- THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT POLICY
The Protection of Personal Information (POPI) Act requires us to inform clients how we use and disclose their personal information obtained from them. We are committed to protecting our clients privacy and will ensure that the clients personal information is used appropriately, transparently and according to applicable law. Your right to privacy and security is very important to us. Resolute Wealth Management (RWM) treat personal information obtained as private and confidential and are committed to providing you with secure access to our services.
- Personal information
In terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information. Because of the sensitivity of some personal information, we ensure that the way we process your personal information complies fully with POPIA.
You have the right to have your personal information processed lawfully. Your rights include the right:
- to be notified that your personal information is being collected or that your personal information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;
- to find out whether we hold your personal information and to request access to your personal information;
- to request us, where necessary, to correct, destroy or delete your personal information;
- to object, on reasonable grounds, to the processing of your personal information;
- to object to the processing of your personal information for purposes of direct marketing, including by way of unsolicited communications;
- not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your personal information;
- to submit a complaint to the Regulator if you believe that there has been interference with the protection of your personal information, or if you believe that an independent adjudicator who may be resolving your complaint against us, has not decided the matter correctly; and
- to institute civil proceedings against us if you believe that we have interfered with the protection of your personal information.
- Types of personal information collected and how we collect it.
We collect and process clients personal information mainly to provide our clients with access to the services and products of the providers with whom we have contractual agreements in place and to help us improve our services to our clients. The type of information we collect may depend on the need for which it is collected and will be processed for that specific purpose only. Where possible, we will inform the client what information is required to be provided to us and what information is optional.
We collect and process your personal information mainly to provide you with access to our services and products (and all other activities and processes incidental thereto), to help us improve our offerings to you and for certain other purposes explained below.
The type of information we collect will depend on the purpose for which it is collected and used (processed). We will only collect information that we need for that specific purpose.
Examples of the personal information that we collect are as follows (but it is not limited to the examples provided):
Some of your information that we hold may include, your first and last name, identity number, email address, a home, postal or other physical address, other contact information, your title, birth date, gender, marital status, details of a driving license, occupation, qualifications, past employment, residency status, your investments, assets, liabilities, insurance (including previous insurance and claims experience), income, expenditure, family history, medical information, telephone recordings of conversations, emails, your banking details, premiums paid and information relating to claims and other investigations (including reports and photos).
We collect information directly from you, where you provide us with your personal details, for example when you purchase a product or services from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
We also collect information about you from other sources as explained below.
With your consent, we may also supplement the information that you provide to us with information we receive from other companies such as Product Providers or other Financial Services Providers, in order to offer you a more consistent and personalized experience in your interactions with us.
We will not intentionally collect and process the personal information of a child unless we have the permission of a competent person. The examples of Collection are summarized below (but it is not limited to the examples provided)
- Our computer systems,
- Our website,
- Insurance, Investment, Customer Due Diligence and other Proposal and Application Forms,
- Previous and current Insurance, Investment or other Policies or Schedules (provided via Astute with your consent or by you directly),
- Claim Forms
- Telephone Calls,
- Credit Reference Agency via the relevant Product Provider/s,
- Business Partners such as Product Providers, Assessors, Brokers etc.
- Social Media Platforms such as What’s Up, Face Book etc.
- How we use your information
Given our aim to provide you with ongoing financial services, we would like to use your information to keep you informed about other financial products and services which may be of particular interest to you.
You may also give and withdraw consent and tell us what your communication preferences are.
We do not and will not sell personal information to a third party. We may disclose your personal information to our service or product providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms.
We may share your personal information with, and obtain information about you from (read with examples of collection):
- Third parties for the purposes listed above, for example contracted product providers or insurers, astute, credit reference and fraud prevention agencies, law enforcement agencies, banks etc.,
- Other insurers to prevent fraudulent claims,
- Other companies (as mentioned above) when we believe it will enhance the services and products, we can offer to you, but only where you have not objected to such sharing,
- Other third parties from whom you have chosen to receive marketing information.
- Third parties or services providers such as IT providers, system administrators, collection agencies etc. that enables us to operate as a Close Corporation, a Financial Services Provider and an Accountable or Non-Accountable Institution.
- How consent is obtained
In order to use our services, you need to accurately complete a number of internal forms and documents available from us. These forms requires that you to provide us with certain personal information which includes, but is not limited to, your names, email address, your identity number, proof of address, contact numbers, and proof of banking.
We also obtain your consent when you complete the forms allowing is to proceed with the business transaction.
Please refer to our PAIA manual for the procedure to be followed if you wish to gain access to your personal information that we hold.
- How we use your personal information
6.1. The personal information that we collect from you will be used to provide the following services:
We will use your personal information only for the purposes for which it was collected or agreed with you, note examples below (but it is not limited to the examples provided):
- To provide our products or services to you, to carry out the transaction you requested and to maintain our relationship,
- For underwriting purposes,
- To assess and process claims and to take recovery action,
- For collection of premiums via Collection Agencies
- To conduct credit reference searches or verification (including credit scoring, assessment, and management)
- To confirm and verify your identity for security purposes and update your details,
- To perform customer due diligence or enhanced customer due diligence processes as required by the money laundering and terrorist financing legislative framework.
- For operational purposes, and where applicable, credit scoring and assessment and credit management,
- For purposes of claim checks,
- For the detection and prevention of fraud, crime, money laundering or other malpractice,
- For debt tracing or debt recovery,
- To conduct market or customer satisfaction research or for statistical analysis,
- Resolving complaints,
- For audit and record keeping purposes, and
- In connection with legal proceedings.
We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law.
We will only transfer your personal information outside the borders of South Africa with your consent and where the privacy legislation is of a high standard. We do not use your personal information for marketing purposes without your consent.
