1. Heritage Auto Correct Privacy Statement


Welcome to The Heritage Insurance Company Kenya Limited’s Auto Correct (hereinafter “Heritage Auto Correct”) Privacy Statement. Your right to privacy and security is very important to us. Heritage Auto Correct, (Heritage Auto Correct, we, us, our) treat personal information as private and confidential. This privacy statement is in addition to the terms and conditions set out on the Heritage Auto Correct App and website in respect of the Heritage Auto Correct policy.


By installing, downloading, or keeping the Heritage Auto Correct App installed, on any of your mobile devices, including but not limited to mobile phones, tablets, and any other device with any operating systems, you accept;


  • not to collect or process in any way the personal data of the users of the Heritage Auto Correct App, and any other information included in the Heritage Auto Correct App, either manually or through any technological means, including the use of robots, spiders or any other manual or automatic device or process to retrieve, index or extract data and information.

  • not to reproduce, duplicate, copy, sell, resell, license, distribute, commercialize, modify, adapt, translate, decompile, disassemble, violate technological security measures, or reverse engineer the Heritage Auto Correct App for any purpose, neither by itself nor through third parties, unless expressly provided otherwise in a separate agreement between you and The Heritage Insurance Company Kenya Limited.

  • not to transmit or make available in connection with the Heritage Auto Correct App any virus, worm, Trojan horse, time bomb, web bug, spyware, or any other computer code, file, or program that may or is intended to cause damage or to hack the operation of any hardware, software, or telecommunications equipment or for any other purpose that is actually or potentially harmful, detrimental, or invasive.

  • to use the Heritage Auto Correct App exclusively for private and personal purposes related to the services offered by the Heritage Auto Correct policy subject to the Terms and Conditions and this privacy statement.

  • not to use, by yourself or through an intermediate person, the personal data or any other type of information found in the Heritage Auto Correct App, for commercial or non-commercial purposes, including but not limited to uses such as: distributing, reproducing, copying, transmitting, issuing, modifying, transforming, communicating to the public, making reports, creating a database, selling, licensing, renting, sending unsolicited messages or spam, and regardless of its purpose, without prior and express authorization from The Heritage Insurance Company Kenya Limited.

  • not to use any type of tool or technological device that may overload, deteriorate, disable, or cause damage to the servers and technology of

Heritage Auto Correct App, or that prevents the normal use or enjoyment by users of the Heritage Auto Correct App or engage in any activity that interferes with or disrupts the Services or the servers and networks connected to them.

  • to Respect and ensure that others respect the copyright and industrial property rights of the Heritage Auto Correct App and other users of the service offered by the Heritage Auto Correct App, and with respect to all the content found in the Heritage Auto Correct App.

  • not to defame, abuse, harass, stalk, threaten or in any way violate the legal and/or fundamental rights of The Heritage Insurance Company Kenya Limited and other users of the Heritage Auto Correct App, including copyright and other intellectual property rights.



  1. How and why, we collect personal information


  1. Collection

Personal data means any information relating to an identified or identifiable natural person. The personal data that we collect will be for purposes of administering the Heritage Auto Correct policy and connected services subject to the terms and conditions therein.


When you insert or publish any information or content in the Heritage Auto Correct App, you represent and warrant to Heritage Auto Correct App that you own all rights, including intellectual property rights, to all information and content, and/or that you are authorized to insert or publish such information and content.


We may collect, use, store and transfer different kinds of personal data about you or persons connected to you which we have grouped together as follows:

  • your location as well as your trips in order to keep track of the driving history trip duration and trips made, through the geo- positioning and geolocation functionalities of the telematics device that has been delivered to you to interact and know the data through the Heritage Auto Correct App.

  • your behavior and/or driving habits, including but not limited to, distance travelled, the time of day or night, routes you have taken, acceleration and braking to determine and generate the score or the score you obtained for your driving behaviour and present you with recommendations and notifications associated with your driving behavior that will help you improve your driving style.

  • present benefits and/or reward plans in relation to the behavior of Users or for the adoption of better driving habits, in accordance with the measurement or monitoring parameters that may be established in the Heritage Auto Correct App.

