Privacy Policy

Goldlink Insurance Plc (Goldlink) is committed to ensuring that the privacy and personal information of its clients and employees (data subjects) are protected. Goldlink is the entity that collects and processes your personal information and the responsibility is not outsourced to any third party. Goldlink is also responsible for complying with extant Nigerian and applicable international laws on data protection. For the purpose of this Privacy Policy, references to Goldlink or the Company shall mean Goldlink Insurance Plc.
By providing the data subject’s personal information or the personal information of a beneficiary from the data subject’s policy, the data subject acknowledges that Goldlink may only use the information in the manner specified in this Privacy Policy.
There may be a need to update this policy periodically, for example as a result of government regulation, new technologies or other developments on data protection and / or privacy laws.

ROLE DEFINITIONS:
The following roles are defined for the purpose of this policy:
Data Subject: is an identifiable person; one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes Goldlink’s clients, customers, business partners and employees.
Data Administrator: means a persons or organization that processes data. For the purpose of this policy, Goldlink Insurance Plc is the Data Administrator.
Data Controller: means a person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which personal data is processed or is to be processed. For the purpose of this policy, the Managing Director is the Data Controller or whoever he so delegates.
Data Protection Officer: is appointed by the data controller to ensure that the strategy and implementation of data protection requirements are in compliance with the data protection policy and the relevant extant laws. For the purpose of this policy.
Responsibilities of the Data Administrator, Data Controller and Data Protection Officer are clearly outlined in the Nigeria Data Protection Regulation (2019).

1. Introduction
When Goldlink collects and processes the personal information of its data subjects, the company ensures it adheres to strict controls to ensure that personal data of the data subject is obtained and used in line with the company’s privacy principles. Goldlink handles personal data with the greatest care and use it only for legitimate and specified business purposes under the following principles:

Goldlink respects the privacy rights of its employees, customers, clients, business partners and other individuals whose personal data are in its custody and
Goldlink protects personal data by implementing appropriate technical and organizational measures in our data processing
Goldlink obtains personal data fairly and only use it for legitimate business
Goldlink holds itself accountable for demonstrating compliance with applicable legal and regulatory requirements and understanding of our roles and

All personal information collected by Goldlink is processed in accordance with the extant data protection laws in Nigeria.

2. Type of Information Processed by Goldlink
The precise nature of the personal data Goldlink processes depends on data subject’s relationship with the company. However, in many cases, if the Company is handling the data subject’s personal data as part of its role as an insurer, the Company may process the following:

Information about the data subject - for example name, age, gender, date of birth, nationality. Even though in some instances Goldlink do not receive your name, the Company needs enough information to identify the data subject and her policy so that the Company can provide services to its
Means of identification - date of birth, National Identity Card Number (NIN), International Passport

details, Drivers’ License, Voter’s card details, etc.

Contact information - in some cases, for example, the Company may receive the data subject’s

email, address, and phone number.

Online information - for example cookies and IP address (your computer’s internet address), if you use Goldlink’s
Financial information - the Company may process information related to payments the data subject make or receive in the context of an insurance policy or This includes information such as Bank Verification Number (BVN) and information obtained from credit reference agencies.
Contractual information - for example details about the policies a data subject holds and with whom the data subject holds
Health information such as smoker status or medical related issues relevant to a policy the data subject holds or a claim the data subject has
Other sensitive personal data (Health background / information, Marital status, criminal history record, Biometric details, Academic records, and Gender)

3. Requirement for Consent

Where data subjects provide their consent for use of their personal information, Goldlink will explain the reason for obtaining the data subject’s Without such consent, the company may be unable to provide the required cover or handle claims when they arise. Where the data subject provide personal information about third parties, Goldlink will ask such clients to confirm that the third party has given consent to the data subject to act on their behalf and will provide the company with a copy of the consent issued.

