FORTIS GLOBAL ONLINE TERMS AND CONDITIONS

(Hereinafter referred to as “Fortis Global Online Terms”)

These Online Terms govern your access to and use of all online platforms operated by Fortis Global Insurance Plc (“Fortis Global”, “we”, “us” or “our”), including our websites, mobile applications, and social media platforms. By accessing or using any Fortis Global Online Platform, you agree to be bound by these Online Terms.

1.    ABOUT FORTIS GLOBAL AND ITS ONLINE PLATFORMS

• Fortis Global Insurance Plc is a duly registered and licensed insurance company offering life and general insurance business in Nigeria and regulated by the National Insurance Commission (NAICOM).
• Fortis Global operates various online platforms (“Online Platforms”), including but not limited to: the main website (including all subdomains and transactional pages); mobile-responsive websites; mobile applications (where applicable); social media pages and channels operated by Fortis Global from time to time; and any other Fortis Global-branded digital platforms.
• These Online Platforms may contain information, products, tools, services, applications, promotions, text, graphics, and other materials (“Site Content”). Your use of any Site Content is governed by these Fortis Global Online Terms and our Privacy Policy.
• Certain sections of our Online Platforms may function as social or interactive forums. Any content you submit in such sections may be publicly visible.
• Fortis Global reserves the right to update, modify, suspend, or discontinue any Online Platform or Site Content at any time.

2.    APPLICABILITY OF ADDITIONAL TERMS

• Additional terms and conditions may apply to specific products, services, promotions, tools, or applications offered through our Online Platforms.
• Where additional terms apply, they will be brought to your attention and shall prevail in the event of any conflict with these Online Terms.

3.    LINKS TO THIRD-PARTY PLATFORMS

• Our Online Platforms may contain links to third-party websites or applications (“Third-Party Platforms”). These are provided for convenience only.
• Fortis Global does not control, endorse, or assume responsibility for Third-Party Platforms or their content, products, or services.
• Your use of Third-Party Platforms is entirely at your own risk and subject to the third party’s terms and policies.

4.    ONLINE TRANSACTIONS AND INSURANCE SERVICES

• Fortis Global may allow users to obtain quotations, purchase insurance policies, renew policies, manage policies, and submit or manage claims through its Online Platforms.
• An insurance transaction is only deemed completed when Fortis Global has received, processed, and confirmed the relevant electronic instruction and payment (where applicable).
• Fortis Global shall not be liable for delays, failures, or errors arising from internet connectivity issues, system failures, or third-party service providers.
• Electronic instructions transmitted via our Online Platforms are deemed authentic, and Fortis Global is entitled to rely on them without further verification.

5.    PAYMENTS

• All payments made through Fortis Global Online Platforms must be made using approved payment methods and cleared funds.
• Where deferred payment or instalment options are offered, such arrangements shall be governed by the applicable policy documents and payment agreements.
• Failure to make payment as required may result in suspension or cancellation of insurance cover in accordance with applicable law and policy terms.

6.    USER ACCOUNTS AND SECURITY

• Certain Online Platform features may require you to create an account or log in using secure credentials.
• You are responsible for maintaining the confidentiality of your login details and for all activities conducted under your account.
• Fortis Global shall not be liable for any loss arising from unauthorized use of your account where such use is not attributable to Fortis Global.

7.    SOCIAL MEDIA AND USER-GENERATED CONTENT

• Any content submitted by users on Fortis Global social media platforms (“User Content”) may be used by Fortis Global for lawful business, marketing, or informational purposes without compensation.
• Users warrant that their User Content is lawful, original, non-infringing, and does not violate any third-party rights.
• Fortis Global reserves the right to remove User Content at its discretion.

8.    INTELLECTUAL PROPERTY

• All intellectual property rights in Site Content belong to or are licensed by Fortis Global.
• No content may be reproduced, modified, distributed, or used without prior written consent, except as permitted by Nigerian law.

9.    WARRANTIES AND DISCLAIMER

• Online Platforms and Site Content are provided on an “as is” and “as available” basis.
• Fortis Global does not warrant uninterrupted access, accuracy, or error-free operation of its Online Platforms.

10. LIMITATION OF LIABILITY

To the fullest extent permitted by law, Fortis Global shall not be liable for any direct, indirect, incidental, or consequential losses arising from your use of or inability to use any Online Platform.

11. INDEMNITY

You agree to indemnify and hold Fortis Global harmless from any loss, liability, or expense arising from your breach of these Online Terms or misuse of our Online Platforms.

12. PRIVACY AND DATA PROTECTION

Fortis Global Global Insurance Plc (“Fortis Global”, “we”, “us” or “our”) treats the privacy of visitors, customers, policyholders, employees, job applicants, brokers, agents, and other stakeholders with the highest level of importance. This Privacy and Data Protection section explains how we collect, use, store, disclose, and protect personal data when you visit our Online Platforms or interact with us.