  • identification information such as name, photo, and title.

  • contact information such as email address and telephone number.

  • information relevant to your insurance policy or relevant to your claim or your involvement in the matter giving rise to a claim.

  • online data whenever you use our products and services through our website, mobile Applications such as cookies, login data, IP address (your computer’s internet address), browser type and version, ISP or operating system, domain name, access time, page views, location data, how you frequently use our online services, our mobile Applications or visit our website.

  • profile data such as your username and password.


We may also process sensitive or special Personal Data where the Data Protection Act, 2019 and other Applicable laws permit us to do so, including where necessary to accommodate any special requirements. Sensitive or special Personal Data processed may include but is not limited to biometrics.

If we need information about other people connected to you, we may request you to provide the information in relation to those people. If you are providing information about another person, we expect you to ensure that they know you are doing so and are content with their information being provided to us. It might be helpful to show them this Privacy Statement and if they have any concerns, please contact us on the same.

The list below shows you the various ways we may collect your personal information (please note that this list is not exhaustive):

We may collect personal data directly from you

In most instances, we collect personal data directly from you when you fill in forms or communicate with us through our contact details. This includes personal data you provide when you:

  • Apply for our products or services;

  • make enquiries;

  • create an account on our website;

  • register for our products offered through mobile and online platforms;

  • give us feedback or contact us;

  • connect the geo positioning and geolocation functionalities of the telematics device that has been delivered to you to interact with the Heritage Auto Correct App;

  • voluntarily connect and/or pair electronic devices that generate, collect and share your data with the Heritage Auto Correct App;

  • provide goods or services to us as a supplier or contractor; or

  • interact with our website. We collect this personal data by using cookies and similar technologies. You can find out more about this in our cookies and website policy;

The data is collected through the telematics device that is installed either on the OBD port or the battery of your vehicle.

In some instances, we will receive your personal data from various third parties or publicly available sources including:

  • identity and contact data from the Government of Kenya’s e-citizen and Integrated Population Registration Services platforms;

  • directly from an individual or employer (or your employer’s service provider)

who has a policy with us under which you are insured.

  • directly from a person who is making a claim or Application and they include information about you which is related to their claim or Application.

  • your insurance intermediary if you have one.

  • third parties who assist us in checking that claims are eligible for payment.



  1. Use of Personal Information


We will only use your personal data within the confines of the law. Most commonly, we will use your personal data in any of the following circumstances:

  • to carry out analytical activities with the purpose of calculating the driving behaviour score, designing personalized product and service offers that may be of interest to you and generating statistical information on the use of the Heritage Auto Correct App.

  • to determine the general physical location of the telematic device with a view to facilitating or allowing the provision of a service, for example, to perform georeferencing.

  • to assess your potential cashback at the end of your policy period.

  • to award loyalty points based on how you drive.

  • to manage your claims after an accident.

  • where we need to perform the contract, we are about to enter into or have entered into with you.

  • to assess whether you are eligible for our products and services.

  • where you consent to our use of your personal data.

  • where we need to comply with or fulfil legal or regulatory obligations and protecting ourselves and our clients against fraud.

  • where we need to protect your vital interests and the vital interests of third parties (for example when paying out sums to beneficiaries under your policies).

  • where it is necessary for our legitimate interests (or those of a third party) such as maintaining our records, developing, assessing, and improving our products and services, risk evaluation, underwriting, managing arrangements with reinsurers, managing claims, improving our customer administration and engagement

as well as complying with our Know Your Customers (KYC) requirements.

  • to establish, exercise or defend our legal rights such as when we are faced with any legal claim or where we want to pursue any legal claims.

  • to advertise and market to you our latest products and services (please note that if you do not want to receive our marketing information you may opt-out anytime by contacting us at any time).

  • to send you important notices such as changes to our terms, conditions and policies or unusual activity with respect to any of your accounts with us.

  • where we receive your personal data from third parties, we may use it to validate the information you have provided to us or for fraud prevention purposes.

  • to enable you use the services available through our website and mobile and online Applications including registering you for our services and verifying your identity and authority to use our services.

  • to address fraud or safety concerns, or to investigate complaints or suspected fraud or illegality.

