1. OUR DATA PRIVACY MANDATE

Leadway Holdings Limited (“Leadway” or “the Company”) is a non-operating financial and non-banking company overseeing its associated businesses in insurance, pension, trusteeship, investment, health, and hospitality. This Privacy Policy explains how we collect, use, share, and protect your personal information when you engage with our website, products, services, and other digital platforms.

Kindly be assured that we are committed to safeguarding your personal data. Leadway has consistently maintained high standards of data protection, and we continue to implement robust privacy and security measures in line with our core privacy principles.

We collect, process, and store your personal information in strict compliance with the Nigerian Data Protection Act (NDPA) 2023, the NDPA – General Application and Implementation Directives 2025, other applicable Nigerian laws, and relevant international data protection regulations.

You have the right to make informed choices about how your personal information is collected, used, and shared. We encourage you to review this Privacy Policy carefully and exercise the options available to you, so we can continue providing secure, personalized, and high-quality insurance services that meet your needs.

 

    2. GENERAL PRINCIPLES

Leadway respects the privacy rights of its customers, clients, business partners and other individuals whose personal data are in its custody. It is guided by the following principles:

  1. Respect for Privacy: Leadway upholds the privacy rights of its customers, clients, business partners, and other data subjects, ensuring that the processing of personal data complies with the principles of lawfulness, fairness, and transparency;
  2. Data Security: Leadway safeguards personal data by implementing appropriate technical, security, and organizational measures to ensure confidentiality, integrity, and availability during data processing;
  3. Fair and Legitimate Data Use: Leadway collects personal data lawfully and fairly, processing it strictly for specified, explicit, and legitimate purposes that align with its business objectives and the requirements of the NDPA 2023.
  4. Accountability and Compliance: Leadway takes full accountability for demonstrating compliance with the NDPA 2023 and other applicable legal and regulatory frameworks. It ensures all employees and stakeholders understand their roles and responsibilities in protecting personal data.
  5. Role definitions:

The following roles are defined in this policy:

Data Subject: is an identifiable person; one who can be identified directly or indirectly, particularly by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity, and includes Leadway’s clients, customers, business partners and employees.

Data Processors: means a person or organization that processes personal data on behalf of or at the direction of the data controller or another data processor. For the purpose of this policy, Leadway Assurance Company Limited is the Data Processor.

Data Controller: means a person who, either alone, jointly with other persons or in common with other persons or as a statutory body, determines the purposes for and the manner in which personal data is processed or is to be processed. For this policy’s purpose, the Managing Director is the Data Controller or whoever he delegates.

Data Protection Officer (DPO) is appointed by the Data Controller to ensure that the strategy and implementation of data protection requirements comply with the data protection policy and the data protection laws. Leadway has a duly appointed DPO, and their contact details are available in this Policy.

3.  Types of Information Processed by Leadway

The precise nature of the personal data Leadway processes depends on the data subject’s relationship with Leadway. However, in many cases, if the Company is handling the data subject’s personal data as part of its role as an Insurer, the Company may process the following: 

 

  1. Personal information about the data subject – Examples are name, age, gender, date of birth, marital status, and nationality.
  2. Means of identification – Date of birth, National Identity Card Number (NIN), International Passport details, Drivers’ License, Voter’s card details, etc.
  3. Contact information – Example, data subject’s email address, residential address and phone number.
  4. Online information – for example, cookies and IP address (your computer’s internet address), if you are logged into Leadway’s website.
  5. Financial information – the Company may process information related to payments the data subject makes or receives in the context of any HMO package. This includes information such as Bank account, Bank Verification Number (BVN) and other information obtained from credit reference agencies.
  6. Contractual information – for example, details about the policies a data subject holds and with whom the data subject holds them.
  7. Health information such as smoker status or medical-related issues relevant to a policy the data subject holds or a claim the data subject has made.
  8. Other sensitive personal data (health background/information, criminal history record, biometric details, academic records).