This Policy has been prepared in accordance with the Nigeria Data Protection Act, 2023, applicable regulations, NAICOM guidelines, and international best practices.

12.1. DATA COLLECTION

We may collect, use, store, and transfer different categories of Personal Data, including:

• Identity Data: full name, title, gender, date of birth, photograph, nationality, and identification numbers.
• Contact Data: residential or business address, email address, telephone numbers.
• Insurance & Financial Data: policy details, premium payment information, claims history, bank details, underwriting information.
• Human Resource Data: employment history, professional qualifications, educational records, referees’ details, and recruitment information.
• Technical Data: IP address, device identifiers, browser type and version, time zone, operating system, and platform.
• Profile & Usage Data: login credentials, transaction history, website usage patterns, preferences, feedback, and survey responses.
• Marketing & Communications Data: communication preferences and consent records.

Personal Data may be collected directly from you, automatically through cookies and similar technologies, or from third parties such as brokers, reinsurers, service providers, regulators, or business partners.

We do not intentionally collect Sensitive Personal Data except where required for a lawful purpose and with your explicit consent or where permitted by law.

12.2. PURPOSES FOR PROCESSING PERSONAL DATA

We process Personal Data for the following purposes:

• providing and administering insurance products and services;
• underwriting, policy issuance, renewals, and claims management;
• responding to enquiries, complaints, and customer support requests;
• improving our Online Platforms, products, and services;
• conducting analytics, research, and service evaluations;
• sending regulatory, transactional, and consent-based marketing communications;
• recruitment and human resource administration;
• fraud prevention, risk management, and security monitoring; and
• compliance with legal, regulatory, and contractual obligations.

We do not disclose identifiable Personal Data to advertisers, although aggregated and anonymised statistics may be shared.

12.3.  CHANGE OF PURPOSE

Personal Data shall only be used for the purposes for which it was collected unless a compatible purpose arises. Where processing for a new purpose is required, we shall notify you and obtain your consent where required by law.

12.4.  DATA SUBJECT RIGHTS

Subject to applicable laws, you have the right to:

• withdraw consent at any time;
• request access to your Personal Data;
• request rectification or erasure of Personal Data;
• object to or restrict processing;
• request data portability;
• opt out of marketing communications; and
• lodge complaints with the appropriate supervisory authority.

These rights may be exercised in accordance with Fortis Global’ Data Subject Access Request Procedure.

12.5.  PERSONS WITH ACCESS TO PERSONAL DATA

Access to Personal Data is restricted to authorized Fortis Global employees and trusted third parties, including:

• brokers, agents, and reinsurers;
• IT service providers, cloud hosting providers, and payment processors;
• professional advisers and auditors; and
• regulators and law enforcement agencies where required by law.

All third parties are contractually bound to maintain confidentiality and comply with data protection obligations. Fortis Global does not sell Personal Data.

12.6.  SECURITY AND CONFIDENTIALITY

Fortis Global implements appropriate technical and organisational measures to safeguard Personal Data, including encryption, access controls, monitoring systems, and confidentiality obligations.

While we take reasonable steps to protect Personal Data, electronic transmission over the internet is not entirely secure. Any data transmission is undertaken at your own risk.

In the event of a Personal Data breach, Fortis Global shall act in accordance with applicable laws, including notification to the relevant supervisory authority within prescribed timelines and notification to affected data subjects where required.

12.7.  TRANSFER OF PERSONAL DATA OUTSIDE NIGERIA

Personal Data may be transferred to and processed in jurisdictions outside Nigeria for legitimate business purposes. Such transfers shall be conducted in compliance with applicable data protection laws and subject to adequate safeguards.

12.8. RETENTION OF PERSONAL DATA

Personal Data shall be retained only for as long as necessary to fulfil the purposes for which it was collected or as required by legal, regulatory, tax, or reporting obligations. Retention periods are determined based on the nature, sensitivity, and risk associated with the data.

12.9.  THIRD-PARTY LINKS

Our Online Platforms may contain links to third-party websites or applications. Fortis Global does not control and is not responsible for the privacy practices of such third parties.