  • to monitor and analyse the use of our products and services for system administration, operation, testing and support purposes.

  • to cooperate with, respond to requests from, and to report transactions and/or other activity to, government, tax or regulatory bodies, financial markets, brokers or other intermediaries or counterparties, courts or other third parties.



  1. Retention and Disposal 


We will only retain your personal data for as long as may be reasonably necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, reporting and operational requirements. The retention period shall be in accordance with Applicable laws of the Republic of Kenya and at the end of the retention period, non-identifiable data is kept for management information purposes.


We may retain your personal data for a longer period if the retention is:

  • required or authorised by law.

  • reasonably necessary for a lawful purpose.

  • authorised or consented to by you.

  • Is necessary for purposes of responding to a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.



  1. Access 


It is important that the personal data we hold about you is accurate and the most recent. We encourage you to keep us informed in case of any changes of your personal data during your relationship with us. If you provide inaccurate data or that does not correspond to reality, the recommendations or calculations made by Heritage Auto Correct App may be inaccurate and not adjusted to your condition.

The telematics device while used together with the Heritage Auto Correct App is not a tracking device and must not be used as such.



  1. Third Party Disclosure


Subject to your rights and the Applicable laws, we may share your personal data with the third parties set out below:


  • entities comprising Heritage Insurance Company Kenya Limited or its affiliates.

  • any court, tribunal, Regulatory Authority or Governmental Entity when required by Law and/or Regulation, public interest, national security, regulation, legal process, or enforceable governmental request.

  • any person to whom disclosure is allowed or required by Law and/or Regulation.

  • any criminal records bureau, credit bureau or credit reference agency when conducting background checks.

  • any person in connection with litigation or other legal proceedings, to obtain legal advice or for establishing, exercising, or defending legal rights.

  • our third-party service providers who help us manage our products and services including those service providers who maintain our IT and office systems and provide marketing and advertising services.

  • to service providers that provide Application processing, fraud monitoring, call centre and/or other customer services, hosting services and other technology and business process outsourcing services.

  • persons or entities that you explicitly request us to transfer your personal data to them.

  • your relatives, guardians or persons acting on your behalf where you are incapacitated or for the purposes of paying out claims to your beneficiaries.

  • financial advisers, business partners and third-party administrators who help us manage our products and services.

  • insurers, reinsurers, and brokers who help us manage and underwrite our products and provide us with reinsurance and insurance services.

  • our professional advisers such as auditors, tax advisers, insurers, reinsurers, medical agencies, legal advisers who act on our or your behalf, or who represent another third party.

  • loss adjusters and claims experts who help us handle claims.

  • third parties connected with the sale, transfer, or disposal of our business.

  • to counterparty banks, payment infrastructure providers and other persons from whom we receive, or to whom we make, payments on our clients’ behalf.

  • debt collection agencies, credit reference agencies, fraud detection agencies and other agencies that we will contract to provide services to us.



  1. Data Security


The security of your Personal Data is important to us and Heritage Insurance Company Kenya Limited implements technical and organisational measures to safeguard your personal data.


We have put in place Appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected personal data breach and will notify you and any Applicable regulator of a breach where we are legally required to do so.



  1. Cross Border Transfer of Personal Data


Sometimes we will process your personal information in other countries, either to carry out your instructions or for ordinary business purposes.

Where we will make a transfer of your personal data outside Kenya, we will ensure that adequate technical and organizational measures are taken to protect your privacy rights and your personal data.



  1. Your Rights as a Data Subject


You have the right to:

  • request access to your personal data that we hold about you;

  • object to the processing of all or part of your personal data;

  • request correction of inaccurate, false, or misleading data that we hold about you; and

  • request deletion of false or misleading data that we hold about you.

  • lodge a complaint regarding the processing of your personal information.


Accessing and correcting your Personal Data

If you wish to access, correct, or request deletion of your Personal Data other than your profile through the website, or have questions regarding this Statement please email: info@heritage.co.ke

If you are registered to receive alerts from the Heritage Auto Correct App or other information and then subsequently you no longer wish to receive such information from us, you have the option at any time to amend your profile choices so as not to receive such job alerts and/or other information from us.


