Your Privacy at a Glance
We know legal documents can be long. Here is a plain-language summary of the most important points before you read the full Notice:
- We collect your Personal Data to provide savings and insurance services, verify your identity, and meet our legal and regulatory obligations.
- We share your data with licensed insurance underwriters (to register your policy), our KYC and fintech partner Embedly/Sterling Bank (to verify your identity and operate your Wallet), and payment processors. We do not sell your data.
- Your National Identification Number (NIN) is mandatory for all insurance purchases and is encrypted at rest. BVN is required for higher-tier financial services.
- We operate a Lead Management System (LMS) as required by the National Insurance Commission (NAICOM). It records your platform activity and is shared only with partner underwriters and NAICOM — never with advertisers or third-party analytics platforms.
- You can access, correct, restrict, or request deletion of your Personal Data at any time by contacting our Data Protection Officer at info@skydd.ng.
- We retain policy and claims records for a minimum of seven (7) years as required by NAICOM.
- In the event of a data breach that is likely to result in risk to your data rights, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals within seventy-two hours (72) in accordance with applicable law.
- You have the right to withdraw consent, object to processing, request data portability, and lodge a complaint with the Nigeria Data Protection Commission (NDPC).
1. Introduction
At Skydd Insurance Brokers Limited (“Skydd”, “we”, “us”, or “our”), we are committed to protecting the privacy and security of personal information supplied by customers, third-party vendors, service providers, and all other persons who interact with our Platform (“you” or “your”).
This Data Privacy Notice (“Notice”) outlines how we collect, use, disclose, store, and protect your personal information in accordance with the Nigeria Data Protection Act (NDPA) 2023, the General Application and Implementation Directive (GAID) 2025, and all other applicable NAICOM regulations governing the processing of personal data.
This Notice applies exclusively to your use of our website at https://www.skydd.ng, our mobile application, and all affiliated platforms operated by Skydd (“Services”). Services include but are not limited to health insurance, auto insurance, life insurance, travel insurance, property insurance, salary protection insurance, savings products, and any other platform Skydd may use from time to time.
By accessing our Platform, you agree and consent to the collection, use, storage, and sharing of your personal information as described in this Notice.
2. Consent
By using our Platform and Services, you acknowledge and provide your explicit consent to the collection, processing, and use of your personal information as outlined in this Notice. You understand that your personal information may be used to facilitate transactions, provide customer support, enhance your experience, fulfil regulatory obligations, and manage your insurance policies and savings plans. This may involve sharing your information with trusted parties as detailed in this Notice.
You have the right to withdraw your consent at any time by contacting us at info@skydd.ng. However, please note that withdrawing consent may impact your ability to access certain features or Services, including the ability to maintain active insurance policies. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
By continuing to use our Platform, you confirm that you have read, understood, and agreed to the terms of this Notice.
3. Role Definitions
For the purpose of this Notice:
- Data Subject: An identified or identifiable natural person to whom Personal Data relates.
- Data Controller: The person or entity that determines the purposes and manner of Personal Data processing. For this Notice, Skydd Insurance Brokers Limited is the Data Controller.
- Data Protection Officer (DPO): Skydd has appointed a Data Protection Officer to ensure the strategy and implementation of data protection requirements comply with this Notice and all relevant laws. The DPO is reachable at info@skydd.ng. The responsibilities of the DPO are clearly outlined in the NDPA 2023.
- Personal Data: means any information relating to an individual, who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social, or economic identity of that individual.
4. What Personal Information Do We Collect?
Only the minimum information required to meet the purposes described in this Notice is collected. Skydd and its representatives are not responsible for the authenticity of information provided by Data Subjects. The information we collect falls into the following categories:
4.1. Information You Give Us Directly
- Personal information: Full name, date of birth, gender, email address, phone number, residential address, and profile photograph (optional).
- Government-issued identification: National Identification Number (NIN) and Bank Verification Number (BVN) are mandatory for all insurance purchases and financial services.
- Sensitive personal information: Information that, if compromised, could cause substantial harm, including genetic and biometric data linked to NIN/BVN verification, health status declarations (pre-existing conditions, smoking status for life and health products), and any other sensitive data required for underwriting purposes.
- Employment information: Employer name and address, job title, employment start date, salary band, etc.
- Financial information: Bank account details for claims payouts and beneficiary payments (encrypted at rest); wallet funding history and transaction records.
- Insurance-specific information: Vehicle details, property address, travel data, etc.
- Device information: Device type, make, model, purchase date, and IMEI or serial number, etc.
4.2. Information We Collect Automatically
- Product and usage data: Information about products you currently use, have applied for, or have previously used.
- Log data: Your device’s IP address, browser type, pages visited, time zone settings, page response times, and navigation paths.
- Device information: Hardware model, operating system version, unique device identifiers, and app version.
