SANSURE CC - POPIA POLICY
In terms of section 14 of the Constitution of the Republic of South Africa, 1996, everyone has the right to privacy, which includes a right to protection against the unlawful collection, retention, dissemination and use of personal information. To respect, protect, promote and fulfill these, the relevant Government departments have enacted the Protection of Personal Information Act, 2013 (Act no 4 of 2013).
POPIA is an acronym used for the Protection of Personal Information Act, 2013 (Act no 4 of 2013) and this acronym will be used in all of Sansure CC’s documentation when any reference is made to the Protection of Personal Information Act, 2013.
The main purposes of POPIA are: -
To promote the protection of personal information processed by public and private bodies.
To introduce certain conditions so as to establish minimum requirements for the processing of personal information.
Regulate the manner in which personal information may be processed.
Establishing conditions, that prescribe the requirements for the lawful processing of personal information.
To provide for the issuing of codes of conduct.
To provide for the rights of persons regarding unsolicited electronic communications and automated decision making.
To regulate the flow of personal information across the borders of the Republic.
Sansure CC is an authorised financial services provider (FSP) and is a “Private Body” as determined by POPIA. In the normal course of our business, we will be collecting, retaining, disseminating, using, and processing personal information of our clients to enable us to carry out our contractual duties, whether expressly and/or tacitly agreed.
At Sansure CC, we wholly subscribe, respect and support the rights and privileges conferred on all inhabitants of the Republic in terms of our Bill of Rights and we endeavour to comply to the best of our ability to all the laws of our land.
We further wish to confirm that Sansure CC’s personnel are committed to protect our clients’ right to privacy and assures our clients that their Personal Information will be used appropriately, transparently, securely and in accordance with applicable laws.
The policy is available on our website www.sansure.co.za and will be provided on request. A copy of our POPIA Manual is available on request as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000).
Our clients can rest assured that we will respect and protect their rights to privacy and the confidentiality of their personal information collected, processed, and stored by us.
We will only require and process your personal information for the purposes of rendering our services to you in a competent and professional manner, meaning it will only be processed for the purposes collected and we will ensure that the information obtained is adequate, relevant, and not excessive.
It is our policy that our clients’ personal information will only be obtained, processed, and stored in terms of the conditions for lawful processing of personal information as set out in Chapter 3 Part A of POPIA. These conditions are: -
Condition 1 - Accountability
Condition 2 – Processing limitation
Condition 3 - Purpose specification
Condition 4 – Further processing limitation
Condition 5 – Information quality
Condition 6 - Openness
Condition 7 – Security safeguards
Condition 8 – Data Subject participation
Due to the nature of our business and in the process of the fulfillment of our contractual obligations to our clients we will have to share some or all of the personal information obtained from a client with product providers and/or operators in order for us to be able to provide you with suitable advice and/or products and to keep records as required of us in legislation applicable to our industry.
It is therefore our policy that we will not share any personal information with any product provider and/or operator unless we are satisfied that they have sufficient safeguards in place to convince us that they will respect and protect our clients’ right to privacy with the same commitment as us.
In terms of the personal information in our possession and/or control our clients have the following rights in order to protect and safeguard their personal information: -
The Right to Access their personal information
The Right to Object to the processing of their personal information
The Right to have their personal information Corrected or Deleted
The Right to Object to have their personal information processed for the purpose of Direct Marketing
The Right to Complain to the Information Regulator
The Right to be Informed
that their personal information is being collected
that their personal information has been accessed by or acquired by unauthorised person/s.
It is further our policy that we will assist our clients as far as possible to exercise any of their rights set out above.
It is our policy that we only keep personal information of our clients for as long as is required from us in terms of the applicable legislation in the financial services industry and/or as required in terms of other relevant South African legislation.
The financial services legislation requires us to keep records of clients’ records for a period of 5 years after termination of the financial product concerned or after termination of the business relationship between the client and Sansure CC whichever is the longest.
Should a client have a complaint about any alleged unlawful access and/or processing of their personal information, they must immediately contact one of our Information Officers. You will then be provided with the necessary forms and procedures for lodging a complaint. Should you so desire Sansure CC will assist you and take whatever steps in their power to help you minimise your exposure and/or any damages or potential damages you may suffer as a result thereof.
Actual or Planned Transborder Flows of Personal Information
Sansure CC has no planned Transborder Flows of Personal Information.
General Description of Information Security Measures
Sansure CC employs up to date technology to ensure the confidentiality, integrity, and availability of the Personal Information under its care. Measures include:
- Virus protection software and update protocols
- Logical and physical access control;
- Secure setup of hardware and software making up the IT infrastructure;
- Outsourced Service Providers who process Personal Information on behalf of Sansure CC are contracted to implement security controls.
Sansure CC may supply the Personal Information to service providers who render the following services:
- Capturing and organising of data;
- Storing of data;
- Sending of emails and other correspondence to clients
- Conducting due diligence checks;
- Administration pertaining to the financial products on which Sansure CC provides financial services;
- Product providers that Sansure CC is contracted to enable them to quote and provide products that clients require.