Consent will be obtained via the same medium used to obtain personal information or through any other means that is acceptable to Goldlink. Reference will be made to this Policy or a summarized version that can be easily understood by the data The data subject will be required to indicate understanding and acceptance of the terms contained in the policy. This can be via signature for physical documents or a ticked checkbox for electronic platforms.
Where Goldlink has appropriate, legitimate business need to use client personal information for maintenance of business records including development and improvement of products and services, the company will take extra care to ensure that the data subject’s rights to security and confidentiality is not infringed

4. Reasons for use and process of data by Goldlink

Goldlink will obtain the consent of the data subject before use and processing of the data for one or more specific purposes made known to the data
Such personal data obtained with the consent of the data subject shall not be used in any manner other than the stated purpose for which the data was obtained, except with further consent of the data subject whether at the instance of the data subject or upon the company’s engagement with the data
Goldlink may use data subject’s personal data for a number of reasons:

Underwriting our business with our clients
Managing claims
Assessing, improving and developing our services
Enhancing our knowledge of risk and insurance markets in general
Fulfilling legal or regulatory obligations and protecting ourselves and our clients against fraud. Such regulators include National Insurance Commission, National Financial Intelligence Unit and such other regulatory agencies that is created from time to
For the protection of public interest such as investigation of fraudulent claims and anti-money laundering
For archiving purposes in the public interest, scientific or historical research purposes or statistical
For the purpose of assessment of proposed data subject’s employability and other employee benefits-related purposes.

Goldlink applies information protection technologies including perimeter security, malware management, data loss prevention and backup & Goldlink’s data centers are also protected against environmental threats. Goldlink’s information security policies and practices apply to all personal information in the company’s custody.

Goldlink will only transfer personal information to a third party where the company has ensured that such information is protected and the data subject’s consent has been obtained. Goldlink will procure the privacy policy of the Third Party to guarantee the safeguard and protection of the personal data of the data subject in the custody of the third No consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.

5. Methods of Collecting Private Information

In most cases, Goldlink receives personal data from third parties such as its corporate clients and may also receive personal data directly from the data
The following shall comprise the method of collection of personal information:

Direct collection:

Know Your Customer (KYC) forms
Claim forms
Forums and feedback forms
Enquiry and Quote forms
Recorded telephone conversations
Digital touch points
Electronics means (emails and apps)
Employee engagement personal data forms (inclusive of medical report)

Third parties data collection source:

Individuals or employers with policies with Goldlink under which a data subject is insured e. a named individual within a group life insurance policy.
Credit reference agencies including credit
Family members in the event of incapacitation or death of the insured for purpose of claims payment
Medical professionals and hospitals
Aggregators
Loss adjusters, claim assessors,

Provided that in the case of data obtained from third parry source, a copy of the data subject’s consent given to the third party to transfer the data to Goldlink shall suffice for the company’s use and processing.

6. Goldlink’s Use of Cookies

Goldlink’s websites use cookies to track browsing history of visitors to improve their All the company websites provide visitors an option to accept the use of cookies during the browsing session. Consent must be received before any form of data processing can be performed. Every consent given by a data subject will be kept secured as evidence that consent was received.
In the case of Goldlink’s customers, the data subject will provide consent by responding to a dialogue box corresponding to declarations indicating whether consent is given or declined.

Such declaration will be in clear and plain language. For children’s personal data, consent will be sought from their legal guardian.

7. Social Media Platforms
7.1. The data subject may wish to participate in various blogs, forums, and other social media platforms hosted by Goldlink (“Social Media Platforms”) which are made available to the data subject. The main aim of these Social Media Platforms is to facilitate and allow the data subject share content. However, the company cannot be held responsible if the data subject shares personal information on Social Media Platforms that is subsequently used, misused or otherwise appropriated by another user. The data subject is required to consult the Privacy Statements of such services before using them.

