Welcome to the privacy statement for our Heritage Health Cover Product.

The Heritage Insurance Company Kenya Limited, a subsidiary of Liberty Kenya Holdings Plc whose parent organisation is Liberty Holdings Limited (hereinafter referred to as “Heritage’’, “we”, “us” or “our” in this privacy statement) respects your privacy and is committed to protecting your personal data as guaranteed by the Kenyan Data Protection Act No. 24 of 2019. This privacy statement aims to give you information on how we look after your personal data when you visit our https://www.libertyhealth.net/kenya/en/ website (regardless of where you visit it from).

How and why we collect personal data

  • We collect personal data for the purposes set out in this notice or otherwise communicated to you.
  • We collect personal data directly from you when you contact us directly or provide information through this website.
  • This personal data is used to create a policy in your name and to issue you with a member certificate and card as proof of cover and to gain access to medical service and the benefits of the policy. This information is also used to authenticate and verify that you are you when interacting with Heritage. It is used for security purposes to ensure that unauthorised persons do not get access to your Heritage information or benefits.
  • We may collect from and share your personal information with selected third parties to ensure we meet our responsibilities as a Health Insurance Product Service Provider. These third parties may include, but are not limited to:
    • Regulatory bodies
    • Financial Advisers and other intermediaries
    • Financial reporting centre
    • Affiliated companies of Liberty Holdings Limited – Our parent company
    • Other insurers or authorised financial services providers for prevention of fraud – Forensics investigations.
  • We collect personal data from and about you for the following purposes, but not limited to:
    • Assess your individual requirements accurately.
    • Deliver effective and personalised services to you that comply with applicable regulations.
    • Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services).
    • Tell you about services and products available within Heritage. This information is used for Marketing purposes giving you access to the broader Heritage product offering.
    • Constantly improve our offerings to suit your unique needs.
    • To verify and protect your identity. This information is also used to authenticate or verify your identity when interacting with Heritage.
    • It is used for security purposes to ensure that unauthorised persons do not get access to your Heritage information or benefits.
    • Regulatory reporting – Heritage is obliged to provide regulatory reporting to the insurance and other regulatory bodies.
    • Comply with relevant regulatory requirements, including monitoring and analysing your account for credit, fraud, compliance and other risk-related purposes as required by law.
    • As otherwise allowed by law
    • Without your personal data, we may not be able to provide or continue to provide you with the products or services that you need. This personal data is used to create a policy in your name and to issue you with a member certificate and card as proof of cover and to gain access to medical services and manage your policy.


Transfer across borders

Sometimes we will process your personal data in other countries, either to carry out your instructions or for ordinary business purposes. If necessary, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data and conform to our privacy principles, associated policies and practices.


We store personal data as required by law. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

Our use of technology to follow your use of our website

We collect and examine information about visits to this website. We use this information to find out which areas of the website people visit most. This helps us to add more value to our services. This information is gathered in such a way that we do not get personal information about any individual or their online behaviour on other websites.


We use cookies and other tracking technologies on some parts of our website. Cookies are small pieces of text that are saved on your Internet browser when you use our website. A cookie is sent back to our computer each time you visit our website. Cookies make it easier for us to give you a better experience online. You can stop your browser from accepting cookies, but if you do, some parts of our website or online services may not work properly. We recommend that you allow cookies. Please read our comprehensive cookies policy here.

Marketing by post, email or text messages

If you give us permission, we may use your personal data or other information to tell you about products, services and special offers from us or other companies that may be of interest to you. We will do this by post, email or text message (SMS). If you later decide that you do not want us to do this, please contact us at [email protected] and we will stop doing so.

Third parties

We ask other organisations to provide support services to us. When we do this, they have to agree to our privacy policies if they need access to any personal data to carry out their services.

Our website may contain links to or from other websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. When you leave our website, we recommend that you always read the privacy and security notices of every website you visit.

When we may reveal personal data without consent

We will not reveal personal data to anyone outside Heritage or certain of our service providers without your permission, unless:

  • we must do so by law or in terms of a court order.
  • It is for the establishment, exercise or defence of a legal claim.
  • It is for purposes of complying with a legal obligation
  • it is in the public interest.
  • we need to do so to protect our rights.
  • there is a legitimate purpose for the sharing.


Our data security practices

  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
  • We are committed and obliged to implement all reasonable controls to safeguard access to your personal data. Where third parties are required to process your personal data in relation to the purposes set out in this statement and for other legal requirements, we ensure that they are contractually bound to apply the appropriate security practices.
  • All use of our website and transactions through it are protected by encryption (secret codes) in line with international standards.


Your right to access your personal data

You have the right to request access to the personal data we process about you. You may exercise this right by emailing us at [email protected]. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can’t comply with your request, we will inform you of the reasons why. If you have any questions regarding this please, let us know at [email protected].

Your right to object to processing of your personal data

You have the right to object the processing of all or part of your personal data where there is something about your particular situation which makes you want to object to processing of your personal data as you feel it impacts on your fundamental rights and freedoms. You may exercise this right by emailing us at [email protected]. In some cases, however, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Your right to correction of false or misleading data

You have a right to request correction of the personal data that we hold about you. This enables you to have any false, misleading, incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You may exercise this right by emailing us at [email protected].

Your right to deletion of false or misleading data

You have the right to request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You may exercise this right by emailing us at [email protected]. Note, however, that we may not always be able to comply with your request of deletion for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Your right to lodge a complaint

You have a right to complain to the Kenya Data Commissioner at any time if you object to the way in which we use your personal information. We would, however, appreciate the chance to deal with your concerns before you approach the Data Commissioner so please contact us in the first instance.

Privacy and security statements that apply to specific online services

Different online services or businesses of Heritage may have their own privacy and security policies because the service or product they offer may need different or extra policies. These specific policies will apply to your use of the particular service where they are different from our general policies.

Personal use of emails and notice about checking on emails

Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Heritage. We do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that applies.

Changes to the Privacy Notice and your duty to inform us of changes

We keep our privacy statement under regular review, and we may always change this privacy notice. We will put all changes on our website. The latest version of our privacy and security notice will replace all earlier versions of it, unless it says differently.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any questions about this privacy statement, please contact our Data Protection Officer, in the following ways:

Full name of legal entity: The Heritage Insurance Company Kenya Limited

Email address: [email protected]

Postal address: 30364-00100

Telephone number: +254 (0) 711 076 222