THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT POLICY
The Protection of Personal Information (POPI) Act requires us to inform clients how we use and disclose their personal information obtained from them. We are committed to protecting our clients’ privacy and will ensure that the clients’ personal information is used appropriately, transparently, and according to applicable law. Your right to privacy and security is very important to us. We, Yield Capital (Pty) Ltd treat personal information obtained as private and confidential and are committed to providing you with secure access to our services.
This Privacy Policy tells you how we will process and protect your personal information.
Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination, and use of your personal information. Because of the sensitivity of some personal information, we ensure that the way we process your personal information complies fully with POPIA.
This Privacy Policy applies to any of your personal information that we collect and process through our business, and or which you authorise us to collect from third parties.
You will see that some of the words listed in this Privacy Policy are in italics. Those words are defined in POPIA and those definitions apply to this Privacy Policy. For example, under POPIA, you are defined as a data subject.
Our Privacy Policy terms may change from time to time. When we change them, the changes will be made on our website, and we endeavor to give you notice of any changes we think are of relevance to you.
1. Your rights under this Privacy Policy
You have the right to have your personal information processed lawfully. Your rights include the right:
- to be notified that your personal information is being collected or that your personal information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;
- to find out whether we hold your personal information and to request access
- to your personal information;
- to request us, where necessary, to correct, destroy or delete your personal information;
- to object, on reasonable grounds, to the processing of your personal information;
- to object to the processing of your personal information for purposes of direct marketing, including by way of unsolicited communications;
not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your personal information; - to submit a complaint to the Regulator if you believe that there has been interference with the protection of your personal information, or if you believe that an independent adjudicator who may be resolving your complaint against us, has not decided the matter correctly; and
- to institute civil proceedings against us if you believe that we have interfered with the protection of your personal information.
2. Types of personal information collected and how we collect it
We collect and process clients’ personal information to provide our clients with access to the services and products required to provide a comprehensive wealth management solution. The type of information we collect may depend on the need for which it is collected and will be processed for that specific purpose only. Where possible, we will inform the client what information is required to be provided to us and what information is optional.
We collect and process your personal information mainly to fulfil our services commitment to you and to enable access to our services and products (and all other activities and processes incidental thereto), to help us improve our offerings to you and for certain other purposes explained below.
The type of information we collect will depend on the purpose for which it is collected and used (processed). We will only collect information that we need for that specific purpose.
Examples of the personal information that we collect are as follows (but it is not limited to the examples provided):
Some of your information that we hold may include, your first and last name, identity number, email address, a home, postal or other physical address, other contact information, your title, birth date, gender, marital status, details of a driving license, occupation, qualifications, past employment, residency status, your investments, assets, liabilities, insurance (including previous insurance and claims experience), income, expenditure, family history, medical information, telephone recordings of conversations, emails, your banking details, premiums paid and information relating to claims and other investigations (including reports and photos).
We collect information directly from you, where you provide us with your personal details, for example when you purchase a product or services from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
We also collect information about you from other sources as explained below.
With your consent, we may also supplement the information that you provide to us with information we receive from other companies such as Product Providers or other Financial Services Providers, in order to offer you a more consistent and personalized experience in your interactions with us.
We will not intentionally collect and process the personal information of a child unless we have the permission of an authorized and competent person.
The examples of collection are summarized below (but it is not limited to the examples provided):
- Our computer systems
- Insurance, Investment, Customer Due Diligence and other Proposal and
- Application Forms
- Previous and current Insurance, Investment or other Policies or Schedules
- Claim Forms
- Telephone Calls
- Emails
- Wills
- Trust deeds and related documents
- Business associates such as Product Providers, Financial Services Providers etc.
3. How we use your information
Given our aim to provide you with ongoing financial services, we would like to use your information to keep you informed about your investments and policies as well as other financial products and services which may be of particular interest to you.
You may also give and withdraw consent and tell us what your communication preferences are.
We do not and will not sell personal information to a third party. We may disclose your personal information to our service or product providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms.