8. Third Party Access and Purpose of Access

Disclosure to Employees

Goldlink’s employees have access to and process personal data based upon a “need to know” basis in order to do their job. Goldlink regularly check who has access to its systems and

8.2. Disclosures to Third Parties

Goldlink may disclose data subjects’ personal data to these categories of third parties:

Goldlink service providers and agents g. IT companies who support Goldlink’s technology, marketing agencies, research specialists, document management providers and tax advisers.
Goldlink professional advisers: auditors; reinsurers; medical agencies and legal
Clients who provide Goldlink with data subjects’ personal
Persons legally authorized to act on behalf of Goldlink e.g. Lawyer, Insurance Broker and loss adjusters,
Individuals nominated and authorized by the data subject to engage Goldlink on his/her
A Goldlink recommended garage or other service provider recommended to the data
Disclosure to Credit referencing organization to obtain information which may be used by Goldlink to determine its risk selection, pricing and underwriting
Fraud detection agencies and other parties who maintain fraud detection
Customer relationship management
Independent Customer satisfaction survey providers.
Financial organizations and
Government and its

Emergency assistance
Credit reference
Debt collection
Selected third parties in connection with the sale, transfer or disposal of the business or in connection with employee assessment, academic records verification and employee well-being

The above disclosures to the third party shall be made only to the extent necessary for the specific purpose for which the data is provided and the third party shall be informed of the confidential nature of such information and shall be directed to keep the data subject’s information strictly confidential.

9. Lawful Processing of Personal Data

Goldlink only processes personal data for legitimate business purposes and when a legal ground as set out in data protection

There are a number of legal grounds that may apply and the following ones are most likely to be relevant to the data subject:

Goldlink may process the personal data of the data subject when Goldlink obtains the data subject’s consent or when the company’s client obtains consent from the data
Where the data subject has a contract with Goldlink, the personal data of the data subject may be processed when it is necessary in order to enter into or perform a
Where Goldlink has a legal obligation to perform such processing, such as where the company shares information with its regulators, law enforcement agencies or
In order to protect the vital interests of the data subject or of another natural
In order to process the data subject’s medical and other sensitive personal data when it is necessary to do so in connection with an insurance product.

Where Goldlink is required to do so by law or regulatory bodies such as where a court order exists to such effect or there is a statutory obligation to do
Where it is necessary to facilitate prevention and/or detection investigation of criminal action (including fraud) or is otherwise in the overriding public
Where exemptions under the Data Privacy law allows Goldlink to disclose such
Motor insurance database i.e. Nigeria Insurance Industry Database (NIID).
Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of public mandate vested in

The following table contain breakdown of lawful grounds which Goldlink relies on for processing personal information of its clients:

	Purpose for collection and processing of data subject’s personal information	Collectable Personal information includes but not limited to the ones set out below	Legal grounds for processing personal information
1	To review an insurance proposal and provide a quote in respect of the proposal.	Contact details, age, age of other persons included on the policy (e.g. employees, family members, etc.) Information on the subject of insurance such as landed property, vehicles, past claims, recent damage, business premises, etc. Information on travel plans including destination, duration of stay, travel dates, etc. Information on nature of commercial enterprise and assets. Sensitive personal information such as health records. Any other information relevant to the request.	The use described is necessary for provision of insurance cover. Where sensitive personal information is requested, exemptions may be applied for insurance purposes.
2	To provide and manage insurance policies. To evaluate eligibility for, process and pay claims.	Contact details, age, age of other persons included on the policy (e.g. employees, family members, etc.) Information on subject of insurance such as landed property, vehicles, past claims, recent damage, business premises, etc. Information on travel plans including destination, duration of stay, travel dates, etc. Information on the nature of commercial enterprise and assets. Sensitive personal information such as health records.	The use described is necessary for provision of insurance cover. Where sensitive personal information is requested, exemptions may be applied for insurance purposes.
3	For data subject’s communication and resolution of complaints.	Contact details and any information relevant to the policy.	The use described is required to provide the insurance cover and to resolve any legitimate concerns. Where sensitive personal information is requested, it may be necessary for the exercise and defense of Goldlink’s legal rights, where the client has provided consent or where we have applied and obtained exemption for insurance purposes.