12.10.   COOKIE POLICY

• Our online platforms use cookies as part of how they interact with your web browser. Cookies help us deliver a more efficient and user-focused experience. A cookie is a small data file stored on your computer or mobile device by our web servers and may be accessed during subsequent visits. Cookies are widely used across websites, and you may choose to accept, restrict, or disable them through your browser settings. The use of cookies does not interfere with or modify the normal functioning of your device.
• Cookies are used on our primary website to support online insurance quotation, application, and purchase services. As such, enabling cookies is recommended to fully access and use these features across our websites. In addition, cookies may be used for various purposes, including monitoring and improving website performance across the Fortis Global, understanding user preferences and product interests, personalizing website content, and enhancing the relevance of advertisements. We may also collaborate with third-party service providers who, subject to applicable data protection laws, use cookies to improve the relevance of advertisements displayed to you on their platforms.
• Third-party platforms, including social media websites that host our official pages, may also deploy cookies independently. We encourage you to review the terms of use and privacy policies of such third-party platforms for information on how they manage cookies and personal data.

12.11.   DATA SUBJECT ACCESS REQUEST PROCEDURE

Requests to exercise data protection rights may be made by submitting a formal request to privacy@fortisglobalinsurance.com.

Fortis Global shall acknowledge requests within a reasonable timeframe, verify the identity of the requester, and respond in accordance with applicable laws.

12.12.   FEES AND TIMEFRAME

• We shall provide the information requested by you within one (1) month of receipt of your request. Where a request is particularly complex or involves multiple requests, the response period may be extended. In such circumstances, we shall notify you of the extension and keep you reasonably informed of the progress.
• Where we are unable to act on your request, we shall notify you within one (1) month of receipt of the request, stating the reasons for our inability to take action and informing you of your right to lodge a complaint with the National Information Technology Development Agency (NITDA), in accordance with the Nigeria Data Protection Regulation (NDPR).
• Where a request relates to an alleged infringement of your data protection rights, we shall, upon confirmation, take appropriate remedial steps. Such remedies may include, but are not limited to, investigation and reporting to the relevant authorities, recovery of personal data, correction of inaccurate data, and/or the enhancement of data protection controls. You shall be duly informed of the remedial measures taken.
• Information provided in response to your request shall be supplied free of charge. However, where a request is manifestly unfounded or excessive, particularly due to its repetitive or burdensome nature, we reserve the right to:

1. charge a reasonable fee, taking into account the administrative costs of providing the information, communication, or taking the requested action; or
2. refuse to act on the request and notify you in writing, with a copy of such notification forwarded to the National Information Technology Development Agency (NITDA).

12.13.   LAWFUL BASIS FOR PROCESSING

Fortis Global processes Personal Data only where there is a lawful basis to do so under applicable data protection laws. These lawful bases include:

• Consent: where you have freely given, specific, informed, and unambiguous consent;
• Contractual Necessity: where processing is required for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
• Legal Obligation: where processing is necessary to comply with applicable laws, regulations, or regulatory directives;
• Legitimate Interest: where processing is necessary for Fortis Global’ legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

12.14.   CHILDREN AND MINORS’ DATA

Fortis Global does not knowingly collect or process Personal Data relating to minors under the age of eighteen (18) years without the consent of a parent or legal guardian, except where required or permitted by law.
Where Fortis Global becomes aware that Personal Data of a minor has been collected without appropriate consent, such data shall be deleted promptly or processed strictly in accordance with applicable legal requirements.

12.15.   AUTOMATED DECISION-MAKING AND PROFILING

Fortis Global may use automated tools and systems, including profiling technologies, for insurance underwriting, risk assessment, fraud detection, and service optimization.
Such automated processing shall be subject to appropriate safeguards, including human oversight where required by law. Data subjects have the right to request human intervention, object to automated decision-making, or request an explanation of decisions that significantly affect them, subject to applicable legal limitations.

12.16.   DATA PROTECTION OFFICER AND CONTACT DETAILS

Fortis Global has appointed a Data Protection Officer (or designated Data Protection Lead) responsible for overseeing compliance with data protection obligations.
All data protection enquiries, complaints, or requests may be directed to:
Email: privacy@Fortis Globalinsurance.com

12.17.   PERSONAL DATA BREACH MANAGEMENT

Fortis Global maintains internal procedures for identifying, managing, investigating, and responding to Personal Data breaches.
Where a breach is likely to result in a risk to the rights and freedoms of individuals, Fortis Global shall notify the relevant supervisory authority within the timeframe prescribed by law and notify affected data subjects where required, including details of remedial actions taken.

12.18.   RECORD-KEEPING, AUDIT, AND ACCOUNTABILITY

Fortis Global maintains appropriate records of processing activities and periodically reviews its data protection practices.
Personal Data processing activities may be subject to internal audits and regulatory inspections by relevant authorities, including NAICOM and the Nigeria Data Protection Commission.

12.19.   NO SALE OF PERSONAL DATA

Fortis Global does not sell, rent, or trade Personal Data to third parties. Personal Data is disclosed strictly for legitimate business purposes, regulatory compliance, or as otherwise permitted by law.