AAR Health Services (U) Ltd (“, AAR Health Services (U) Ltd”/ “AAR”/ “We/Us”) respects the personal information and data that we collect from you through our website and Mobile Application, various application forms and through other methods owned and controlled by us. This Privacy Notice describes how AAR Health Services (U) Ltd uses, processes and shares personal information, including sensitive personal data collected through our website https://aar-insurance.ug/ (the “website”) and Mobile Application, its subdomains and any products or services offered by AAR Health Services (U) Ltd.
Collection of Information
As Data Controllers and Data Processors, AAR Health Services (U) Ltd collect data directly from the data subject and indirectly through intermediaries and service providers with data subjects’ consent to enable us to operate effectively and provide you with the best experience possible with our products and services.
We collect information about you in the following ways (please note that this is not a comprehensive list):
- Information You Give Us – This includes but is not limited to your name, phone number, e-mail address, National Identification (ID)/passport details, date of birth,financial and health information, occupation, employer, details of family members to be covered under the policy, postal addresses and any other information you provide to us through our application forms, website, in person, email or by phone, through an appointed insurance intermediary or through a service provider when accessing services related to your insurance policy.
- Information We Collect from Other Sources –We may also receive information from other sources and combine that with information we collect as above. For example, if you engage with a separate application or website that uses our API (or whose API we use), we may receive information about you or your connections from that site or application.
- Information Automatically Collected – , AAR Health Services (U) Ltd automatically logs information about you and your computer or device such as the IP address, pages viewed and action on our website through Cookies and Web Beacons.
Use of Personal Information
AAR Health Services (U) Ltd may use your personal information as follows:
- To provide the products and services applied for and the related customer support when accessing the benefits purchased, send updates and administrative information, facilitate payments and send receipts. It is also used to authenticate users and develop safety features, operate, maintain, and improve our site, products and services, develop new features and enable the use of our online self-service portal.
- To communicate with you, respond to comments, queries, complaints and to provide customer service. In this regard any change of details regarding your personal data should be notified to AAR Health Services (U) Ltd through ug@aar-insurance.com immediately or through other communications modes.
- To comply with the Data Protection and privacy Act 2019 and its Regulations and other lawful purposes such as compliance with applicable statutory government returns and statutory orders where relevant.
- To personalize and improve our services, including to provide or recommend, features, content, and advertisements. Where this is the case, we will take appropriate measures to protect your personal information in accordance with this Notice.
- In the exercise of our rights. Where reasonably necessary, we may use your data to exercise our legal rights and prevent abuse of our services. For example, we may use your data to protect, investigate, and deter against fraudulent, suspected money laundering, unauthorized, or illegal activity.
Sharing of Personal Information
- AAR Health Services (U) Ltd shall not disclose your personal information to any third parties such as service providers other than with your prior consent, for a legitimate reason or for the performance of a contract.
- AAR Health Services (U) Ltd may share personal information for legal, protection, and safety purposes which includes complying with the laws of the countries we operate in, and with all lawful requests, purposes and legal processes.
Retention of Information
We retain your data for as long as we reasonably require it and, in any event for as long as you continue to use our products and services. When you no longer use our products and services, we will delete, anonymize or pseudonymize your data, subject to any legal or statutory obligations requiring the data to be retained for a longer period. We may retain logs of automatically collected information (for internal analytics) including: your e-mail address; communications with you; and your transactional information (for internal regulatory, auditing, tax, purposes). When we no longer have a business or legitimate reason for retaining data, we will delete, anonymize or pseudonymize it.
You are responsible for the confidentiality of any password you have put in place to allow you to access certain products or services. Please note our customer service agents will never request you to share your password.
You are in Control
You are in control of your data and to this end, you have the right to:
- Be informed what personal data has been collected about you.
- Access your personal data and information on the processing (reasons for processing, categories of personal data concerned, recipients to whom your personal data has been or will be communicated and the retention period).
- Erase your personal data. We reserve the right to not send you or delete your personal data in some circumstances – in which case, we will write to you within 14 days of receipt of the request setting out the reasons. Where the request to erase your data is implemented, it will mean that you will not have access or use to any of our products and/or services for which the data deletion request is made.
- Receive the personal data provided to AAR Health Services (U) Ltd in a structured, commonly used and legible format. This shall be done free of charge by writing to the Data Protection Officer at: AAR Health Services (U) Ltd, Plot 11 Salmon Rise Luthuli Avenue, Uganda Kampala or by e-mailing ug@aar-insurance.com
- Oppose and/or stop, for legitimate reasons, the processing and use of your personal data, however this may disrupt the services we provide to you or may stop us from being able to assist you
- Request us to transfer your personal data to another Data Controller.
- Lodge a complaint with us at ug@aar-insurance.com
- Change your personal data or revoke your consent for the processing activities or retention of the data at any time . You have the right to appoint a third party to whom your data may be communicated to after your death. You agree to inform the third party of their appointment.
- Correct your personal data. All such requests should be made to by e-mailing ug@aar-insurance.com
- We undertake to respond to any request for correction and updating of personal data submitted by e-mail within 14 days of receipt provided the correction is necessary.
Security of Personal Information and Data Breach
Personal information and data are handled with care and integrity. AAR Health Services (U) Ltd has implemented system, access and process controls to safeguard and secure the information collected which includes monitoring and testing to verify effectiveness of the safeguards. If we suspect or become aware of any unauthorized access to your data by any unauthorized person or third party or become aware of any other security breach relating to personal data held by us, we shall notify you in writing within a reasonably practical period, unless the identity of the data subject cannot be established. In the event of such data breach, AAR Health Services (U) Ltd shall fully and immediately take the appropriate steps to contain and remedy such data breach.
Data Location and International Data Transfers
Personal Data and information are processed and stored within Uganda and outside Uganda. For data and information that is sitting outside Uganda, AAR Health Services (U) Ltd undertakes to ensure that appropriate data protection safeguards are in place and your personal information is processed or transferred in accordance with the Data Protection and privacy Act and Regulations.
Consent shall be obtained for Personal Data transferred outside Uganda.
Privacy Notice Updates
AAR Health Services (U) Ltd reserves the right to change the provisions of this Privacy Notice at any time. We will alert you that changes have been made by indicating on the Privacy Notice – the date, the notice was last revised. Your use of the Website and applications following the posting of such revised Notice shall constitute your acceptance of any such changes. We encourage you to review our Privacy Notice whenever you visit the Website and application(s) to guarantee your understanding of how your information may be collected, processed and used.
Contact information
If you have any questions or queries regarding this notice, please contact us at dataprivacy.ug@aar-insurance.com
Privacy Notice Effective Date
November 2022