Privacy policy

Data Protection and Privacy Statement 

The Chartered Insurance Institute of Nigeria (“CIIN”, “the Institute”, “we”, “our”, or “us”) is committed to protecting the privacy, integrity, and security of all personal and sensitive information provided to or collected by the Institute. We recognise that personal information is a valuable asset and we handle it in accordance with applicable Nigerian data protection laws, including the Nigeria Data Protection Act 2023, as well as regulatory guidance issued by the Nigeria Data Protection Commission.

This Privacy Policy (“Policy”) explains how we collect, process, use, store, disclose, and protect Personal Information, your rights in relation to your Personal Information, and the measures we employ to safeguard it.

Who we are

Founded in 1959 by its Articles of Association and Memorandum of Association, the Institute was known as the Insurance Institute of Nigeria until 26 February 1993, when it became chartered by Decree (now Act) No. 22 of the Federal Republic of Nigeria.

Upon its establishment in 1959, the Institute became the rallying point for insurance practitioners in Nigeria, comprising a few expatriates and their Nigerian counterparts whose pioneering efforts laid the foundation for what has now become a veritable force in the Nation’s Financial Services Industry and the Economy at large.

The Institute was affiliated with the Chartered Insurance Institute (CII), London, in 1960 in order to model its operations after the London Institute, which at the time produced the majority of insurance professionals whose expertise was indispensable in shaping professional practice in the early years.

What is personal information, and what personal information does CIIN collect about you

Personal Information” means any information relating to an identified or identifiable individual, including but not limited to:

  • Names, addresses, telephone numbers, and email addresses;
  • Photographs and biometric data;
  • Academic, examination, and professional records;
  • Physical, physiological, mental, economic, cultural, or social identifiers;
  • Membership, employment, educational, examination, or financial information.
  • Payment and billing information
  • MCPD (Mandatory Continuing Professional Development) records
  • Website usage data, such as IP addresses and cookies

Where personal information is combined with other data, the combined dataset will be treated as Personal Information.

What personal information does CIIN collect?

As a membership organisation, we collect, use, store, and transfer different types of Personal Information about members, prospective members, and customers. We also collect information from consultants, contractors, agents, and employees. This information includes:

  • Full name, contact details (email, phone number, address)
  • Date of birth and identification details
  • Academic and examination records
  • Membership information (where applicable)
  • Employment details (for staff and applicants)
  • Payment and billing information
  • MCPD details
  • Job role, position and company information
  • Membership of local institutes
  • Website usage data (IP address, cookies)

Members are required to provide this information to enable identity verification, accreditation, and the fulfilment of obligations under the membership contract.

How is your personal information collected?

CIIN collects information when you:

  • Apply for membership or make enquiries
  • Register for professional examinations
  • Contact our administrative or customer service teams
  • Participate in CIIN programmes, training, or professional development activities
  • Provide updates during your membership with the Institute.

We may also receive relevant information from third parties, including employers, regulators, or affiliated professional bodies, where necessary for legitimate institutional purposes.

Lawful Basis for Processing

CIIN processes personal information in accordance with lawful bases recognised under the Nigeria Data Protection Act 2023, including:

  • performance of contractual obligations relating to membership services
  • compliance with legal or regulatory obligations
  • legitimate institutional interests in administering professional programmes
  • consent where required under applicable law

Cybersecurity

The Institute prioritises the integrity of our digital infrastructure to protect member data from unauthorised access or cyber threats. Our cybersecurity framework includes:

  • Encryption: Utilising industry-standard encryption for data at rest and in transit.
  • Access Governance: Strict “least-privilege” access controls, ensuring only authorised personnel handle sensitive data.
  • Monitoring: Regular security audits and vulnerability assessments to identify and mitigate potential risks.
  • Incident Response: Protocols for identifying, containing, and remediating security breaches to minimise impact on our members.

How do we use your information?

We use Personal Information to:

  •  administer membership applications and records
  •  organise examinations, certifications, and professional development programmes
  •  maintain accreditation and MCPD records
  •  communicate institutional updates and professional information
  •  process payments and maintain financial records
  •  fulfil regulatory, disciplinary, and governance responsibilities
  •  improve our services and digital platforms

To whom do we disclose your information?

CIIN may disclose Personal Information to third parties strictly in the following circumstances:

  1. Contractual Necessity: Employers, service providers, logistics, examination boards, or outsourced membership management providers, under data processing agreements ensuring compliance with confidentiality and data protection obligations.
  2. Legal Compliance: Regulators, government authorities, courts, or law enforcement agencies, when required by law or to protect CIIN’s legal rights.
  3. Professional Collaboration: Professional bodies, auditors, legal advisors, and accountants, for purposes consistent with CIIN’s mission.

CIIN does not sell Personal Information to third parties under any circumstances.

What do we do to keep your information secure?

We have implemented appropriate physical and technical measures to safeguard the Personal Information we collect in connection with our services. Access to your Personal Information is restricted to employees, agents, contractors, and other third parties who require it for legitimate business purposes. They will process your Personal Information only in accordance with our instructions and are bound by confidentiality obligations. However, please note that, despite taking these protective measures, no website, product, device, online application, data transmission, computer system, or wireless connection can be guaranteed completely secure, and we cannot ensure the absolute security of your Personal Information.

Data Retention – How long will we store/keep your personal information 

Personal Information is retained only for as long as necessary for the purposes for which it was collected or as required by law. When no longer needed, Personal Information will be securely deleted, anonymized, or returned to the individual, consistent with applicable laws and regulations.

Accessing your personal information and other rights you have

CIIN will collect, store, and process your Personal Information in accordance with your rights under applicable Data Protection Laws. In certain circumstances, you have the following rights regarding your Personal Information:

  • Subject Access – You have the right to request details of the Personal Information we hold about you, as well as copies of such information.
  • Right to Withdraw Consent – If our use of your Personal Information is based on your consent, you have the right to withdraw that consent at any time. Should you wish to withdraw your consent to processing, please contact us.
  • Data Portability – In certain circumstances, you may request that we transfer your Personal Information directly to another organisation.
  • Rectification – We want to ensure that the Personal Information we hold about you is accurate and up to date. If you believe any information we have is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will correct or update any inaccurate or incomplete Personal Information.
  • Erasure (‘Right to Be Forgotten’) – You have the right to have your Personal Information erased in certain specified situations.

Changes to this data protection notice 

CIIN reserves the right to revise this Policy. Material changes will be communicated by email or posted on our website. The “Date Last Updated” indicates the most recent revision. Continued use of CIIN services constitutes acceptance of the updated Policy.

Data Breach Notifications

In the event of a personal data breach that poses a risk to your rights, CIIN will promptly notify affected individuals and relevant authorities in accordance with legal requirements.

Location 

If you have any questions regarding your data or how we protect your data rights, please contact us:

Address:

27, Lagos Street, Ebutte-Meta, Lagos, Nigeria.

Phone:

08172040922

Email:

info@ciinigeria.org

dpo@ciinigeria.org

This Privacy Policy was last updated on March 24, 2026

Support