4	To evaluate insurance applications and data subject’s ability to pay premiums in instalments or as at when due.	Contact details, bank account details, collateral information	Necessary to provide insurance cover.
5	To prevent, detect and investigate fraud. This may include collection of biometric information such as voice prints.	Contact details, age, age of other persons included on the policy (e.g. employees, family members, etc.) Information about possessions such as landed property, vehicles, past claims, recent damage, business premises, etc. Information about travel plans including destination, duration of stay, travel dates, etc. Information about nature of commercial enterprise and assets. Information available in the public domain such as social media. Sensitive personal information such as biometrics (i.e. voice print).	Necessary to provide insurance cover and a legitimate business need to prevent fraud. Where sensitive personal information is requested, it may be necessary for the exercise and defense of Goldlink’s legal rights, where the data subject has provided consent or where we have applied and exemption for insurance purposes.
6	For the purpose of recovering debt.	Contact details, bank account details, collateral information.	Where there is a legitimate business need for debt recovery. Where sensitive personal information is requested, the use described is necessary forestablishing, exercising or defending the legal rights of Goldlink Insurance.

7	For the purpose of our own information systems management including; management of business processes such as maintaining financial and accounting records, analysis of financial results, internal and external audit requirements, receiving professional advice (e.g. tax or legal advice). We develop policies and security systems to ensure security and effective operation of our systems.	Information about the client including name, residential / office address, email address, telephone number, age and the age of other person(s) included on the policy (family members, business partners, employees). Sensitive personal information about health or beneficiaries’ health.	Goldlink Insurance has a legitimate business need to use its client’s personal information to understand its business, monitor performance and maintain appropriate records. Where sensitive personal information is provided, the information is used to determine if an exemption should be applied for Insurance purposes.
8	For research and analytical purposes and to improve our products and services.	Contact details, age, age of other persons included on the policy (e.g. employees, family members, etc.) Information about possessions such as landed property, vehicles, past claims, recent damage, business premises, etc. Information about travel plans including destination, duration of stay, travel dates, etc. Information about nature of commercial enterprise and assets. Sensitive personal information such as health records.	Research and data analytics are conducted for service improvement purposes in the interest of the data subject. Where sensitive personal information is provided, Goldlink may apply an exemption for insurance purposes where appropriate.
9	Compliance with legal and / or regulatory obligations	Details about the data subject, other related parties, specific product required by the data subject, service or benefit, depending on the nature of the obligation.	Necessary for Goldlink Insurance Plc to comply with Legal and Regulatory obligations.

10	Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers); technology may include voice analytics	Details about our clients and other related parties, product or service having been discussed with the client or representative during a telephone conversation with Goldlink Insurance Plc.	The use described is required for Legal and Regulatory compliance.
11	Providing marketing information to Goldlink clients including information about other products and services and undertaking customer surveys in accordance with preferences communicated by the data subject.	Name, contact details and marketing preference.	Data subject’s consent.
12	Determination of employability, background check up, academic records verification, and employee surveys and other HR processes requiring personal identifiers.	Name, contact details, academic records, health background / information, Marital status, criminal history record, Biometric details, Academic records, and Gender	To determine employability and to improve employee wellbeing, insurance contracts and regulatory demands.

10. Foreign Transfer of Personal Data

The transfer of client’s personal information may be to a third party in a foreign country which has adequate data protection laws for data transfer, to be determined by the Attorney General of the Federation and the Data subject shall have the right to be informed of the appropriate safeguards for data protection in the foreign
Where the Attorney General of the Federation has not determined the third party country, the data subject’s personal information may be transferred to a third party in a foreign country in the following circumstances:

Where the data subject has consented to the proposed transfer after having been informed of the possible risks of such transfers
The transfer is for the performance of a contract between the data subject and the data controller
The transfer is for the performance of a contract concluded in the interest of the data subject between the Data Controller and another natural or legal person
The transfer is for public interest
The transfer is for the establishment exercise or defence of legal claim
The transfer is to protect the vital interest of the data subject or other persons, where the data subject is physically or legally incapable of giving

The data subject shall have the right to be informed of the appropriate safeguards for data protection in the foreign country.

