date of birth, educational background, confirmation of your medical condition, and national identity number. For other relevant individuals, we may collect information about their relationship to you. We will also collect further personal information depending on which product and/or services you use and how you are paying us for them.
Insurance products and services
When you register for insurance products and services, we collect financial information about you in connection with your payment of premiums. This will include whether you are paying premiums using airtime you have bought from your Mobile Phone Company or details of your electronic wallet account if you pay us electronically. Alternatively, if we send you invoices, we will collect information about the bank account or other method you used to make the payment. We will also collect information about you and other relevant individuals if you or a beneficiary make a claim under your policy. This will include information we ask for in support of the claim, for example, a death certificate if the claim is under a life insurance policy or a hospital report if the claim is under a critical illness policy. If we accept the claim, we will also obtain relevant bank account details so that we can make the appropriate payment under the policy.
Mobile health products and services
When you use a mobile health product, we will collect and record sensitive personal information about you. This will include the information you give our doctors in the course of medical consultations, for example about your medical history and health status or about your religious beliefs because this is relevant to the medical treatment you want. It will also include information that results from your consultations, such as any prescriptions that our doctors issue or the results of medical tests that they organize. If you also buy mobile health services for someone else, such as a member of your family, we will also collect and record sensitive personal information in the same way about them when they use the service.
Use and handling of personal information
BIMA is committed to using and handling personal information in accordance with applicable data protection laws.
We use personal information, including sensitive personal information that we receive where you have consented to such and or where this is necessary in order to meet your needs and the needs of other relevant individuals, to perform our contractual obligations and to provide a quality service. In particular, we collect and use personal information for the purposes of:
• Responding to requests about BIMA products and services and assessing your eligibility for them
• Registering you and other relevant individuals for products and services you buy
• Assessing your eligibility for payment plans and processing your premium and other payments
• Making decisions in relation to any products and services you buy, including assessing, processing and settling claims
• Sending you important information about changes to any products and services you buy and other
• Communicating with you and others in the conduct of our business operations
• Administering any competitions, prize draws or similar promotions that you participate in
• Resolving complaints and acting on requests for copies of personal information or its correction
• Complying with our obligations under applicable laws and regulations, including obligations relating to the prevention of money-laundering and terrorism, or responding to requests from governmental or regulatory authorities
• Establishing and defending our legal rights and the legal rights of third parties such as insurers
• Managing our infrastructure and business operations in line with our internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management
• Obtaining professional advice, and
• Protecting your vital interests, for example in the case of an emergency
Where we may use automated decision making procedures and profiling activities we will provide specific information regarding the purpose and extent of any such processing, including, where applicable, the automated processing of your personal information for profiling, or processing for direct marketing, and data sharing.
We use personal information about potential customers that we receive from our business partners to ask them if they are interested in our products and services. In order to improve the products and services BIMA others, we also use personal information to carry out market research and analysis, including profiling activities where we will provide you with information about such.
Unless you have told us that you do not wish to receive marketing communications from us, we may also use your personal information in order to provide direct marketing information to you about other products and services (including products and services ordered by our business partners) if we think these products and services are suitable for you.
We record our telephone conversations with our customers and potential customers. We do this so that we have evidence of their requirements and for quality assurance purposes.
BIMA takes its information security responsibilities very seriously. We take appropriate technical, physical and organizational security measures to prevent the loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction of personal information. This includes limiting access to personal information within our systems to relevant staff, encrypting sensitive personal information when it is transferred and putting appropriate legal agreements in place internally and or with external service providers to ensure personal information continues to receive an adequate level of protection. However, transmission of data over the internet and data storage systems are never completely secure. If you think that someone might have accessed your personal information improperly, you should tell us immediately. We tell you below how you can contact us to do this.
We take all reasonable steps to ensure that we delete or destroy personal information when it is no longer needed for the purposes for which it was collected.
Sharing personal information
The global nature of our business means we may need to share personal information with group companies, business partners and other third parties, some of whom are located outside Ghana. This means that your personal information will be held on data servers and processed in countries outside Ghana.
The BIMA group
We share personal information between companies in the BIMA group. This includes for the purposes of our business development, market research and analysis activities, which we carry out in the United Kingdom and elsewhere on the basis of our legitimate interests. Other companies within the BIMA group and operating outside Ghana are responsible for processing personal information in the course of operating and maintaining the group’s IT systems.
We share information with our service providers as needed for providing our products and services and operating our business. Our service providers include:
• insurers; reinsurers; third party claims administrators, insurance and reinsurance brokers and
other intermediaries and agents, and appointed representatives
• business partners such as telecommunications companies and other distributors of our products and services
• financial institutions such as banks and e-commerce entities
• securities firms and other financial services providers
• medical professionals and providers of medical services
• external advisers such as accountants, actuaries, auditors, lawyers and other experts
• other service providers such as IT systems, support and hosting service providers, market research and analysis service providers, call center operators and translators.
In certain cases, our service providers may store and use personal information to improve their IT security (including spam and abuse prevention) functions across their services. Please note that your medical records constitute sensitive personal information and shall only be shared with medical practitioners with your explicit consent unless we are permitted to use it under applicable law. For further information, see section entitled “Your legal rights – Sensitive personal information” below.
From time to time we may be required to share personal information with governmental, regulatory or other public authorities, such as tax authorities, financial services regulators, criminal investigations agencies and law enforcement agencies. These authorities include authorities that may be based outside Ghana and operate under laws other than the laws of Ghana.
Third parties involved in court action
We may share information with courts and with third parties and their representatives and advisers in the course of legal proceedings where we believe this is necessary or appropriate.
Other third parties
If you use or make a claim under one of our products or services which someone else has bought for your benefit, we may share your personal information with them if you have authorized us to do this in writing or we are otherwise entitled to do this, for example, because you are under 18 and that person is your parent or guardian or has parental responsibility for you. We may also share information with fire, police or medical emergency services and with any purchaser or other party involved in business transactions, such as the sale, merger, joint venture or outsourcing of all or part of our business or assets.
Your legal rights
You have legal rights under information protection laws in relation to your personal information.
Correction and complaints
You can ask us for a copy of your personal information. We will not be obliged to give you this information in certain circumstances, for example if we are not reasonably satisfied as to your identity or if the burden or expense of providing you with the information is disproportionate to the risks to your privacy in relation to the relevant personal information. You can also ask us to correct your personal information it if it is inaccurate, incomplete, misleading or not up-to-date or contact us with any inquiries or complaints about your personal information.
Sensitive personal information
If personal information is sensitive personal information, we will only collect and use it with your explicit consent unless we are permitted to use it under applicable law, for example because we need it:
• in order to protect your vital interests
• for the purpose of, or in connection with, any legal proceedings
• for the purpose of obtaining legal advice, or
• for the purposes of establishing, exercising or defending legal rights.
You may withdraw your consent to our collection and use of sensitive personal information at any time but if you do, we will no longer be able to provide you with services or perform our obligations under products you have already bought.
We will provide you with regular opportunities to let us know your marketing preferences. You may change your marketing preferences or tell us that you no longer want us to send you any marketing communications at any time. If you do this, please note that we may still need to contact you in relation to products or services that you have already bought.
You have a right at any time to object to our use of your personal information where it is used for the purposes of pursuing our legitimate interests. Your right to object is not an absolute right. We will still be allowed to use your personal information if we can demonstrate compelling legitimate grounds, which override your interests, rights and freedoms or it is for establishing, exercising or defending legal claims.