Wheelswise

Med-Gen Insurance

Legal Documents

Privacy Policy · General Disclaimer · Cookies Policy

Last Updated: 2026-04-21

At Med-Gen Insurance Agency (“Med-Gen”, “we”, “us”), your privacy is important to us. This Privacy Policy sets out how we collect, use, share, and protect your personal data in accordance with the Data Protection Act, 2019 (DPA) and the regulations of the Office of the Data Protection Commissioner (ODPC) of Kenya. By using our platform, you acknowledge that you have read and understood this policy.

1Who We Are

Med-Gen Insurance Agency is a licensed insurance intermediary registered in Kenya and operating under the Insurance Act (Cap. 487). We act as both a data controller in respect of information you provide directly to us, and as a data processor when handling personal data on behalf of our underwriting partners. Insurers retain independent data controller status for the purposes of underwriting, policy administration, and claims management.

2Personal Data We Collect

To provide you with our services, we collect only what is necessary, including:

  • Identity and contact details (name, national ID, KRA PIN, phone number, email address)
  • Vehicle and asset information relevant to your insurance cover
  • Policy and risk-related data required by underwriters
  • KYC and AML compliance documents as required by law
  • Transaction and payment records
  • Technical and platform usage data for security and performance

3How We Use Your Data

Your personal data is processed for clearly defined purposes, including:

  • Issuing insurance quotations, policies, and cover certificates
  • Facilitating underwriting, endorsements, and claims handling
  • Fulfilling our obligations under Kenyan insurance and tax law
  • Conducting identity verification and KYC/AML compliance checks
  • Preventing fraud, money laundering, and platform abuse
  • Communicating with you about your policy and account
  • Improving the performance and security of our platform

4Legal Basis for Processing

We process your personal data on one or more of the following lawful grounds under the Data Protection Act, 2019:

  • Your explicit consent, where required
  • Performance of a contract to which you are a party
  • Compliance with a legal or regulatory obligation
  • Legitimate interests pursued by Med-Gen or our underwriting partners, where not overridden by your rights

5Sharing Your Data

We share your personal data only where necessary and with appropriate safeguards in place. Recipients may include:

  • Licensed insurers and reinsurers for underwriting and claims purposes
  • Payment service providers for transaction processing
  • The Insurance Regulatory Authority (IRA) and other regulatory bodies
  • The Kenya Revenue Authority (KRA) where required by law
  • Law enforcement or government agencies pursuant to a lawful order

We do not sell your personal data to third parties. Where data is shared with processors, we ensure appropriate data processing agreements are in place in line with the DPA.

6Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Kenyan law, IRA regulations, and insurer obligations - whichever period is longer. Upon request, data is securely deleted or anonymised.

7Your Rights

Under the Data Protection Act, 2019, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Object to or request restriction of certain processing
  • Request deletion of your data, subject to legal retention obligations
  • Lodge a complaint with the Office of the Data Protection Commissioner

To exercise any of these rights, please contact us at the details below. We will respond within the timeframes prescribed by the DPA.

8Data Security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted data transmission, access controls, and regular security assessments. While we take every reasonable precaution, we encourage you to keep your account credentials confidential.

9KYC Document Submission

In compliance with the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and applicable KYC regulations, users are required to submit valid identity verification documents — including a government-issued National ID or Passport and a KRA PIN Certificate — within 48 hours of account registration or upon request by Med-Gen. Failure to comply within the stipulated timeframe may result in suspension of account access, cancellation of pending policy applications, or termination of active policies. Med-Gen reserves the right to reject documents that are illegible, expired, or inconsistent with registration details. Users bear sole responsibility for any loss or prejudice arising from the submission of inaccurate, fraudulent, or incomplete KYC documentation.

10Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify you via the platform or by email. Continued use of our services following such notice constitutes your acceptance of the updated policy.

11Contact Us

If you have any questions about this policy or wish to exercise your data rights, please reach out to us:

Email: support@medgeninsurance.com