YOA DATA PROTECTION POLICY
- Purpose
This Data Protection Policy outlines the principles and procedures followed by YOA
Insurance Brokers Limited to ensure compliance with applicable data protection laws, such
as the Nigeria Data Protection Regulation (NDPR) and other relevant regulations. - Scope
This policy applies to all employees, contractors, and third-party service providers of YOA
Insurance Brokers Limited who handle personal data of clients, employees, consultants,
vendors or any other individuals. - Definitions
a. Personal Data: Any information that can identify an individual, such as name,
address, phone number, email, or policy details.
b. Data Subject: The individual whose personal data is processed.
c. Processing: Any operation performed on personal data, including collection, storage,
use, and disclosure. - Data Protection Principles
YOA Insurance Brokers Limited commits to processing personal data in line with the
following principles:
a. Lawfulness, Fairness, and Transparency: Personal data must be processed
lawfully and in a transparent manner.
b. Purpose Limitation: Data will only be collected for specified, explicit, and legitimate
purposes.
c. Data Minimization: Only necessary data will be collected and processed.
d. Accuracy: Personal data must be accurate and kept up-to-date.
e. Storage Limitation: Data will not be retained longer than necessary.
f. Integrity and Confidentiality: Personal data must be processed securely to prevent
unauthorized access or breaches. - Collection of Personal Data
YOA Insurance Brokers Limited collects personal data for purposes including:
a. Risk review, assessment and advisory
b. Placement and management of insurance policies.
c. Processing claims and providing customer support.
d. Recruitment purposes.
e. Consultancy and transactional purposes.
f. Complying with legal and regulatory obligations.
g. Marketing purposes.
Data collected may include names, contact information, identification documents, and
financial information.
- Lawful Basis for Processing
Personal data will only be processed based on one or more of the following lawful bases:
a. Consent from the data subject.
b. Fulfillment of a contract.
c. Compliance with legal obligations.
d. Legitimate business interests. - Data Subject Rights
YOA Insurance Brokers Limited recognizes the following rights of data subjects:
a. Right to Access: Request access to personal data.
b. Right to Rectification: Request correction of inaccurate data.
c. Right to Erasure: Request deletion of personal data under certain conditions.
d. Right to Restriction of Processing: Request limited processing of data.
e. Right to Data Portability: Obtain data in a structured format.
f. Right to Object: Object to data processing for direct marketing or other purposes.
g. Right to Lodge a Complaint: Complaints can be lodged to obtain to the data
processing by the Company. - Data Security
YOA Insurance Brokers Limited implements the following measures to ensure data security:
a. Use of encryption for sensitive data.
b. Regular audits and monitoring of data access and processing.
c. Password protection and multi-factor authentication.
d. Secure disposal of data no longer required.
e. Secure storage of documents containing personal information
f. Regular reporting of data processes and audit to the Commission (NDPC) as
required. - Data Breaches
In the event of a data breach, YOA Insurance Brokers Limited will:
a. Notify the affected individuals and relevant regulatory authorities within 5 business
days of the breach.
b. Retract any data subject’s information disclosed without consent within 24 hours and
send proof of retraction to data subject within 48 hours.
c. Take remedial actions to mitigate risks and prevent future breaches. - Third-Party Processors
YOA Insurance Brokers Limited ensures that third-party service providers comply with this
policy and relevant data protection laws through proper agreements and audits.
Policy Review
This policy will be reviewed annually or as needed to reflect changes in data protection laws
or business practices.
Use of Cookies
YOA uses cookies to analyse browsing behaviour, track website interactions, and identify
potential product interests to enhance user experience. Visitors can choose to accept
cookies, with all disclosures provided in clear, plain language.
Social Media Platforms
Data subjects may engage with YOA through blogs and social media platforms, where YOA
promotes insurance awareness, risk management, and financial inclusion.
a. YOA is not responsible for any personal data voluntarily shared on its social media
platforms.
b. For data collected through campaigns (e.g., email addresses, company names,
phone numbers), YOA will obtain explicit consent before further processing.
Training and Awareness
An annual training of all employees and contractors handling personal data would be
undertaken every first quarter of the year. This is required to understand their responsibilities
under this policy.
The Legal and Compliance Team will periodically conduct an audit of the Company’s Data
Protection practices in accordance with the Nigeria Data Protection Regulations.
Contact Details of Data Controller and Protection Officer:
Data Controller: Enitan Solarin
Data Protection Officer: Tomiwa Tejumola
Email: data.privacy@yoainsurance.com
Contact Number: +234 813 607 6588