This Data Protection Policy outlines the principles and procedures followed by YOA
Insurance Brokers Limited to ensure compliance with applicable data protection laws, such as the Nigeria Data Protection Regulation (NDPR) and other relevant regulations.
2. Scope
This policy applies to all employees, contractors, and third-party service providers of YOA Insurance Brokers Limited who handle personal data of clients, employees, consultants, vendors or any other individuals.
3. Definitions
a. Personal Data: Any information that can identify an individual, such as name, address,
phone number, email, or policy details.
b. Data Subject: The individual whose personal data is processed.
c. Processing: Any operation performed on personal data, including collection, storage,
use, and disclosure.
4. Data Protection Principles
YOA Insurance Brokers Limited commits to processing personal data in line with the
following principles:
a. Lawfulness, Fairness, and Transparency: Personal data must be processed
lawfully and in a transparent manner.
b. Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes.
c. Data Minimization: Only necessary data will be collected and processed.
d. Accuracy: Personal data must be accurate and kept up-to-date.
e. Storage Limitation: Data will not be retained longer than necessary.
f. Integrity and Confidentiality: Personal data must be processed securely to prevent
unauthorized access or breaches.
5. Collection of Personal Data
YOA Insurance Brokers Limited collects personal data for purposes including:
a. Risk review, assessment and advisory
b. Placement and management of insurance policies.
c. Processing claims and providing customer support.
d. Recruitment purposes.
e. Consultancy and transactional purposes.
f. Complying with legal and regulatory obligations.
g. Marketing purposes.
Data collected may include names, contact information, identification documents, and financial
information.
6. Lawful Basis for Processing
Personal data will only be processed based on one or more of the following lawful bases:
a. Consent from the data subject.
b. Fulfillment of a contract.
c. Compliance with legal obligations.
d. Legitimate business interests.
7. Data Subject Rights
YOA Insurance Brokers Limited recognizes the following rights of data subjects:
a. Right to Access: Request access to personal data. b. Right to Rectification: Request correction of inaccurate data. c. Right to Erasure: Request deletion of personal data under certain conditions. d. Right to Restriction of Processing: Request limited processing of data. e. Right to Data Portability: Obtain data in a structured format. f. Right to Object: Object to data processing for direct marketing or other purposes. g. Right to Lodge a Complaint: Complaints can be lodged to obtain to the data processing by the Company
8. Data Security
YOA Insurance Brokers Limited implements the following measures to ensure data security:
a. Use of encryption for sensitive data.
b. Regular audits and monitoring of data access and processing.
c. Password protection and multi-factor authentication.
d. Secure disposal of data no longer required.
e. Secure storage of documents containing personal information
f. Regular reporting of data processes and audit to the Commission (NDPC) as
required.
9. Data Breaches
In the event of a data breach, YOA Insurance Brokers Limited will:
a. Notify the affected individuals and relevant regulatory authorities within 5 business days of the breach.
b. Retract any data subject’s information disclosed without consent within 24 hours and send proof of retraction to data subject within 48 hours.
c. Take remedial actions to mitigate risks and prevent future breaches.
10. Third-Party Processors
YOA Insurance Brokers Limited ensures that third-party service providers comply with this
policy and relevant data protection laws through proper agreements and audits
Policy Review
This policy will be reviewed annually or as needed to reflect changes in data protection laws or business practices.
Use of Cookies
YOA uses cookies to analyse browsing behaviour, track website interactions, and identify potential product interests to enhance user experience. Visitors can choose to accept cookies, with all disclosures provided in clear, plain language.
Social Media Platforms
Data subjects may engage with YOA through blogs and social media platforms, where YOA
promotes insurance awareness, risk management, and financial inclusion.
a. YOA is not responsible for any personal data voluntarily shared by users on its social media platforms.
b. For data collected through campaigns (e.g., email addresses, company names phone numbers), YOA will obtain explicit consent before further processing.
11. Training and Awareness
An annual training of all employees and contractors handling personal data would be
undertaken every first quarter of the year. This is required to understand their responsibilities
under this policy
The Legal Team will periodically conduct an audit of the Company’s Data
Protection practices in accordance with the Nigeria Data Protection Regulations.
12. Contact Details of Data Controller and Protection Officer:
Data Controller: Enitan Solarin Data Protection Officer: Tomiwa Tejumola Email: data.privacy@yoainsurance.com Contact Number: +234 813 607 6588
13. Policy Review
This policy will be reviewed annually or as needed to reflect changes in data protection laws or
business practices.