 

4. Lawful basis of processing personal data

Leadway shall process the personal data of its data subjects only when one or more of the following legal bases for processing apply:

  • The data subject has provided consent for the processing of their personal data, and such consent has not been withdrawn.
  • The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into any contract.
  • The processing is required to comply with a legal obligation to which Leadway is subject.
  • The processing is necessary to protect the vital interests of the data subject or a third party.
  • The processing is carried out in the performance of a task in the public interest.
  • The processing is necessary for legitimate interests pursued by Leadway or its third-party processors, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

5.  Consent Requirement

  • Where the processing is based on consent, Leadway shall inform the data subject of the purpose for obtaining their consent prior to collecting their personal data and shall rely on the data subject’s unequivocal consent to process the data.
  • Where a data subject provides personal information about third parties, Leadway will require confirmation that the third party has authorized the data subject to act on their behalf. The data subject may also provide a copy of the third party’s consent to Leadway.
  • Consent will be obtained through the same medium used to obtain personal information or any other acceptable means by Leadway. Reference will be made to this Policy. The data subject will be required to indicate understanding and acceptance of the terms contained in the policy/agreement. This can be done via signature for physical documents, oral consent, or a ticked checkbox for electronic platforms.
  • Where Leadway has an appropriate, legitimate business need to use client personal information to maintain business records, including developing and improving products and services, Leadway will take extra care to ensure that the data subject’s rights to security and confidentiality are not infringed.
  • Leadway shall not deny the data subject their right to withdraw, at any time, consent to the processing of their personal data. However, this shall not affect the lawfulness of data processing that occurred before the withdrawal of such consent.
  • For Minors or persons lacking the capacity to give consent, Leadway shall obtain the consent of their parents or legal guardians. However, this may not apply where:
    1. The processing is necessary to protect the vital interest of the child or person lacking capacity to consent.
    2. For purposes of education, medical, or social care, and undertaken by or under the responsibility of a professional or similar service provider owing a duty of confidentiality.
    3. Necessary for court proceedings.

6.  Reasons why we process your data  

  1. Leadway may use or process the data subject’s personal data for several reasons:
    • Underwriting our business with our clients
    • Managing claims and claims assessment purposes.
    • Assessing, improving and developing our services.
    • Enhancing our knowledge of risk and insurance markets in general.
    • Fulfilling legal or regulatory obligations and protecting ourselves and our clients against fraud. Such regulators include the National Insurance Commission, Nigerian Financial Intelligence Unit, Security and Exchange Commission, National Health Insurance Authority and such other regulatory agencies that are created from time to time.
    • For the protection of public interest, such as the investigation of fraudulent claims and anti-money laundering checks.
    • For archiving purposes in the public interest, scientific or historical research or statistical purposes.
    • For assessment of the proposed data subject’s employability, background checks and other employee benefits-related purposes.
  2. Leadway applies information protection technologies, including perimeter security, malware management, data loss prevention and backup and Leadway’s data centers are also protected against environmental threats. Leadway’s information security policies and practices apply to all personal information in the company’s custody.
  3. Leadway will only transfer personal information to a third party where the company has ensured that such information is protected, the required third-party agreement has been signed, and the data subject’s consent is relied upon, except where the transfer is necessary for the fulfillment of a legal or contractual purpose.
  4. Leadway shall verify the data protection compliance of the Third Party to guarantee the safeguard and protection of the personal data of the data subject in the custody of the Third Party.
  5. Pursuant to the aforementioned requirements, we pledge that personal data obtained from the data subjects shall not be used in any manner other than the stated purpose for which the data was obtained, except with further consent of the data subject, whether at the instance of the data subject or upon Leadway’s engagement with the data subject.

 

7.   How do we collect your personal information or data

In most cases, Leadway may obtain personal information directly from data subjects or from third parties such as its corporate clients. The following comprises the method of collection of personal information:

  1. Direct collection:
    • Know Your Customer (KYC) forms
    • Claim forms
    • Forums and feedback forms
    • Enquiry and Quote forms
    • Recorded telephone conversations
    • Digital touchpoints
    • Electronics means (emails and apps)
    • Employee engagement personal data forms (inclusive of medical report).
  2. Third-party data collection source
    • Individuals or employers with policies with Leadway under which a data subject is insured, e.g. a named individual within a group life insurance policy.
    • Credit reference agencies, including credit ratings.
    • Family members in the event of incapacitation or death of the insured for the purpose of claims payment.
    • Medical professionals and facilities.
    •  
    • Loss Adjusters, Claim assessors

Provided that in the case of data obtained from a third-party source, consent will be obtained from the data subject where required.