- Usage patterns: Full URL clickstream through and from our Platform (including date and time), page interaction data (scrolling, clicks), and session duration.
- Referral and acquisition data: How you found Skydd, including campaign source, referral channel, and UTM parameters from tracked links.
- Inferences: Interests and preferences inferred from your usage of the Platform.
4.3. Information Collected Through Cookies and Similar Technologies
To enhance your experience on the web Platform, Skydd employs cookies and similar tracking technologies including:
- Web Beacons: Electronic images used to understand how you interact with our website and emails.
- Flash Cookies (Local Shared Objects): Used to store data such as settings and preferences.
- Persistent or Session Cookies: Persistent cookies remain on your device for a set period; session cookies are deleted when you close your browser.
By accessing our website, you consent to cookies being placed on your device in accordance with this Notice. You may manage cookies through your browser’s privacy and security settings. Disabling all cookies may limit the functionality of certain features. Our mobile application does not use browser cookies but may use app-level analytics based on aggregated and anonymised data. Skydd does not integrate third-party advertising trackers, pixels, or SDKs (such as Google Analytics, Meta Pixel, or Mixpanel).
4.4. Information We Receive from Third Parties
We may receive information about you from:
- Embedly / Sterling Bank: KYC verification results, NIN and BVN match status, wallet transaction confirmations, and KYC tier assignments.
- Paystack: Payment confirmation status and transaction references.
- Family members: In instances of incapacitation or death of the insured, for claims processing.
- Loss adjusters, claims assessors, and fraud detection agencies: To support claims management and verification.
- Contractors, consultants, and business partners: Who distribute our products through their platforms.
All third-party sources are contractually obligated to comply with applicable data protection laws and to process your information solely for authorised, legitimate purposes with adequate technical and organisational safeguards.
4.5. How We Collect Your Information
Skydd collects Personal Data through:
- Know Your Customer (KYC) forms and identity verification flows;
- Electronic means including emails, in-app forms, and the mobile application;
- Claim forms and supporting document uploads;
- Inquiry and quote generation forms;
- Feedback forms, surveys, and polls;
- Recorded telephone conversations with our customer support team;
- Live chat and chatbot interactions;
- Cookies and web analytics tags (web platform only);
- Digital touchpoints including push notifications and in-app interactions.
5. How We Use Your Information
We use the information we collect to:
- 5.1 To Provide and Manage Your Services: Create and manage your Skydd Account; process premium payments and manage your policy; generate and deliver your insurance certificates.
- 5.2 To Verify Your Identity: We are legally required to verify your identity before issuing any insurance product.
- 5.3 To Meet Regulatory and Legal Obligations: Submit required reports and data to NAICOM, the NDPC, and other regulatory or law enforcement bodies as required by law; conduct fraud prevention, AML checks, credit assessment, and identity verification as required by law.
- 5.4 Communication and Notifications: Send you transactional notifications (payment confirmations, policy activations, certificate issuance, claim status updates, renewal reminders, and savings milestones; these are essential to your insurance cover and cannot be opted out of), service reminders (premium due dates, qualifying period updates, and lapse warnings), and promotional communications (new products and special offers; you can opt out at any time).
- 5.5 Personalisation and Platform Improvement: Personalise your experience, recommend relevant products, and improve our platform. We analyse non-personal, aggregated, and anonymised data to understand user behaviour and optimise our services.
- 5.6 Legal Rights and Fraud Prevention: Establish, exercise, or defend our legal rights, including in response to legal claims. We may also use it to investigate fraudulent claims, conduct fraud and AML checks, and carry out identity verification for the purpose of protecting our platform and users.
6. Legal Basis for Processing
Under the NDPA 2023 and GAID 2025, we process your Personal Data on the following legal bases:
- Contract performance: Processing necessary to provide the services you have requested, including managing your policy, processing payments, and handling claims.
- Legal obligation: Processing required to comply with NAICOM regulations, KYC requirements, Anti Money Laundering laws, the Nigerian Insurance Industry Reform Act (NIIRA) 2025, the NDPA 2023, and other applicable Nigerian law.
- Legitimate interests: Processing for fraud prevention, platform security, and service improvement, where these interests are not overridden by your data protection rights.
- Consent: Where we rely on consent (such as for promotional communications or optional data collection), you may withdraw consent at any time by contacting us at info@skydd.ng.
- Vital interests: Where processing is necessary to protect your vital interests and those of another individual (medical emergencies, death or incapacity).
- Public interest: Where processing is necessary for performance of a task carried out in the public interest or pursuant to an obligation imposed by law, including cooperation with law enforcement agencies or regulatory bodies.
8. How We Store Your Personal Information
Your personal information is stored on our secure servers hosted on AWS. In cases where we have provided you with a password to access specific areas of the Platform, it is your responsibility to keep that password confidential. Please do not share your credentials with anyone.
