Bluewave Insurance Agency Privacy Statement

  • Bluewave Insurance Agency is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us.
  • The privacy policy below explains what information we gather about you, what we use that information for, and with whom the information is shared. It also sets out your rights and who you can contact for information or queries.
  • We respect individuals right to privacy and to the protection of personal information.
  • “Personal Information” means information about a natural person who is identified or can be identified from that information (either by itself or when combined with other information).

What personal information do we collect?

  • We capture and store the following personal information: Name, Gender, Date of Birth, Physical Address, National Identity Card number, Passport number, Family details including names of children and spouse, Email address, Phone number and KRA PIN number
  • Safaricom who provide mobile phone-based money transfer(MPESA) and INTERSWITCH who provide integrated digital payments are our 3rd party service providers and they will capture your personal information via our web applications and Mobile applications
  • Interswitch collects payment details including credit card details such as credit card holder name, credit card number, credit card expiry date and the card security code
  • MPESA collects payment details such as ID number, phone number and name
  • We also collect health data in instances where we need to process a health related claim or for the provision of similar services

Why we process your personal information?

  • We need your information in order to contact you. We may share your phone number with our service providers who need to coordinate with you.
  • To process your payments. Since we use a third-party payment processor, we have only limited information about your payment transactions.
  • To contact you for policy, service, and claims related communications
  • We also process your personal information in order to fulfil other contractual obligations pertaining services rendered to you.

Where and how we keep your data

  • Data held and processed by Bluewave Insurance Agency is stored on secure cloud-based servers hosted by Amazon Web Services (AWS)
  • Technical and organizational security measures taken to ensure the integrity and confidentiality of the data include:
  • We have secured our web applications with HTTPS which protects the integrity and confidentiality of your data.
  • We carry out regular system updates aimed at keeping the systems secure.
  • The Amazon Web Services cloud solution helps us automate most of the manual security tasks by leveraging some of the security services available that include:
    • Data protection services that provide encryption and key management, and threat detection that continuously monitors and protects our accounts and workloads.
    • Identity Services enable us to securely manage identities, resources, and permissions at scale.
    • Infrastructure protection services that we use to protect our web applications by filtering network traffic, based on some predefined rules.
  • The Amazon Web Services cloud solution also automates threat identification by continuously monitoring the network activity and account behaviour within our cloud environment.
  • The Amazon Web Services cloud solution also gives us a comprehensive view of our compliance status and continuously monitors our environment using automated compliance checks based on best practices and industry standards.
  • We have also secured online transactions using 3DS protocol as an additional security layer for online credit card transactions.
  • We also use AWS backup service to back up our applications data.
  • Additionally, Bluewave employees accessing your data have password protected access to the accounts.

Retention of personal information

  • Our policy is to retain Personal Information provided to us for as long as it may be required to comply with our legal obligations.
  • When no longer required we securely delete the information from our servers.
  • We will carry out these procedures at an earlier date if you so request unless we are legally prohibited from doing so.

International transfer of data

  • We may, unless prohibited by local law, transfer information to other countries, in order to provide our services. In transferring information, we comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information.

Rights regarding your personal information

  • You have the following rights in respect of any personal data we hold
  • Right to be informed of the use to which their personal data is to be put
  • Right to object to the processing of all or part of your personal data
  • Right to request confirmation of what personal data we hold for you
  • Right to request that we correct any errors, omissions, out-dated, inaccurate, incomplete or misleading data, and request third parties processing your data of the same, this will however not apply to personal data required for the purposes of evidence and we shall instead of erasing or rectifying, restrict processing and inform you within a reasonable time.
  • Right to request that we no longer use the information to contact you
  • Right to request removal from any contact / mailing list we have the data on
  • Right to request that we restrict our use of your data
  • Right to request that we delete personal data that is authorised to retain, irrelevant, excessive or obtained unlawfully, and request third parties processing your data of the same, this will however not apply to personal data required for the purposes of evidence and we shall instead of erasing or rectifying, restrict processing and inform you within a reasonable time.
  • Right to request that we transfer your data to another organisation
  • It is our intention that we will resolve any issue you may have with regard to data privacy

How to contact us

  • If you would like to contact us on any topics in this privacy policy, you can email us on or submit a request via our digital platforms.
  • Our contact details are as follows:
    • Senteu Plaza 6th Floor
    • Galana Rd
    • Nairobi, Kenya
    • Tel: (+254) 711 082 228