Your right to erasure

You may have the right in some circumstances to ask for some of your personal data to be deleted, for example when there is no longer a valid reason to process it. This is not an absolute right to have any personal data deleted that you wish.


Your right to object to or restrict the processing of your Personal Data

In some circumstances you may have the right to object to how we process your Personal Data or restrict its processing, but this does not mean you can decide or choose how we process your Personal Data. If you have any concerns about how we process your Personal Data, please email: info@heritage.co.ke



Click here https://www.heritageinsurance.co.ke/content/data-privacy-statement to see how we use cookies.



  1. Marketing by post, email, or text messages

If you give us permission, we may use your personal or other information to tell you about products, services and special offers from us or other companies that may interest you. We will do this by post, email, or text message (SMS). If you later decide that you do not want us to do this, please contact us and we will stop doing so. This may be done by any of the following as Applicable;



  1. Our website may contain links to or from other websites. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. We recommend that you always read the privacy and security notices on these websites.


  1. When will we use customers personal information to make automated decisions about them?


Where the law allows, Automated decisions make use of your personal information to reach a decision without humans involved. This decision may influence you and you have the right to query such decision and Heritage Insurance Company Kenya Limited is obliged to provide the reason(s) for the decisions as far as reasonably possible.


  1. Our security practices


  • We are committed and obliged to implement all reasonable controls to safeguard access to your personal information.

  • Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other legal requirements, we ensure that they are contractually bound to Apply the Appropriate security practices.

  • All use of our website and transactions processed through it are protected through secure encryption in line with best practice international standards.

  • We may share with, or receive, personal information from parties as set out above, where these parties reside outside of the Republic of Kenya.



  1. Automated decision making and profiling 

We use automated decision-making because it allows for greater consistency and fairness in the decision-making process, for example, by reducing the potential for human error and bias. It is faster, more comprehensive, and more precise than human decision-making, thereby increasing the efficiency of the process. It is faster, more comprehensive, and more precise than human

decision-making, thereby increasing the efficiency of our operational processes.


This decision may influence you and you have the right to query such decision and Heritage Insurance Company Kenya Limited is obliged to provide the reason(s) for the decisions as far as reasonably possible.


Furthermore, as an insurance service provider with a huge clientele base, Heritage Insurance Company Kenya Limited receives a significant number of proposals and queries in respect of the Heritage Auto Correct App and the quantity of proposals received may mean that the use of automated decision- making is necessary since human involvement may not be practically possible.


Heritage’s insurance services are generally not aimed at minors. If you are a minor, you must obtain the consent of your parent or guardian before contacting Heritage Insurance Company Kenya Limited in relation to the use of the Heritage Auto Correct App.



  1. Personal use of emails and notice about checking on emails


Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Heritage Insurance Company Kenya Limited. Whilst our employees are bound by strict usage policies and security safeguards, we do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that Applies.



  1. Right to change this privacy and security notice

We may, from time to time, amend this privacy statement in keeping with amended legislation or business practices. We will effect all changes on our website. The latest published version of our Heritage Auto Correct privacy statement will replace all earlier versions of it, unless otherwise stated. This Data Privacy Statement may be updated from time to time, and it is your responsibility to visit our websites regularly for the most recent version.



  1. How to Reach Us

We have Appointed a data protection officer who is responsible for overseeing questions in relation to this Privacy Statement. If you have any concerns or complaints about the processing or use of your Personal Data and you are not happy with the way we deal with it, or you may have any questions about this

Privacy Statement including any requests to exercise your legal rights under the law, please contact us using the details set out below:


The Data Protection Officer can be contacted at info@heritage.co.ke or at Heritage’s headquarters, Liberty House, Mamlaka Road, P.O. Box 30390-00100 Nairobi.

For any queries about the Heritage Auto Correct App please contact us via; Email address: autocorrect@heritage.co.ke

Postal address: P.O. Box 30390 – 00100, Nairobi

Physical address: Liberty House, Mamlaka Rd, Nairobi Telephone number: +254 711 076 400

SMS: +254 799 447 587


We will respond to your questions or concerns as soon as reasonably possible.