1. Introduction
Skelta Limited ("Skelta", "we", "our", "us") is committed to protecting the privacy and security of personal data processed through our digital insurance platform.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you access or use:
- skelta.co.ke
- app.skelta.co.ke
- Any partner-branded subdomain
- Any mobile, API, or digital interface operated by Skelta
This Policy is issued in compliance with the Data Protection Act, 2019 and applicable regulations.
2. Who We Are
Skelta is a digital insurance infrastructure platform that enables:
- Insurance quotation
- Policy comparison
- Policy placement facilitation
- Integration between intermediaries and licensed insurers
Skelta does not underwrite insurance risk and is not an insurance company.
For purposes of data protection law, Skelta may act as:
- A Data Controller; or
- A Data Processor on behalf of a licensed intermediary or partner
Depending on the nature of the deployment and contractual structure.
For data protection inquiries, contact:
Data Protection Officer (DPO): [email protected]
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identification Information
- Full name
- National ID / Passport number
- KRA PIN (where required)
- Date of birth
- Gender
3.2 Contact Information
- Phone number
- Email address
- Physical address
- Postal address
3.3 Insurance-Specific Information
Depending on product type:
Motor Insurance
- Vehicle registration number
- Vehicle value
- Driving history
Health / Medical Insurance
- Medical disclosures
- Beneficiary information
Life / Funeral Insurance
- Next of kin information
- Beneficiary details
Financial Products
- Income information
- Employment details
3.4 Technical Information
- IP address
- Device type
- Browser type
- Log data
- Cookies
- Session tracking information
4. How We Collect Data
We collect personal data:
- Directly from users via online forms
- Through partner-branded deployments
- Through API integrations
- Through licensed intermediaries
- Through insurers (where applicable)
- Automatically through cookies and analytics tools
5. Purposes of Processing
We process personal data for the following purposes:
- Generating insurance quotations
- Risk assessment and underwriting facilitation
- Policy placement and issuance support
- Premium payment processing
- Customer support
- Fraud detection and prevention
- Regulatory compliance
- System improvement and analytics
- Contract performance
We do not sell personal data.
6. Lawful Basis for Processing
Under the Data Protection Act, 2019, processing is based on:
- User consent
- Performance of a contract
- Compliance with legal obligations
- Legitimate business interests
- Protection of vital interests
Where consent is relied upon, it may be withdrawn at any time, subject to legal and contractual restrictions.
7. Data Sharing and Disclosure
We may share personal data with:
7.1 Licensed Insurers
To enable:
- Underwriting
- Policy issuance
- Claims processing
7.2 Regulated Intermediaries
Where distribution occurs via brokers, agents, or financial institutions.
7.3 Regulatory Authorities
Including:
- Insurance Regulatory Authority (IRA)
- Office of the Data Protection Commissioner (ODPC)
- Law enforcement agencies (where legally required)
7.4 Service Providers
Including:
- Cloud hosting providers
- IT infrastructure providers
- Payment processors
- Cybersecurity vendors
All third parties are required to implement appropriate data protection safeguards.
8. Data Retention
We retain personal data only for as long as necessary to:
- Fulfill contractual obligations
- Comply with legal and regulatory requirements
- Maintain insurance records
Insurance and financial records may be retained for up to seven (7) years or longer where legally required.
Upon expiry of retention periods, data is securely deleted or anonymized.
9. Data Security
We implement appropriate technical and organizational measures, including:
- Encryption (in transit and at rest where applicable)
- Access control restrictions
- Role-based permissions
- Secure hosting environments
- Regular security assessments
- Incident response protocols
- Disaster recovery procedures
While we implement strong safeguards, no system can be guaranteed 100% secure.
10. White-Label Deployments
Where you access the Platform through a partner-branded subdomain:
- The partner may act as a Data Controller.
- Skelta may act as a Data Processor on behalf of the partner.
- Data may be jointly processed depending on the distribution structure.
Such arrangements are governed by separate contractual agreements between Skelta and the partner.
11. International Data Transfers
Where data is hosted or processed outside Kenya:
- Adequate safeguards are implemented
- Appropriate contractual protections are enforced
- Transfers comply with the Data Protection Act, 2019
12. Your Rights
Under the Data Protection Act, 2019, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion (subject to legal obligations)
- Object to processing
- Restrict processing
- Withdraw consent
- Lodge a complaint with the ODPC
Requests should be submitted to: [email protected]
We may require identity verification before fulfilling requests.
13. Cookies
We use cookies to:
- Maintain session functionality
- Improve user experience
- Conduct analytics
- Enhance security
You may disable cookies via browser settings; however, some functionality may be affected.
14. Data Breach Response
In the event of a personal data breach:
- We will assess risk promptly
- Notify the ODPC where required
- Notify affected data subjects where legally required
- Implement remedial measures
15. Changes to This Policy
We may update this Privacy Policy periodically.
Updated versions will be posted on the Platform with a revised "Last Updated" date.
Continued use constitutes acceptance of revisions.