11. Length of time for keeping client personal information
The length of time for storing data subject’s personal information shall be in line with Goldlink’s Data Retention Schedule in its Retention policy. This includes keeping the data subject’s information for a reasonable period of time as stated in the Retention policy after the data subject’s relationship with the company or its client has ended and particularly for statistical analysis, pricing and risk modelling purposes.
In certain instances, Goldlink will minimize personal data; or de-identify data for use in statistical or analytical activities. This is undertaken in accordance with the data protection laws.

12. Data Subject’s Rights

Goldlink shall disclose the specific purpose for which the information is required before obtaining the information from the data subject and shall inform the data subject of his/her right and method of withdrawal of
The data subject has the right to request that Goldlink perform certain activities on his/her personal information, such as request for a copy of their personal information, correction of errors on the personal information, a change in the use of their personal information, or delete their personal information. Goldlink is obligated to either carry out the data subject’s instructions or explain why it may not be possible - usually because of a legal or regulatory
Data subject have the following rights in respect of Goldlink’s use of their personal information:

Right to access: The data subject has a right to a copy of their personal information as maintained by the Company
Right to rectify: Goldlink takes due care to ensure that the personal information we maintain about data subjects are accurate and complete. However, if a data subject believes the information is inaccurate or incomplete, such data subject has the right to request an
Right to erase: under certain circumstances, a data subject may ask that Goldlink to erase their personal information. For instance where the personal information collected is no longer necessary for the original purpose or where consent is withdrawn. However, this will need to be balanced against other factors, such as the type of personal information obtained, the original reason for collection, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and the company continuous assessment of risk relating to the data There may be some legal and regulatory obligations which prevents the company from complying immediately.
Right to restriction of processing: under certain circumstances, but subject to regulatory requirements, a data subject may be entitled to instruct Goldlink to stop using his/her personal This is applicable where

A data subject contests the accuracy of personal information held by the data controller
Processing of personal data of the data subject is unlawful
The data controller no longer requires the personal data but the data is required by the data subject for establishment, exercise or defense of legal claims
The data subject has objected to processing, pending the verification whether the legal grounds for the data controller override those of the data

Right to data portability: under certain circumstances, data subjects have the right to ask that Goldlink transfers any personal information that they have provided to the company to another third party. Once transferred, the other party will be responsible for safeguarding such personal
Right to object to marketing: Data Subject can object to the processing of his/her personal data for the purposes of third party marketing
Right to lodge a complaint: Goldlink data subject has the right to lodge complaints, in the event that there is an objection to the manner in which personal information is being used by the Company. Such complaints can be communicated using contact details provided in our policy documentation. In certain cases, the company may be unable to comply with data subject’s requests for reasons such as our own obligations to comply with other legal or regulatory requirements. However, the company will always respond to complaints and where compliance is not feasible, an explanation will be
The Data Controller shall communicate any rectification or erasure of personal data or restriction to each recipient to whom the data the personal data has been disclosed, unless this proves impossible or involves disproportionate
In some circumstances, exercising some of these rights will mean Goldlink is unable to continue providing cover under the data subject’s insurance policy and may therefore result in cancellation of the The data subject will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before the right was exercised, if the company’s ability to handle the claim has been prejudiced. Each data subject’s policy terms and conditions set out what will occur in the event of a policy cancellation.
Some of Goldlink’s assessment of risks are made automatically by inputting the data subject’s personal information into a system, the criteria of which is determined by the company’s underwriting team and the decision is then calculated using certain automatic processes rather than manual process via discussions. We make automated decisions in the following situations:
Premium- computation: we use the data subject’s personal information to deter-mine premium and eligibility.