We may share your personal information with, and obtain information about you from (read with examples of collection):
- Third parties for the purposes listed above, for example contracted product providers or insurers, Astute, credit reference and fraud prevention agencies, law enforcement agencies, banks etc.
- Other companies (as mentioned above) when we believe it will enhance the services and products we can offer to you, but only where you have not objected to such sharing
- Other third parties from whom you have chosen to receive marketing information
- Third parties or services providers such as IT providers, system administrators, collection agencies etc. that enables us to operate as a Financial Services Provider and an Accountable Institution.
4. How consent is obtained
In order to use our services, you need to accurately complete a number of internal forms and documents available from us. These forms require that you to provide us with certain personal information which includes, but is not limited to, your names, email address, your identity number, proof of address, contact numbers, and proof of banking. We also obtain your consent when you complete the forms allowing us to proceed with the business transaction.
5. How we use your personal information
We will use your personal information only for the purposes for which it was collected or agreed with you, with some examples noted below (but it is not limited to the examples provided):
- To confirm and verify your identity for security purposes and update your details
- To perform customer due diligence or enhanced customer due diligence processes as required by the money laundering and terrorist financing legislative framework
- For operational purposes
- For purposes of claim checks
- For the detection and prevention of fraud, crime, money laundering or other malpractice
- To conduct market or customer satisfaction research or for statistical analysis
- Resolving complaints
- For audit and record keeping purposes
- In connection with legal proceedings
We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law.
We will only transfer your personal information outside the borders of South Africa with your consent and where the privacy legislation is of a high standard. We do not use your personal information for marketing purposes without your consent.
6. Retention, amendment, and destruction of personal information
We only retain your personal information for a period necessary to achieve the purpose we collected it for, unless the longer retention of your personal information is required or authorised by law. Once we have achieved that purpose we will, as soon as reasonably practical, destroy or delete the record of your personal information in accordance with the provisions of POPIA.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an ongoing basis, continue to review our security and risk management controls and related processes to ensure that your personal information is secure.
Our risk management (security) policies and procedures cover:
- Physical security
- Computer and network security
- Access to personal information
- Secure communications
- Security in contracting out activities or functions
- Retention and disposal of information
- Acceptable usage of personal information
- Governance and regulatory issues
- Monitoring access and usage of private information
- Investigating and reacting to security incidents
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them (our confidentiality agreements) to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Personal Information is securely stored on administrative systems, computer systems, servers (in and outside South Africa), laptops, filing cabinets and the “cloud”.
Your personal information is stored for a minimum of five years after the cancellation or termination of the transaction or business relationship in accordance with applicable legislation. We will take reasonable steps to destroy or de-identify your personal information when the law no longer requires us to retain or keep it.
It’s important that your personal information is up to date and accurate.
7. Transfer of personal information to third parties
For us to carry out our obligations in terms of the services concluded between ourselves and you, we may need to pass your personal information on to third parties, such as our product providers. This Privacy Policy records your consent to us passing your personal information on to those third parties.
We will ensure that your personal information is processed in a lawful manner and that we do not infringe your privacy rights. In the event that we ever outsource the processing of your personal information to a third party operator, we will ensure that the operator processes and protects your personal information using reasonable technical and organisational measures that are equal to or better than ours.
8. Data protection
We take every reasonable precaution to protect your personal information (including information about your activities) from theft, unauthorised access and disruption of services.
Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our systems and other assets for security vulnerabilities.
Please note that we process and collect your personal information when you contact us electronically or complete a quotation or application form online.
9. Policy amendments
We may amend and/or update these standard terms and conditions at any time. Users acknowledge and agree that it is their responsibility to review these standard terms and conditions periodically and become aware of any amendments and/or updates.
10. How to contact us
If you have questions and/or comments about our privacy policy or need to protect any of your rights set out in this policy, please contact our information officer on email address info@yieldcap.co.za
Our physical address is 1st Floor, Crystal Towers, Corner of Century Boulevard and Rialto Road, Century City, Cape Town, 7441, South Africa.