8.    Leadway’s Use of Cookies

Leadway’s websites use cookies to track the browsing history of visitors to improve their experience. Cookies enable websites and applications to store your user preferences in order to enhance your overall website experience by better understanding your preferences, likes and dislikes. They also allow websites to identify when users are logged on their site and when they return to their site, test new content and analyze web traffic with data analytics. Apart from the data that you elect to disclose and share with us, we cannot access your computer or any other information about you through cookies.

All Leadway websites provide visitors with an option to accept the use of cookies during the browsing session. The principle of consent is relied upon and sought before any form of data processing can be performed. Every consent given by a data subject will be kept secure as evidence that consent was received.  Although most browsers automatically accept cookies, you can amend your browser settings to disable cookies. This may, however, prevent you from fully experiencing the website as it was intended.

 

The data subject will provide consent by ticking or responding to a dialogue box corresponding to declarations indicating whether consent is given or declined. Such a declaration shall be in clear and plain language.

 

9.   Social Media Platforms

The data subject may wish to subscribe to various blogs, forums, and other social media platforms hosted by Leadway (“Social Media Platforms”), which are made available to the data subject. The main aim of these Social Media Platforms is to promote our services and allow the data subjects to engage with our content. However, Leadway cannot be held responsible if the data subject shares personal information on Social Media Platforms that is subsequently used, misused or otherwise appropriated by another user. The data subject is required to consult the Privacy Statements of such other services before using them.

 

10. Third-Party Access and Purpose of Access

10.1 Disclosures to Employees

Leadway’s Employees have access to personal data and process personal data based on a “need to know” to do their job on behalf of the Company. Leadway regularly checks who has access to its systems and data.

10.2 Disclosure to Third Parties

Leadway may disclose data subjects’ personal information to the following categories of third parties:

  1. Leadway service providers and agents, e.g. IT companies that support Leadway’s technology, marketing agencies, research specialists, document management providers and tax advisers.
  2. Leadway professional advisers: external auditors; reinsurers; medical agencies; loss adjusters, claims assessors and external legal counsels.
  3. Clients who provide Leadway with data subjects’ personal data.
  4. Medical facilities
  5. Industry Regulators.
  6. Intermediaries who provide Leadway with data subjects’ personal data.
  7. Persons/entities legally authorized to act on behalf of Leadway, e.g. Lawyers, Insurance Brokers and loss adjusters, etc.
  8. Individuals nominated and authorized by the data subject to engage Leadway on their behalf.
  9. Disclosure to Credit referencing organization to obtain information which may be used by Leadway to determine its risk selection, pricing and underwriting.
  10. Fraud detection agencies and other parties who maintain fraud detection registers.
  11. Independent Customer satisfaction survey providers.
  12. Financial organizations and advisers
  13. Government and its Agencies.
  14. Emergency assistance Companies
  15. Debt collection agencies
  16. Selected third parties in connection with the sale, transfer or disposal of the business or in connection with employee assessment, academic records verification and employee well-being survey.

The above disclosures to the third party shall be made only to the extent necessary for the specific purpose for which the data is provided, and the third party shall be informed of the confidential nature of such information and shall be directed to keep the data subject’s information strictly confidential.     

12. Cross-border Transfer of Personal Data

Leadway may be required to transfer client personal information to a third party in a foreign country. This shall be carried out in line with the provisions of the NDPA as follows:

  • The transfer of the client’s personal information would be to a third party in a foreign country that has adequate data protection laws.
  • Leadway has the right to be informed of the transfer of their personal information and the appropriate safeguards for data protection in the foreign country.
  • The data subject’s personal information may be transferred to a third party in a foreign country in the following circumstances:
    • Where the data subject has consented to the proposed transfer after having been informed of the possible risks of such transfers.
    • The transfer is for the performance of a contract between the data subject and Leadway.
    • The transfer is for the performance of a contract concluded in the interest of the data subject between Leadway and another natural or legal person.
    • The transfer is for the public interest.
    • The transfer is for the establishment exercise or defence of a legal claim.
    • The transfer is to protect the vital interest of the data subject or other persons, where the data subject is physically or legally incapable of giving consent.

