COMMITMENT TO TRANSPARENCY

Data Privacy Policy

A commitment to transparency based on a strict respect for professional ethics, formalized in AXA’s code of professional ethics.

AXA Mansard Insurance Plc (hereafter referred to as “AXA Mansard”) is part of the AXA Group, and takes its customers’ privacy very seriously. This Data Privacy Policy stipulates the basis for the collection, use and disclosure of personal data by AXA Mansard and its subsidiaries in line with applicable data protection laws. Personal Data comprises all the details we hold or collect on our employees, customers, stakeholders vendors and other interested parties, directly or indirectly and includes any offline or online data that makes a person identifiable such as names, addresses, phone number, passport ID, usernames, passwords, digital footprints, photographs, financial data, assets and liabilities, insurance, savings and investments, health and high risk information about products and services purchased from us (hereinafter collectively referred to as “Personal Data”). These data may be received from third parties or collected using our website(s), mobile app, USSD code and other digital channels.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. For the purposes of this Privacy Policy, references to “we” or “us” shall refer to AXA Mansard and its entities/subsidiaries.

From time to time we may need to make changes to this privacy policy, for example, as a result of government regulations, new technologies, or other developments in data protection laws or privacy generally. You should check the AXA Mansard website periodically to view the most up to date privacy policy.

 

Our Privacy Principles

  • Personal Data you provide is processed fairly, lawfully and in a transparent manner;
  • Personal Data you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose which AXA Mansard collected it;
  • Your Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • Your Personal Data is kept accurate and, where necessary kept up to date;
  • Your Personal Data is kept no longer than is necessary for the purposes for which the Personal Data is processed;
  • We will take appropriate steps to keep your Personal Data secure;
  • Your Personal Data is processed in accordance with your rights;
  • We will only transfer your Personal Data to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your Personal Data is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards;
  • AXA Mansard and its subsidiaries will not sell your Personal Data and we also will not permit the selling of customer data by any companies who provide a service to us

 

How do we collect your Personal Data?

We collect Personal Data directly from you:

  • via enquiry, registration, claim forms, feedback forms and forums
  • when you purchase any of our products or services;
  • when you fill out a survey, or vote in a poll on our website;
  • through quotes and application forms;
  • via cookies. You can find out more about this in our cookies policy;
  • via our telephone calls with you, which may be recorded;
  • when you provide your details to us either online or offline;
  • via live chat, chatbot and profilers
  • through web analytics tags

We also collect your Personal Data from several different sources including:

  • directly from an individual or employer who has a policy with us under which you are insured, for example you are a named driver on your partner’s motor insurance policy;
  • directly from an employer which funds a Health Insurance policy that we administer where you are a beneficiary;
  • from social media, when fraud is suspected; and
  • Other third parties including:
    • your family members where you may be incapacitated or unable to provide information relevant to your policy;
    • contractors, consultants, business partners who sell our products and services via their platforms and channels
    • medical professionals and hospitals; aggregators (such as price comparison websites); third parties who assist us in checking that claims are eligible for payment; third parties such as companies who provide consumer classification for marketing purposes e.g. market segmentation data; and
    • third parties who provide information which may be used by AXA Mansard to inform its risk selection, pricing and underwriting decisions

 

What Personal Data do we collect?

The information that we collect will depend on our relationship with you. Where other people are named on your policy, we may ask you to provide the information below in relation to those people too, if this is relevant to your insurance.

Where AXA Mansard is the data controller of your Personal Data, we may collect the following about you:

  • Personal Data contact details such as name, email address, home/office address and telephone number
    • details of any other persons included on the policy where they are named on your policy and the relationship to you as policyholder;
    • identification information such as your date of birth, national identity number, Bank verification number including other identification number from your passport, driving licence and other valid means of identification;
    • financial information such as bank details
    • information relevant to your insurance policy such as details about your vehicle, property, previous policies or claims, recent damage, information about your travel plans, destination, planned activities and dates of travel
    • information relevant to your claim or your involvement in the matter giving rise to a claim
    • information about the nature of your business and commercial assets
    • information obtained through our use of cookies. You can find out more about this in our cookies policy
    • your marketing preferences
  • Sensitive Personal Data
    • details of your current or former physical or mental health
    • details concerning sexual life or sexual orientation, for example marital status

 

Privacy of Children

We respect the privacy of children. We do not knowingly collect names, email addresses or any other Personal Data from children except where this is required to register them as beneficiaries in relation to a policy or other products. We do not knowingly market to children nor do we allow children under 18 to purchase any of our products or services.

 

How do we use your Personal Data?