We may transfer and store the data we collect in countries other than Nigeria, including the United States of America, Canada, the European Economic Area (EEA), and the United Kingdom, using cloud storage solutions chosen for efficiency and performance. We will protect your data as described in this Notice and comply with applicable legal requirements providing adequate protection for cross-border transfers of data. You may request more information about the safeguards we have in place by contacting us at info@skydd.ng.
While no method of transmission or storage can be guaranteed to be completely secure, we implement appropriate technical and organisational measures designed to protect your personal information.
9. How Long We Keep Your Information
We keep your personal information, insurance policy records, claims records, KYC records, and other regulatory records for a minimum of seven (7) years after the end of the customer relationship or for such longer period as required by applicable law.
10. Your Data Protection Rights
Under the NDPA 2023, you have the following rights regarding your personal information:
- Right of access: You may request a copy of the Personal Data we hold about you, including information on what data we collect, how it is processed, and for what purposes. Requests are ordinarily processed free of charge.
- Right to rectification: If you believe your information is inaccurate or incomplete, you have the right to request correction and we will promptly address valid requests.
- Right to erasure: Under certain conditions, you may request that we erase your personal information. This right will be balanced against our legal and regulatory retention obligations.
- Right to restrict processing: You have the right to request that we restrict the processing of your Personal Data under certain conditions.
- Right to object to processing: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right to data portability: You may request the transfer of your Personal Data to another service provider in a structured, commonly used, and machine-readable format.
- Right to withdraw consent: Where processing is based on consent, you may withdraw at any time.
- Right to lodge a complaint: You have the right to lodge a complaint with the NDPC if you object to the manner in which Skydd is using your personal information.
To exercise any of these rights, please contact our DPO at info@skydd.ng. We will respond to all valid requests within seven (7) working days. In some cases we may need to verify your identity before processing your request. Please note that certain rights are subject to legal and regulatory limitations — for example, we cannot delete data we are legally required to retain under NAICOM.
11. Children’s Information
We understand the importance of protecting children’s privacy. The Skydd Platform is not directed at persons younger than 18 years of age, and we will not intentionally collect personal identifiable information from anyone under 18.
However, children may be named as beneficiaries or dependants on policies held by a parent or guardian — for example, under the Future Scholar Fund or Wellness Family Plans. In these cases:
- The child’s data (name and date of birth) is collected from and managed by the parent or guardian who holds the policy;
- We process the child’s data solely for the purpose of administering the policy and issuing the benefit;
- We do not use children’s data for any other purpose.
We do not anticipate children using our Services or visiting our Platform without adult supervision. However, if you believe your child has provided information to us, please contact us immediately at info@skydd.ng and we will promptly remove such information.
12. Remedies and Dispute Resolution
Skydd and you are each entitled to enforce rights in the event of a breach of this Notice, to recover damages caused by any breach, and to exercise all other rights under applicable law. Any claim or dispute arising in relation to this Notice shall be resolved first through amicable negotiation between the parties.
Where amicable settlement fails, the affected parties agree to resolve the dispute by mediation at the Lagos Multi-Door Courthouse (LMDC). If after 30 days from the commencement of mediation the parties are unable to resolve the dispute, either party may submit it for final determination by a court of competent jurisdiction in Lagos State, Nigeria. Each party shall bear its own costs of mediation proceedings. All disputes shall be subject to the jurisdiction of the courts of the Federal Republic of Nigeria.
Skydd shall not be liable for any breach or claim that does not arise directly from its services or Platform, or for any claim brought more than one (1) month after the date the breach occurred.
You also have the right at any time to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng or info@ndpc.gov.ng. We would welcome the opportunity to address your concerns before you approach the NDPC, so please contact our DPO at info@skydd.ng in the first instance.
13. Changes to This Notice
We may update this Notice from time to time to reflect changes in our practices, technology, legal requirements, or best practice. We will notify you of material changes by posting the updated Notice on the Platform and, where appropriate, by sending an email or prominent in-app notification at least 30 days before the changes take effect. We will update the “Last Updated” date at the top of this Notice. The current version is always available at https://www.skydd.ng.
Changes to this Notice are effective when posted on the Platform or provided to you directly. Continued use of the Platform after any update constitutes acceptance of the revised Notice.
14. Contact Us
If you have any questions, concerns, or requests regarding this Notice, the handling of your data, or if you wish to exercise your rights, please contact our Data Protection Officer:
- Entity: Skydd Insurance Brokers Limited
- Address: 11b, Oko Awo Street, Victoria Island, Lagos
- Email: info@skydd.ng
- Website: www.skydd.ng
- Phone: 09130287658
Our dedicated team will address your enquiries and requests promptly. Please provide sufficient information to help us identify you in our records and respond effectively.