Fraud and money laundering prevention: Goldlink uses automated anti-fraud and money laundering filters that check against global databases individuals known to have undertaken fraudulent and / or money laundering transactions and will reject those applicants based on outcomes of the automated

Application assessment: Goldlink may use scoring methods to assess applications, perform identity verification and determine premiums. Examples of information used by Goldlink systems to do this include age, address, lifestyle (e.g. smoking, drinking, exercise routines,) and medical history. If a data subject does not consent to processing sensitive information in this manner, Goldlink may be unable to assess the application or provide a quote. Alternatively, Goldlink may only be able to offer the data subject policies that do not require the company to have that information from the onset. The automated decision making performed by Goldlink systems during the application is proprietary to the company, and the results thereof is not shared with third parties.
Where the data subject choose to opt out of automatic decision-making, a formal communication to that effect will suffice. However, in some situations, it may imply that Goldlink will be unable to offer a quote because automated decisions are necessary to price and issue certain

Data subjects can enforce the above rights by sending an email to dpo@goldlinkplc.com or dataprotection@goldlinkplc.com. The Data Controller is obligated to act on the request of the data subject without delay. In the event that the Data Controller does not take action on the request of the Data Subject, the Data Controller shall within one month of receipt of the request, inform the data subject of the reasons why the request has not been actioned.
The exercise of the rights listed above shall be in conformity with constitutionally guaranteed principles of Law for the general protection and enforcement of fundamental rights.

Training

Ultimately, it is Goldlink’s employees who are the most important element of the company, Goldlink’s employees are involved in every step of the data lifecycle, including sourcing and receiving personal data, processing it in compliance with laws and regulations, employing safeguards, and establishing the means and schedules of retention and deletion. It is therefore imperative that Goldlink’s employees understand their role and be committed to safeguarding personal data.
Goldlink designs its training programme to be relevant, focused on the individual and also focused on concrete risks. Goldlink runs regular data protection and information security awareness campaigns. The Company also share with its employees other knowledge resources on data protection and privacy topics, including guidance on ways that they can better protect and safeguard personal
It is important that Goldlink’s employees understand the seriousness of protecting personal data and respecting privacy rights with the ability to relate this back to the risks and consequences from an individual Through Goldlink’s efforts, it remains committed to realize its goal to ensure its employees and business partners understand their respective roles and responsibilities for data protection compliance.

14. Marketing

The data subject reserves the right to the use of his/her personal information for marketing and Goldlink shall obtain the consent of the client prior to using such information for marketing purpose in specific cases not covered under this.
Goldlink shall be committed to only send its data subjects insurance marketing communications that meets the needs and behaviours of the data subject. Where the data subject chooses to unsubscribe from our mailing lists, such can be achieved at any time by following the unsubscribe instructions that appear in all marketing emails or contact Goldlink via the details set out in this policy
Periodically, Goldlink may run specific marketing campaigns through social media and digital advertising that the data subject may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. Should a data subject not want to see such campaigns, the data subject shall be responsible for adjusting preference settings within the specific social media platform including cookie browser settings
Goldlink may retain any data provided on its website and mobile app for a reasonable period, subject to the client’s prior approval, even if the contract is not consummated and such information may be used to make enquiry on why the contract is not

15. Audit and Enforcement of the Data Protection Policy
15.1. The Internal Audit Department of the Company shall conduct the audit of the privacy and data protection practice, in accordance with the extant Data protection regulation and the Data Protection Officer shall be responsible for monitoring compliance with the regulation.

16. Remedies for Violation of Data Protection Policy and the Timeframe for Remedy
16.1. In the event of violation of this policy, the data controller shall within 15 days redress the violation. Where the violation pertains to the disclosure of the data subject’s information without his/her consent, such information shall be retracted immediately and confirmation of the retraction sent to the data subject within 48 hours of the redress.
Where the violation is caused by any representative of the data controller, such representative shall be subject to appropriate sanction.

17. Contact details of the Data Controller and Data Protection Officer
Goldlink’s Data Controller and Data Protection Officer can be contacted via the following details:
Delineate a data controller from a data processor.

Goldlink insurance Plc,
6, Emmanuel Street, Maryland, Lagos
Email: dataprotection@goldlinkplc.com
Or
dpo@goldlinkplc.com

Privacy Policy

Privacy Policy

Cookie Consent