Created to align with Lesotho’s Data Protection Act, 2012/2013 and international standards like GDPR and APEC, balancing local legal obligations with global best practices for © 2025 TransAfrica Life.
1. Scope & Authority
- Applies to all personal information collected or processed by TransAfrica Life within Lesotho or individuals located in Lesotho. Wikipedia
- Covers all formats: online forms, WhatsApp, social media, email, and paper-based systems.
- Governed by Lesotho’s Data Protection Act, 2012/13, incorporating principles akin to GDPR and SADC rules. DataGuidance
2. Key Principles of Data Processing
TransAfrica Life commits to eight core principles under Lesotho law: accountability, lawfulness, purpose limitation, compatibility, accuracy, openness, security, and data subject participation.
3. What Data We Collect
- Identity Data: name, national ID, date of birth
- Contact Data: telephone, email, postal address
- Sensitive Data: health, beneficiary relationships
- Digital & Usage Data: WhatsApp messages, social media interactions, IP address, device info
4. Purpose & Legal Basis
- Personal data is processed only for explicit, legitimate purposes, such as underwriting, claims, customer support, marketing, and compliance with insurance regulations.
- We rely on explicit consent, contract performance, legal obligation, or vital interest as lawful bases.
5. Consent & Transparency
- We will inform Data subjects at or before collection about: the purpose, data controller contact, processing uses, retention, and their rights.
- Consent is explicit, informed, and freely given, except where processing is mandatory by law.
6. Data Minimization & Accuracy
- We collect only data needed for stated purposes (applications, claims, refunds and amendments.
- Personal information is safely kept accurate and up‑to‑date, with clients and subjects encouraged to request corrections.
- Retention periods comply with legal and operational requirements; data is deleted when no longer needed after the agreed timeframes in reference to Data Security regulations and MOU with the CBL as our regulator.
7. Security Measures & Breach Notification
- We implement organizational, technical, and physical safeguards—such as encryption, access controls, and periodic risk assessments to safeguard all data. We safeguard all the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
- Any breach compromising personal data is reported promptly to the Data Protection Commission and affected individuals promptly.
8. Disclosure & Data Sharing
- Data may be shared with legally required parties, insurers, claims processors, auditors or regulators—but only when necessary for service delivery or compliance.
- Third-party data processors (e.g. cloud providers, marketing firms) are governed by written contracts confirming equal security and confidentiality safeguards.
- Cross‑border transfers are permitted only to countries with adequate protections or upon obtaining explicit consent and using safeguards (e.g. binding corporate rules or contractual clauses).
9. Privacy by Design & Global Standards
- We integrate Privacy by Design and Default, ensuring that systems and processes default to the most privacy-preserving settings.
- We aim to align with international best practices like GDPR, CBPR, and Interprivacy frameworks to support cross-jurisdictional trust and interoperability.
10. Updates to Policy & Contact
- We may update this Privacy Policy as laws or practices evolve. The revised version is effective immediately upon publishing. If changes materially alter your rights or how we process data, we will notify affected individuals.
11. Complaints & Regulatory Oversight
- You can lodge a complaint with the Lesotho Data Protection Commission if you believe your data rights have been violated.
- Controllers who violate the law may face criminal penalties up to M 50,000 and/or up to 5 years’ imprisonment, and civil liability to the data subject.
12. Summary & Trust Commitment
- At TransAfrica Life, we commit to lawful, fair, and transparent handling of your personal information and data. Your privacy is protected under both Lesotho law and evolving global standards. Please reach out any time to exercise your rights or discuss our privacy practices from the information below:
Contact Us
For questions about these Terms or our services, please contact:
TransAfrica Life Insurance Company Limited LTD
Moposo House, Shop 6, Kingsway, Maseru, Lesotho
Main Office: +266 223 24606
WhatsApp: +266 620 24606
Mobile: +266 562 02806
Email: lesothoadmin@trans-africa.co.za