13. Length of time for keeping client personal information

Leadway has documented and approved a retention policy that guides the retention of the different categories of information it processes. The length of time for storing the data subject’s personal information shall be in line with Leadway’s Retention policy. This includes keeping the data subject’s information for a reasonable period as stated in the Retention policy upon effluxion of the data subject’s relationship with Leadway or its client has ended, particularly for statistical analysis, pricing and risk modelling and reference purposes.

In certain instances, Leadway will minimize personal data or de-identify data for use in statistical or analytical activities. This is undertaken in accordance with the data protection laws.

14. Data Subject’s Rights

In accordance with the provisions of the Nigerian Data Protection Act, the following are the rights of the data subject regarding their personal data.

  • Leadway shall disclose the specific purpose for which the information is required before obtaining the information from the data subject and shall inform the data subject of his/her right and method of withdrawal of consent.
  • The data subject has the right to request that Leadway perform certain activities on his/her personal information, such as a request for a copy of their personal information, correction of errors on the personal information, a change in the use of their personal information, or delete their personal information. Leadway is obligated to either carry out the data subject’s instructions or explain why it may not be possible – usually because of a legal or regulatory issue.
  • Data subjects have the following rights in respect of Leadway’s use of their personal information:
  • Right to access: The data subject has a right to request a copy of their personal information as maintained by Leadway. This channel is available on the website.
  • Right to rectify: Leadway takes due care to ensure that the personal information we maintain about data subjects is accurate and complete. However, if a data subject believes the information is inaccurate or incomplete, such a data subject has the right to request an amendment.
  • Right to erase: Under certain circumstances, a data subject may ask that Leadway erase their personal information. For instance, where the personal information collected is no longer necessary for the original purpose or where consent is withdrawn. However, this will need to be balanced against other factors, such as the type of personal information obtained, the original reason for collection, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and Leadway’s continuous assessment of risk relating to the data. There may be some legal and regulatory obligations which prevent Leadway from complying immediately.
  • Right to restriction of processing: under certain circumstances, but subject to regulatory requirements, a data subject may be entitled to instruct Leadway to stop using his/her personal data. This is applicable where:
    1. A data subject contests the accuracy of personal information held by the data controller
    2. Processing of personal data of the data subject is unlawful
    3. The data controller no longer requires the personal data, but the data is required by the data subject for the establishment, exercise or defence of legal claims
    4. The data subject has objected to processing, pending the verification of whether the legal grounds for the data controller override those of the data subject.
  • Right to data portability: Under certain circumstances, data subjects have the right to ask that Leadway transfer any personal information that they have provided to Leadway to another third party. Once transferred, the other party will be responsible for safeguarding such personal information.
  • Right to object to marketing: Data Subject can object to the processing of his/her personal data for the purposes of marketing.
  • Right to lodge a complaint: Leadway’s data subject has the right to lodge complaints, in the event that there is an objection to the manner in which personal information is being used by Leadway. Such complaints can be communicated using the contact details provided in this policy. However, there are cases where Leadway may be unable to comply with the data subject’s requests for reasons such as the Company’s obligations to comply with other legal or regulatory requirements.

Notwithstanding, Leadway shall respond to complaints and where compliance is not feasible, an explanation will be provided accordingly.

