Privacy Policy


1. INTRODUCTION GK General Insurance (“GKGI”, “we”, “us”, or “our”) is a provider of general insurance products and services registered to operate in Jamaica and licensed under the Insurance Act, 2001. GKGI is a member of the GraceKennedy Group of companies (“the Group”). The Group is dedicated to complying with data protection laws in all jurisdictions where we operate. Our goal is to bolster the trust and confidence of all our stakeholders including our team, customers, business partners, shareholders, and the beneficiaries of our community outreach initiatives, in our stewardship of their personal data.

This privacy notice aims to give you information on how we collect and process your personal data.

Please ensure that you read this privacy notice carefully and along with any additional privacy policy we may release periodically. This will help you understand why and how we use your personal information. 2. TYPES OF DATA WE COLLECT We collect your personal data to provide you with customised products and services that cater to your needs. The types of personal data we collect varies based on the business you conduct with us. For example, we collect your insurance and claims history to provide insurance services to you. Other examples of the types of personal data we may collect directly or indirectly from you include:
  • • Beneficiary Information
  • • Contact Details
  • • Demographic Details
  • • Employment Information
  • • Filiation Data
  • • Financial Information
  • • Identity Data
  • • Insurance and Claims History
  • • Medical Information
  • • Technical Data
3. HOW WE COLLECT PERSONAL DATA Your personal information is collected using:
  • Direct interactions. By completing data collection forms, corresponding with us by post, phone, email, via our website, mobile applications, or when you contract with us for the provision of our products or services.
  • Automated technologies or interactions. As you use our websites, technical information regarding your equipment, browsing behaviour and patterns may be collected. We gather your personal information through the use of cookies and similar technologies.
  • Third Parties. Where we use third party suppliers to assist us with our business operations to enable us to provide you with products and services.
4. HOW WE PROCESS PERSONAL DATA

Use

We only use your personal data for the purposes for which it was acquired, or where we have a lawful reason for using it, such as:
  • • To administer, manage and offer the products and services we provide to you, including opening, and maintaining your account, managing claims, and providing customer/member care services.
  • • To meet our regulatory and legal obligations, and to ensure adherence with internal controls.
  • • To conduct market research to develop and enhance products and services, improve existing processes, and evaluate the effectiveness of our marketing campaigns.
  • • To manage our human resources, including recruitment, on-boarding, and benefits administration.
  • • To improve the operation of our websites and provide those services which you have requested us to provide.

Disclosure

Your personal data will only be disclosed to those of our employees within the Group, third-party providers, other insurers directly or via an industry association, your brokers and agents, your employer, your authorized personnel (mortgagees, references, contact persons, next of kin), law enforcement bodies, and regulators that have a need for such access to fulfil the purpose for which it was collected. Your personal data will not be disclosed to any other individuals or entities unless there is a lawful basis to do so.

International Transfer

It may be necessary for your personal data to be transferred to another member of the Group, or to a third-party outside of the jurisdiction in which your data was collected.

Unless an exemption applies, we will only transfer your personal data out of the jurisdiction it was collected if:
  • • Your data is being transferred to a jurisdiction that provides an adequate level of protection for personal data.
  • • The third party to whom the data is being transferred agrees to protect your personal data in the same way we do.

Retention & Destruction

We will only retain your personal data for the time necessary to fulfil the purposes for which we collected it, where we are required to retain it to satisfy legal, regulatory or business requirements, or other lawful purposes. 5. LAWFUL BASIS FOR PROCESSING PERSONAL DATA We rely on one or more of the following lawful bases for processing your data.
  • Consent - We will obtain your clear, informed and freely given consent before processing your personal data, except in circumstances where we have another lawful basis to process your data.
  • Vital Interest - To protect your life, in instances that the same cannot be reasonably achieved by a means other than processing your data.
  • Contractual Obligation - In contemplation of entering a contract with you or to fulfil our existing contractual obligations to you.
  • Legitimate Interest - We may process your personal data in the interest of our business in maintaining and enhancing its goodwill and reputation, avoiding or minimising legal claims, conducting and managing our business to enable us to provide you with the best products and services and a secure customer experience.
  • Legal Obligation - To comply with our obligations under the law.
6. INDIVIDUAL/DATA SUBJECT RIGHTS We are committed to observing your rights as an individual in respect of your personal data. The rights which you may exercise are:
  • Request accessto your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
  • Request correctionof the personal data that we hold about you. This enables you to have any incomplete or inaccurate data that we hold about you corrected.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) where you feel it impacts on your fundamental rights and freedoms.
  • Request erasureof your personal data. You may ask us to delete or remove personal data where there is no lawful basis for us to retain it.
  • Request restriction of processing of your personal data. You may ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Withdraw consent where we rely on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. You also have the right to withdraw consent where we process your personal data for direct marketing purposes.
7. HOW WE PROTECT PERSONAL DATA We are committed to protecting your personal data. We use a variety of industry-standard security technologies and procedures, as well as organisational measures to help protect your personal data from unauthorised access, use, or disclosure, such as:
  • • Vulnerability scanning.
  • • Malware scanning
  • • Secure networks and access management
  • • Encryption
  • • Multi-Factor Authentication

Notifiable data breaches

We take data breaches very seriously. If a data breach occurs, we will endeavour to meet the deadlines stipulated by data protection laws to report data breaches to the supervisory authority. Where there is likely to be an impact on your rights because of the breach, we will endeavour to notify you without undue delay.
We will inform you of:
  • • the nature of the data breach;
  • • the measures taken or proposed to be taken to mitigate or address the possible adverse effects of the breach; and
  • • the contact information of our Data Protection Officer or representative to whom you may address any concerns.
We will review every breach and take action to prevent future breaches. 8. CHANGES TO PRIVACY NOTICE We reserve the right, in our sole discretion, to modify any part of this Privacy Notice. It is your responsibility to check this Privacy Notice periodically for changes. Continued use of our website indicates your acknowledgement that it is your responsibility to review this Privacy Notice periodically and become aware of any modifications. Changes to this notice are effective once they have been uploaded to our website. 9. CONTACT INFORMATION If you have a question or comment regarding this Privacy Notice or you would like to make a complaint related to data privacy, please contact our Privacy Office using the details below.

GraceKennedy Limited [email protected] 42 - 56 Harbour Street, Kingston (876) 922-3440
You may submit a complaint to the supervisory authority in the jurisdiction that your information was collected if you feel that we have not addressed your complaint:
• Jamaica - Link