Under applicable data protection laws we need a reason to use and process your Personal Data and this is called a legal ground. We have set out below the main reasons why we process your Personal Data and the applicable circumstances when we will do so:

  • Processing is necessary in order for us to provide your insurance policy and services, such as assessing your application and setting you up as a policyholder or investments account holder, beneficiary, administering and managing your insurance policy or benefits, providing all related services, providing a quote, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we will be unable to offer you a policy or process your claim.
  • We may use Cloud storage solutions within or outside Nigeria which are chosen to ensure efficiency and improved performance through up to date technology.
  • Where we have a legal or regulatory obligation to use such Personal Data , for example, when our regulators such as the National Insurance Commission (NAICOM), the Securities and Exchange Commission (SEC), the National Health Insurance Scheme (NHIS), and our data protection regulator, the National Information Technology Development Agency (NITDA) wish us to maintain certain records of any dealings with you.
  • To comply with: local or foreign laws, regulations, voluntary codes, directives, judgments or court orders, agreements between any member of AXA Mansard, AXA Group and any authority, regulator, or enforcement agency; policies (including the AXA Group’s policies), good practice, government sanctions or embargoes, reporting requirements under financial transactions legislation and demands or requests of any authority, regulator, tribunal, enforcement agencies including but not limited to the Nigerian Financial Intelligene Unit (“NFIU”) and the Economic and Financial Crimes Commission (“EFCC”), or exchange bodies;
  • Where we need to use your Personal Data to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves;
  • Where we need to use your Personal Data for reasons of substantial public interest, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks, identification checks;
  • Where we need to communicate with you to resolve complaints or other issues;
  • Where we have a specific legal exemption to process sensitive Personal Data for insurance purposes. This exemption applies where we need to process your Personal Data as an essential part of the insurance cover, for example health data.
  • Where you have provided your consent to our use of your Personal Data. We will usually only ask for your consent in relation to processing your sensitive Personal Data (such as health data) or when providing marketing information to you (including information about other products and services). This will be made clear when you provide your Personal Data . If we ask for your consent, we will explain why it is necessary. Without your consent in some circumstances, we may not be able to provide you with cover under the policy or handle claims or you may not be able to benefit from some of our services. Where you provide sensitive Personal Data about a third party, we may ask you to confirm and provide proof that the third party has provided his or her consent for you to act on their behalf;
  • Where we have appropriate legitimate business need to use your Personal Data such as maintaining our business records, developing and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.
  • Where we need to use your Sensitive Personal Data such as health data because it is necessary for your vital interests, this being a life or death matter.

 

Who do we share your Personal Data with?

We might share your Personal Data with two types of organisation – companies inside the AXA Group, and other third parties outside the Group. For further details of disclosures, please see below. We will not share any of your Personal Data other than for the purposes described in this Privacy Policy. If we share anything outside the Group, it will be kept strictly confidential and will only be used for reasons that we have described.

 

Disclosures within our group

In order to provide our services your personal information may be shared with other companies in the AXA Group. Your personal information might be shared for our general business administration, efficiency and accuracy purposes or for the prevention and detection of fraud.

Disclosures to third parties

We also disclose your Personal Data to the third parties listed below for the purposes described in this Privacy Policy. This might include:

  • Your relatives or, guardians (on your behalf where you are incapacitated or unable) or other people or organisations associated with you such as your insurance broker or your lawyer
  • Where you have named an alternative contact (such as a relative) to speak with us on your behalf. Once you have told us your alternative contact, this person will be able to discuss all aspects of your policy (including claims and cancellation) with us and make changes on your behalf;
  • An AXA recommended garage or panel beater or your designated garage or panel beater;
  • Our insurance partners such as brokers, other insurers, reinsurers or other companies who act as insurance distributors;
  • Other third parties who assist in the administration of insurance policies such as another Insurance Company if there has been an accident which requires a claim to or from that Insurance Company;
  • We may share the Personal Data of any persons named on the policy with third parties to obtain information which may be used by AXA to inform its risk selection, pricing and underwriting decisions;
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers;
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
  • Nigerian Insurance Industry Database
  • Our third-party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, research specialists, document management providers and tax advisers;
  • Other suppliers, providers of goods and services associated with this insurance and/or to enable us to deal with any claims you make;
  • Customer satisfaction survey providers;
  • Financial organisations and advisers;
  • Overseas assistance companies;
  • Loss Adjusters;
  • Emergency Assistance Companies;
  • Your healthcare practitioner;
  • Other insurers for the purpose of obtaining a claim contribution where there is another insurance covering the same loss, damage, expense or liability
  • Selected third parties in connection with the sale, transfer or disposal of our products
  • Disclosure of your Personal Data to a third party outside of the AXA Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also disclose your personal information to other third parties where:

  • We are required or permitted to do so by law or by regulatory bodies such as where there is a court order, statutory obligation or Prudential Regulatory Authority / Financial Conduct Authority; or
  • We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest; or
  • Exemptions under the data protection legislation allow us to do so

Some of the recipients and technical solutions set out above may be in other countries outside Nigeria. Where we make a transfer of your Personal Data outside of Nigeria, in all cases where Personal Data is transferred to a country which is deemed not to have the same standards of protection for personal data as Nigeria, AXA Mansard will ensure appropriate safeguards have been implemented to ensure that your Personal Data is protected where standards are not the same or similar to those standards within Nigeria. Such steps may include placing the party we are transferring Personal Data to under contractual obligations to protect it to adequate standards. Occasionally, there may also be some circumstances where we are required to transfer your Personal Data outside of Nigeria and we shall rely on the basis of processing it for being necessary for the performance of your contract; for example, where you have a travel insurance policy and we need to contact you when you are outside Nigeria.