  • Leadway shall communicate any rectification or erasure of personal data or restriction to each recipient to whom the data personal data has been disclosed unless this proves impossible or involves disproportionate effort.
  • In some circumstances, exercising some of these rights will mean Leadway is unable to continue providing cover under the data subject’s insurance policy and may therefore result in cancellation of the data subject’s policy and the data subject will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before the right was exercised, if Leadway’s ability to handle the claim has been prejudiced. Each data subject’s policy terms and conditions set out what will occur in the event of a policy cancellation.
  • Automated decision making: Some of Leadway’s assessments of risks are made automatically by inputting the data subject’s personal information into a system, the criteria of which is determined by Leadway’s underwriting team and the decision is then calculated using certain automatic processes. We make automated decisions in the following situations:
  • Premium computation: we use the data subject’s personal information to determine premium and eligibility.
  • Fraud and money laundering prevention: Leadway uses automated anti-fraud and money laundering filters that check against global databases individuals known to have undertaken fraudulent and/or money laundering transactions and will reject those applicants based on outcomes of the automated checks.
  • Application assessment: Leadway may use scoring methods to assess applications, perform identity verification and determine premiums. Examples of information used by Leadway systems to do this include age, address, lifestyle (e.g. smoking, drinking, exercise routines) and medical history. If a data subject does not consent to process sensitive information in this manner, Leadway may be unable to assess the application or provide a quote. Alternatively, Leadway may only be able to offer to the data subject, policies that do not require Leadway to have that information from the onset. The automated decision-making performed by Leadway systems during the application is proprietary to Leadway, and the results thereof are not shared with third parties.
  • Right not to be subject to automated decision-making: A data subject reserves the right not to be subject to a decision based solely on automated processing of personal data, including profiling. Where the data subject chooses to opt out of automatic decision-making, formal communication to that effect will suffice. However, this shall not apply where:
    1. It is necessary for entering into or performing of contract between Leadway and the data subject.
    2. Authorized by law which provides safeguards for the fundamental rights and freedoms, and the interests of the data subject.
  • Authorized by the consent of the data subject.
  • The Data subjects can enforce the above rights by sending an email to . The Data Controller is obligated to act on the request of the data subject without delay. In the event that Leadway does not take action on the request of the Data Subject, Leadway shall within one month of receipt of the request, inform the Data Subject of the reasons why the request has not been actioned.
  • The exercise of the rights listed above shall be in conformity with constitutionally guaranteed principles of the Nigerian Data Protection Act for the general protection and enforcement of fundamental rights.  

15. Marketing

  • The data subject reserves the right to the use of their personal information for marketing and Leadway shall obtain the consent of the client prior to using such information for marketing purposes in specific cases not covered under this policy.
  • Leadway is committed to only providing insurance marketing materials and communication to its customers that are relevant to their requirements and usage patterns. Where the data subject chooses to unsubscribe from our mailing lists, this can be achieved at any time by following the unsubscribe instructions that appear in all marketing emails or contacting Leadway via the details set out in this policy
  • Periodically, Leadway may run specific marketing campaigns through social media and digital advertising that the data subject may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. Should a data subject not want to see such campaigns, the data subject shall be responsible for adjusting preference settings within the specific social media platform, including cookie and browser settings
  • Leadway may retain any data provided on its website and mobile apps for a reasonable period, subject to the data subject’s prior consent, even if the contract is not consummated, and such information may be used to enquire why the contract is not consummated.
  1. Data security and integrity:

We have implemented reasonable and effective security policies and procedures to protect your personal information from unauthorized access, data loss and misuse. To the best of our ability, access to your personal information is limited to those who have a need to know and are required to always maintain the confidentiality of such information. Despite our best efforts and intentions, we acknowledge that security cannot be guaranteed against all threat actors. Hence, we also make reasonable efforts to retain personal information only for so long.

  • as the data subject asks that the information be kept or requested for.
  • as to comply with legal, regulatory, internal business or data retention policy requirements.

17. Remedies for Violation of Data Protection Policy 

In the event of a violation of this policy, the data controller shall redress the violation within 30 days. Where the violation pertains to the disclosure of the data subject’s information without his/her consent, such information shall be retracted immediately, and confirmation of the retraction shall be sent to the data subject within 72 hours of the redress. Where the violation is caused by any representative of the data controller, such representative shall be subject to appropriate sanction.

Additionally, you are at liberty to report to the Nigeria Data Protection Commission (the NDPC) or seek other legal remedies for infringement.

18. Contact details of the Data Controller and Data Protection Officer

For further information, you can visit the Company Address:

East Wing, Second Floor, Marble House, Falomo, Ikoyi, Lagos.

Email address:

 

Subject Access Request may also be made directly to the DPO’s Email Address: