About this Policy
Capital Express Assurance Limited (CAPEX) is committed to protecting your personal information. As a provider of life insurance services, respectful and appropriate use of personal information is critical to our business.
Types of personal information we collect and hold
We collect and hold a range of personal information of our customers and people from our business partners, suppliers and service providers. The types of personal information that we collect and hold include:
- name, contact details (including address, email, phone number and social media handles), date of birth and gender;
- information on the clients interactions with us including complaints;
- personal information which is required to acquire a product or service and as may be needed during the life-cycle of that product or service;
- information required to underwrite an application for an insurance product to assess and manage an insurance claim, including previous insurance records and claims history, information about beneficiaries and nominated representatives, employment and income;
- financial details such as your tax file number and bank account details, superannuation or other insurance policy information;
- sensitive information (see “Sensitive Information” section below);
- information relating to the use of our online services (see the ‘Online services’ section below); and
- any other information we think is necessary to acquire our products or for us (or our service providers or representatives) to provide services to
Sensitive information is requested for service delivery, example when you are applying for an insurance product. This will generally include information about clients’ health, health history, fitness and physical activities. We may also give you the ability to provide your voice-print to identify yourself to our call centers.
Sensitive information is information about a person’s health (this can include genetic or bio-metric information), racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, genetic or biometric information.
We only collect and hold sensitive information with clients consent or in other limited situations which the law allows.
How we collect personal information
Personal information could be collected by direct engagement. For example, we might collect client’s personal information when forms are completed by our agents or are collected on our website. See the ‘Online services’ section below for more information about our collection of personal information online.
Sometimes information are collected from other sources that may include:
- medical practitioners or medical facilities
- our agents, insurance brokers, other insurers and reinsurers
- your relatives and representatives
- your employer
- service providers such as investigators, lawyers, financial advisers, doctors and other medical and occupational experts;
- credit reporting agencies or information providers
- social media platforms (e.g. if you log in for our services using your social media profile)
- devices (including wearable devices) in relation to which you agree to provide personal information to us, and
- external dispute resolution bodies, and public sources, including statutory or government organisations, and public
Why we collect personal information
We may collect, hold, use and disclose your personal information to:
- provide you with the products and services you’ve asked for or under which you may receive cover or benefits (e.g. group insurances)
- process and underwrite clients application (including deciding whether or not to provide cover) or determine clients eligibility under group insurances
- provide clients with products and services
- administer products and services which includes answering clients’ requests and complaints, managing claims and making payments, varying products and services, conducting market research, taking legal action relating to our products and services and managing our relevant product portfolios;
- develop and improve corporate products and services
- assist us in running our business including performing administrative and operational tasks (such as training and managing staff, risk management, planning, research and statistical analysis, and systems development and testing), and
- prevent or investigate any fraud or crime, or any suspected fraud or
We may also collect, hold, use and disclose your personal information:
- as required by legislation or codes that are binding on us
- for any purpose for which you have given your consent, and
- to combine the information that we hold about you with information about you collected from or held by external sources to enable the development of consumer insights about you so that we can better serve you. We may also use external parties to undertake the process of creating these
What if you don’t want to provide us with your personal information?
- If you don’t provide your personal information to us, we may not be able to:
- provide you with the product or service you want
- manage or administer your product or service
- personalize your experience with us
- verify your identity or protect against fraud, or
- let you know about other products or services that might better meet your
Direct marketing and how to opt out
Unless you opt out we may to the extent permitted by law:
- use or disclose your personal information to let you know about products and services that we believe may be of interest to you
- market our products to you through third party channels (such as social networking sites), or via other companies who assist us to market our products and services
- conduct these marketing activities via email, telephone, SMS, Instant Messaging, mail, or any other electronic or other
- disclose your personal information to our related companies or to our trusted partners so they can tell you about their products and services and
- disclose your personal information to third parties such as brokers or agents, or for the purpose of connecting you with other businesses or
You can let us know at any time (see ‘Contact Us’) if you wish to opt out of receiving direct marketing offers from us, or to opt out of our other use and disclosure of your personal information for direct marketing. We will process your request as soon as practicable.
You may also be able to opt out by following the instructions in particular direct marketing communications.
Disclosure of personal information
To make sure we can meet your specific needs and for the purposes described in ‘Why we collect personal information’, we may disclose your personal information to other third parties, including:
- our Regulators, National Insurance Commission (NAICOM) and our other related bodies corporate
- those involved in providing, managing or administering any aspect of your product or service or any product (e.g. group insurance) under which you receive or may receive benefits
- service providers such as information brokers, investigators, lawyers, financial advisers, doctors and other medical and occupational experts
- parties who sell our products or services;
- superannuation and managed funds organizations, and their advisers and service providers
- if your insurance is held in a superannuation product, to entities (and their representatives or service providers) involved in issuing, maintaining and providing administration support relating to these products
- medical professionals, medical facilities or health authorities who verify any health information you may provide
- reinsurers, claim assessors and investigators
- brokers or referrers who refer your application or business to us
- organizations we sponsor and loyalty program partners, including organizations we have an arrangement with to jointly offer products or have an alliance with to share information for marketing purposes
- police and other enforcement bodies and government agencies where we are required or authorized by law to help detect and prevent illegal activities
- media or social networking sites that provide us with opportunities to place messages in front of you
- service providers that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems
- joint venture partners that conduct business with us
- organizations that assist with our product planning, analytics, research and development
- mailing houses and telemarketing agencies and media organisations who assist us to communicate with you
- other organizations involved in our normal business practices, including our agents and contractors, as well as our accountants, auditors or lawyers and other external advisers, and
- where you have given your
We may store your information in cloud or various other types of remote, networked or electronic storage. As electronic or networked storage can be accessed from various locations via an internet connection.
When you use our website, mobile applications, email communications, social media profiles and other online services (together, ‘Online Services’), we may collect information about your location or activity including information accessed, IP address, telephone number, device identifiers, social media profile information and whether you’ve accessed third party sites. We do this to verify you, identify ways we can improve our services for you, maintain the continuity of your online sessions, recall your details and preferences, understand you better, and for the other purposes described in this policy.
In the case of Capex’s customers, the data subject will provide consent by responding to a dialogue box corresponding to declarations indicating whether consent is given or declined. Such declaration will be in clear and plain language. For children’s personal data, consent will be sought from their legal guardian.
Social Media Platforms
The data subject may wish to participate in the various blogs, forums, and other social media platforms hosted by Capex (“Social Media Platforms”) which are make available to the data subject. The main aim of these Social Media Platforms is to facilitate and allow the data subject share content.
However, Capex cannot be held responsible if the data subject shares personal information on Social Media Platforms that is subsequently used, misused or otherwise appropriated by another user. The data subject is required to consult the Privacy Statements of such services before using them.
Storage and security of personal information
We store information in different ways, including in paper and electronic form. The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure, including control of access to our buildings and electronic security systems, such as firewalls and data encryption on our websites.
We may store personal information physically or electronically with third party data storage providers or our service providers. Where we do this, we use contractual arrangements to ensure those providers take appropriate steps to protect that information and restrict the uses to which they can put that information.
Data Subject’s Rights
Capex shall disclose the specific purpose for which the information is required before obtaining the information from the data subject and shall inform the data subject of his/her right and method of withdrawal of consent.
The data subject has the right to request that Capex perform certain activities on his/her personal information, such as request for a copy of their personal information, correction of errors on the personal information, a change in the use of their personal information, or delete their personal information. Capex is obligated to either carry out the data subject’s instructions or explain why it may not be possible – usually because of a legal or regulatory issue.
Data subject have the following rights in respect of Capex’s use of their personal information:
Right to access: The data subject has a right to a copy of their personal information as maintained by the Company
Right to rectify: Capex takes due care to ensure that the personal information we maintain about data subjects are accurate and complete. However, if a data subject believes the information is inaccurate or incomplete, such data subject has the right to request an amendment.
Right to erase: under certain circumstances, a data subject may ask that Capex erase their personal information. For instance where the personal information collected is no longer necessary for the original purpose or where consent is withdrawn. However, this will need to be balanced against other factors, such as the type of personal information obtained, the original reason for collection, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and Capex continuous assessment of risk relating to the data subject. There may be some legal and regulatory obligations which prevents Capex from complying immediately.
Right to restriction of processing: under certain circumstances, but subject to regulatory requirements, a data subject may be entitled to instruct Capex to stop using his/her personal information. This is applicable where
A data subject contests the accuracy of personal information held by the data controller
- Processing of personal data of the data subject is unlawful
- The data controller no longer requires the personal data but the data is required by the data subject for establishment, exercise or defense of legal claims
- The data subject has objected to processing, pending the verification whether the legal grounds for the data controller override those of the data
Right to data portability: under certain circumstances, data subjects have the right to ask that Capex transfers any personal information that they have provided to Capex to another third party. Once transferred, the other party will be responsible for safeguarding such personal information.
Right to object to marketing: Data Subject can object to the processing of his/her personal data for the purposes of third party marketing
Right to lodge a complaint: Capex data subject has the right to lodge complaints, in the event that there is an objection to the manner in which personal information is being used by the Company. Such complaints can be communicated using contact details provided in our policy documentation. In certain cases, Capex may be unable to comply with data subject’s requests for reasons such as our own obligations to
comply with other legal or regulatory requirements. However, Capex will always respond to complaints and where compliance is not feasible, an explanation will be provided.
The Data Controller shall communicate any rectification or erasure of personal data or restriction to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
In some circumstances, exercising some of these rights will mean Capex is unable to continue providing cover under the data subject’s insurance policy and may therefore result in cancellation of the policy. The data subject will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before the right was exercised, if Capex’s ability to handle the claim has been prejudiced. Each data subject’s policy terms and conditions set out what will occur in the event of a policy cancellation.
Some of Capex ’s assessment of risks are made automatically by inputting the data subject’s personal information into a system, the criteria of which is determined by Capex ’s underwriting team and the decision is then calculated using certain automatic processes rather than manual process via discussions. We make automated decisions in the following situations:
Premium computation: we use the data subject’s personal information to determine premium and eligibility.
Fraud and money laundering prevention: Capex uses automated anti-fraud and money laundering filters that check against global databases individuals known to have undertaken fraudulent and / or money laundering/terrorism transactions and will reject those applicants based on outcomes of the automated checks.
Application assessment: Capex may use scoring methods to assess applications, perform identity verification and determine premiums. Examples of information used by Capex systems to do this include age, address, lifestyle (e.g. smoking, drinking, exercise routines, etc.) and medical history. If a data subject does not consent to processing sensitive information in this manner, Capex may be unable to assess the application or provide a quote. Alternatively, Capex may only be able to offer the data subject policies that do not require Capex to have that information from the onset. The automated decision making performed by Capex systems during the application is proprietary to Capex, and the results thereof is not shared with third parties.
Where the data subject choose to opt out of automatic decision-making, a formal communication to that effect will suffice. However, in some situations, it may imply that Capex will be unable to offer a quote because automated decisions are necessary to price and issue certain policies.
Data subjects can enforce the above rights by sending an email to email@example.com Data Controller is obligated to act on the request of the data subject without delay. In the event that the Data Controller does not take action on the request of the Data Subject, the Data Controller shall within one month of receipt of the request, inform the data subject of the reasons why the request has not been actioned.
The exercise of the rights listed above shall be in conformity with constitutionally guaranteed principles of Law for the general protection and enforcement of fundamental rights.
If you have a complaint about how we handle your personal information, we want to hear from you. You’re always welcome to contact our Data Protection Officer (see ‘Contact Us’ below). We’re committed to resolving your complaint and doing the right thing by our customers.
We may request additional details from you regarding your complaint, and may need to engage or consult with other parties to investigate and deal with your issue. We’ll keep records of your request and any resolution.
Reviews and updates to this policy
- there are significant changes to privacy legislation; and/or
- there are significant changes to our information handling practices, for example, due to technological
The Data Protection Officer, Capital Express Assurance Limited
Email: firstname.lastname@example.org Telephone: 08035809199
The Data Protection Officer Capital Express Assurance Limited
13, Bishop Kale Close, Off Kasumu Ekemode Street, Off Saka Tinubu Street,
Victoria Island, Lagos