 

How long do we keep records for?

We keep your Personal Data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The length of time we retain Personal Data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

 

Your Rights

You can ask us to do various things with your Personal Data. For example, at any time you can ask us for a copy of your Personal Data, ask us to correct mistakes, change the way we use your information, or even delete it. We will either do what you have asked or explain why we cannot – usually because of a legal or regulatory issue.

You have the following rights in relation to our use of your Personal Date.

 

The right to access your Personal Data:

You are entitled to a copy of the Personal Data we hold about you and certain details of how we use it. Your Personal Data will usually be provided to you in writing, unless otherwise requested. We may charge you a reasonable fee to cover the cost.

 

The right to rectification:

We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

 

The right to erasure:

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of Personal Data we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

 

Right to restriction of processing:

In certain circumstances, you are entitled to ask us to stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to process your Personal Data.

 

Right to data portability:

In certain circumstances, you have the right to ask that we transfer any Personal Data that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your Personal Data.

 

The right to withdraw consent:

For certain uses of your Personal Data , we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your Personal Data. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

 

Changing and accessing your Personal Data:

To the extent required by applicable law, you may be able to request that we inform you about the Personal Data we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your Personal Data. We will respond to your access requests within the period specified by relevant legislation and make all required updates and changes within the time specified by applicable law and as required by law.

When permitted by law, we may charge an appropriate fee to cover the costs of responding to the request. Where the timeline specified in an applicable law cannot be met, we will communicate same to you and take steps to notify you where we require an extension.

 

How we protect Personal Data :

We take reasonable measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction to ensure that Personal Data is accurate and up-to-date as appropriate because:

  • We have put in place strict measures and technologies to prevent fraud and intrusion.
  • Our employees are trained in data protection and security to respect and preserve confidentiality, integrity and availability of information held by us.

 

Breach/ Privacy Violation

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information, AXA Mansard shall within 72 (seventy two) hours of having knowledge of such breach report the details of the breach to NITDA. Furthermore, AXA Mansard shall within 7 (seven) days of having knowledge of the occurrence of such breach take steps to inform the Data Subject of the breach incident, the risk to the rights and freedoms of the Data Subject resulting from such breach and any course of action to remedy said breach.

 

Marketing

We may share information with other AXA Mansard entities in order to inform you of other products and services that may be of interest to you or members of your family, but we will only do this where you have provided your consent. You can always change your mind by contacting us using the details shown in your documentation and telling us you no longer wish to be contacted.

If you wish to unsubscribe from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise you can always contact us using the details set out in your documentation to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

We would like to keep you informed, from time to time about relevant products and services. We may do this by mail, email, telephone or other electronic methods such as text message. In order to help us get to know you and identify what products and services may interest you we obtain information about you from other sources inside and outside the AXA Group for example, companies who provide consumer classification and market segmentation data for marketing purposes.

From time to time, we may run specific marketing campaigns through social media and digital advertising that you may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings.

We may also share information that we collect about you for marketing within the AXA Group. If you do not want to receive such promotional materials from us, you can opt out at any time by sending an email to dataprivacy@axamansard.com

Please note that we may retain any data provided to us on our websites for a limited period, even if you do not complete your quote. The information may be used to enquire as to why you did not complete your quote or for us to better understand your needs.

 

ABOUT AXA MANSARD

Wherever the name “AXA Mansard” is used in this policy, it implies one or more of the following AXA Mansard entities, which may offer products or services on the website. Further details can be found on the respective company’s website.

AXA Mansard Insurance PLC trading as AXA Mansard a public company limited by shares and listed on the Nigeria Stock Exchange incorporated in Nigeria with Company Number 133276.

AXA Mansard Health Limited, a subsidiary of AXA Mansard is a private limited company incorporated in Nigeria with Company number 487419

AXA Mansard Investments Limited, a subsidiary of AXA Mansard is a private limited company incorporated in Nigeria with Company number 724966

 

Our Contact Information

If you would like any more information about the way we use your information, or if you wish to exercise the rights listed above, please contact us using the details below:

The Chief Compliance Officer
AXA Mansard Insurance Plc.
Santa Clara Court,
Plot 1412, Ahmadu Bello Way,
Victoria Island, Lagos, Nigeria
Customer Care Hotline: 0700 292 626 7273, 01-270 1560-5
General Enquiries: 01-4485482
Email: dataprivacy@axamansard.com

You have a right to complain to the Information Regulator if you think that your information has been misused. The contact details are:

Nigeria Data Protection Commission (NDPC)
Address: No.12 Clement Isong Street, Asokoro, Abuja, Nigeria.
Phone number: +2349160615551
Email: info@ndpc.gov.ng

Our Commitments

Check out our data privacy declaration to see how we oversee data safety and protect your privacy every day.

More Insights

Find out how the AXA Research Fund supports academic research to help understand issues surrounding data privacy, and how, for example, we’re partnering with Sciences Po Paris to manage the challenges of personal data use and our other data privacy initiatives.