PRIVACY POLICY

1. INTRODUCTION
The Protection of Personal Information Act 4 of 2013 (“POPIA”) promotes the protection of the processing of Personal Information by public and private bodies. This is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing, and sharing another entity’s personal information by holding them accountable should they abuse or compromise a Data Subject’s personal information in any way.

This statement sets out the approach towards the protection of personal information by Pilanehurst Financial Services (Pty) Ltd (Pilanehurst”) as required by POPIA. POPIA requires that PILANEHURST informs its clients (and other data-subjects such as its employees) as to the way their personal information is used, disclosed, and destroyed. PILANEHURST is committed to protecting its clients’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. The policy sets out the way PILANEHURST deals with its clients’ personal information as well as stipulates the purpose for which said information is used.

The Protection of Personal Information (POPIA) Act was signed into law by the President on 19 November 2013 and published in the Government Gazette on 26 November 2013. The commencement date has been announced as 1 July 2020 and PILANEHURST has until 30 June 2021 to be fully compliant.

An Information Regulator was appointed by the president on 26 October 2016, effective from 1 December 2016. The office of the Information Regulator is chaired by Adv Pansy Tlakula.

2. DEFINITIONS
“Personal Information” means: Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person.
  • information relating to the education or the medical, financial, criminal or employment history of the person.
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other assignment to the person.
  • the biometric information of the person.
  • the personal opinions, views, or preferences of the person.
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

The following information is excluded from the application of POPI:

  • Information for purely personal of household activity
  • Information that has been de-identified
  • Information processed on behalf of the State
  • Information processed for investigation and prosecution of criminal matters • Information used exclusively for journalistic purposes
  • Information used by the Cabinet, Executive Council of a province and any municipality
  • Information about the judicial functions of courts, and Information which is exempted by the Regulator in terms of section 34 of POPIA

“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

“Operator means” means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.

“Data Subject” means the natural or juristic person to whom personal information relates. This extends to employees, job candidates, clients, and suppliers.

“Record” means: any recorded information—

  • regardless of form or medium, including any of the following:
  • Writing on any material.
  • information produced, recorded, or stored by means of any tape-recorded, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded, or stored.
  • label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means.
  • book, map, plan, graph, or drawing.
  • photograph, film, negative, tape or other device in which one or more visual images are embodied to be capable, with or without the aid of some other equipment, of being reproduced.
  • in the possession or under the control of a responsible party.
  • whether or not it was created by a responsible party; and
  • regardless of when it came into existence.

3. POLICY OBJECTIVES
PILANEHURST recognizes that clients (and all its data-subjects) have the following rights regarding their personal information:

  1. The right to expect that PILANEHURST uses their personal information appropriately, transparently, and securely.
  2. The right to establish whether PILANEHURST holds personal information related to them, including the right to request access to that personal information.
  3. The right to request, where necessary, that their personal information be corrected or deleted where PILANEHURST is no longer authorised to retain the personal information.
  4. The right to submit a complaint to the Information Regulator regarding an alleged infringement of any of the rights protected under POPI and to institute civil proceedings regarding the alleged noncompliance with the protection of their personal information
  5. The right to be notified in any situation where PILANEHURST has reasonable grounds to believe that the personal information of the client has been accessed or acquired by an unauthorised person.
  6. POLICY PRINCIPLES (POPIA Conditions) PILANEHURST and all employees and persons acting on behalf of PILANEHURST will always be subject to, and act in accordance with, the following guiding principles:

4.1. Accountability: PILANEHURST ensures that the provisions of POPIA and the guiding principles outlined in this policy are complied with through the encouragement of desired behaviour by all staff. PILANEHURST will take appropriate actions, which may include disciplinary action, against those staff members who through their intentional or negligent actions and/or omissions fail to comply with the principles and responsibilities outlined in this policy.