7.Retention, amendment, and destruction of personal information
7.1. We only retain your personal information for a period necessary to achieve the purpose we collected it for unless the longer retention of your personal information is required or authorised by law. Once we have achieved that purpose we will, as soon as reasonably practicable, destroy or delete the record of your personal information in accordance with the provisions of POPIA.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an ongoing basis, continue to review our security and risk management controls and related processes to ensure that your personal information is secure.
Our risk management (security) policies and procedures cover:
- Physical security,
- Computer and network security,
- Access to personal information,
- Secure communications,
- Security in contracting out activities or functions,
- Retention and disposal of information,
- Acceptable usage of personal information,
- Governance and regulatory issues,
- Monitoring access and usage of private information,
- Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them (our confidentiality agreements) to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Personal Information is securely stored on administrative systems, computer systems, servers (in and outside South Africa), laptops, filing cabinets and one drive (cloud).
Your personal information is stored for a minimum of five years after the cancellation or termination of the transaction or business relationship in accordance with applicable legislation. We will take reasonable steps to destroy or de-identify your personal information when the law no longer requires us to retain or keep it.
7.2. It is important that your personal information is up to date and accurate.
- Transfer of personal information to third parties
8.2. We will ensure that your personal information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your personal information to a third-party operator, we will ensure that the operator processes and protects your personal information using reasonable technical and organisational measures that are equal to or better than ours.
- Where we store your personal information
9.1. Protecting your personal Information is very important to us. We store your information on a Structured Query Language (“SQL”) Database within a Microsoft Server either hosted in the cloud in South Africa, or in KF’s access-controlled server room, behind a firewall.
- Transborder transfer of personal information
10.1. We will not transfer any personal information collected from you outside the borders of South Africa.
10.2. In the event that we transfer or store your personal information outside South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your personal information is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection.
11.2. If you do not want cookies to be installed on your computer or mobile device, please do not use our website. This means that you will not be able to use our services. By using our website, you consent to cookies, including Google Analytics, being installed on your computer or mobile device.
- Information Security
12.1. We promise that we will secure the integrity and confidentiality of your personal information in our possession or under our control. We will do this by taking appropriate, reasonable technical and organisational measures to prevent loss of damage to or unauthorised destruction of your personal information, and unlawful access to or processing of your personal information.
12.2. We have installed a firewall network security system to protect all your personal information that is stored in the cloud and on our premises. We have put in place managed security services which maintain and manage our firewall.
12.3. We have also restricted the number of persons who can access your personal information to only our staff members that are required to work on your personal information.
12.4. While we will take every reasonable measure to protect your personal information, it is very important that you maintain control over your account and or information. You should prevent anyone from accessing your account or information by not disclosing your account details i.e., usernames, passwords or any information associated with your account.
Objecting to the processing of data for advertising purposes
Users have the right to object at any time to the processing of personal data for direct marketing purposes. If a User objects, Resolute Wealth Management (RWM) will no longer process such personal data. Objections must be addressed to our Deputy Information Officer. Her details are provided below.
Business contact via our website
If a User is a business contact that has provided RWM with personal data, we will store such personal data in our database so that it is able to follow up on previous business conversations held with the User, provide additional information to the User concerning our services and/or assist the User in related services.
Email / direct mail campaign data
From time to time, RWM may contact its clients (Users) directly by mail, email, or telephone to provide information concerning new products and services. We will, however, not contact a User with any commercial communications that are unrelated to the services provided by LVM Insurance Brokers. When responding to one of these campaigns, Users may elect to provide us with personal information which will be used for the purpose indicated.
From time to time, we may conduct surveys in respect of our service delivery. Participation in these surveys is optional. If, however, Users respond to one of the surveys, Users may elect to provide RWM with personal information. Unless a User otherwise consents, we will only use the information to determine the type/s of services that may be of interest to the User and to operate and improve its service offerings.
We may amend and/or update these standard terms and conditions at any time. Users are encouraged to frequently check our website for the purposes of familiarizing themselves with these standard terms and conditions, particularly in so far as they relate to the protection of personal information. Users acknowledge and agree that it is their responsibility to review these standard terms and conditions periodically and become aware of any amendments and/or updates.
Sale of business
In the event of a change in control of RWM is acquired by another company, or preliminary discussions to that end, the personal data of Users may be included in order that the acquirer may continue to effectively serve both Users and clients.
Acceptance of standard terms and conditions
By using RWM’s website, the User signifies acceptance of these standard terms and conditions. If a User does not agree to these terms and conditions, he/she is advised not to use our website. The continued use of the website by Users following the posting of updates and/or amendments to these standard terms and conditions will be deemed to be an acceptance by such User of such updates and/or amendments.
Contacting Resolute Wealth Management (RWM)
If a User has any questions concerning these standard terms and conditions and/or the practices and/or dealings of RWM’s website, kindly contact our Deputy Information Officer (firstname.lastname@example.org)
Every person whose personal information we process has the following rights:
- You have the right to request copies of your personal information, subject to the terms and conditions described in our Promotion of Access to Information (“PAIA”) manual and our POPIA Policy which is available on request.
- You have the right to request that we correct any information you believe is inaccurate,
- You have the right to request that we erase your personal information, under certain conditions,
- You have the right to object to us processing your personal information, under certain conditions,
- You have the right to lodge a complaint with the Information Regulator whose contact details is in our PAIA Manual and POPIA Policy.
If you wish to object to the processing of personal information or if you wish to request for correction or deletion of personal information, then please complete Form 1 or Form 2 at the end of this privacy notice.
- How to contact us
14.2. Our physical address is Eastbury House, Hampton Office Park, 20 Georgian Crescent East, Bryanston, 2191
Resolute Wealth Management is an authorised Financial Services Provider – FSP: 13798