4.2. Processing Limitation: PILANEHURST ensures that personal information is only collected by lawful and fair means directly from the data subject and that the personal information is processed in a manner compatible with the purpose for which it was collected. PILANEHURST informs clients of the reasons for collecting their personal information and only processes information received directly from the client. PILANEHURST will under no circumstances distribute or share personal information with other entities or individuals that are not directly involved with facilitating the purpose for which the information was originally collected.

4.3. Purpose Specification: PILANEHURST is transparent with regards to the standard operating procedures governing the collection and processing of personal information. Personal information is only processed for specific, explicitly defined, and legitimate reasons, as communicated to the clients. These reasons mainly include the gathering of personal information for purposes of complying with the requirements of the Financial Advisory and Intermediary Services Act (“FAIS”), the Financial Intelligence Centre Act (“FICA”) and Pilanehurst Risk Management and Compliance Programme (“RMCP”), and the reasons for the information gathering is always made known to the client.

4.4. Further Processing Limitation: Personal information will not be processed for a secondary purpose unless that processing is compatible with the original purpose. Therefore, where PILANEHURST seeks to process personal information, it holds for a purpose other than the original purpose for which it was originally collected, and where this secondary purpose is not compatible with the original purpose, PILANEHURST will first obtain additional consent from the client.

4.5. Information Quality: PILANEHURST takes reasonable steps to ensure that personal information collected is complete, accurate and not misleading, and to keep such information up to date and reliable for their intended use.

4.6. Open Communication: PILANEHURST provides clients with the opportunity to access the personal information relating to them by contacting the Head of Business Development and, where applicable, complies with requests to correct, amend, or delete personal information.

4.7. Security Safeguards: Personal information that is collected or processed by PILANEHURST is treated with the highest care. PILANEHURST manages the security of its systems and organisational processes to ensure that personal information is adequately protected. To this end, security controls are implemented to minimize the risk of loss, unauthorised access, disclosure, interference, modification, or destruction. PILANEHURST ensures that all paper and electronic records comprising personal information are securely stored and made accessible only to authorised individuals. Confidentiality clauses are included in employment contracts to reduce the risk of unauthorised disclosures of personal information for which PILANEHURST is responsible. PILANEHURST enters into service level agreements with all its third-party service providers and these agreements all include confidentiality clauses where both parties pledge their mutual commitment to the protection of information.

4.8. Record Retention: Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless:

  • Retention of the record is required or authorised by law.
  • PILANEHURST reasonably requires the record for lawful purposes related to its functions or activities.
  • Retention of the record is required by a contract between the parties thereto; or
  • The client has consented to the retention of the record.

4.9. Data Subject Participation: A data subject has the right to request access to the particulars of his or her personal information held by any organisation or person, as well as to the identity of any person that had access to his or her personal information. The record must be provided within a reasonable time, manner and form and may be at a prescribed fee. The data subject has a right to request that the record be corrected or deleted if this is warranted. If the organisation receives such a request but refuses to comply, then it must provide the Data Subject with a notification to that effect. It must also attach an indication to the record that a particular request was made but was not executed.

5. INFORMATION OFFICER PILANEHURST has appointed the CEO as its Information Officer. The Information Officer is responsible for ensuring compliance with POPI and dealing with requests. The PILANEHURST Information Officer’s contact details are as follows:

Information Officer: King Pilane
Postal Address: 151 Fifth Street, Sandton, 2149
Street Address: 151 Fifth Street, Sandton, 2149
Web address: www.pilanehurst.com
Contact Details of Information Officer
• E-mail: office@pilanehurst.com
• Phone: +27 011 591 3101

DIRECT MARKETING

(Only if relevant, else state no direct marketing is to be undertaken) Personal Information will only be used for the purposes of direct marketing should the personal information belong to a data subject that is already a client of PILANEHURST or in instances whereby the data subject has provided consent for their personal information to be used for the purposes of direct marketing by Pilanehurst. In each instance, data subjects will always be given the opportunity to opt out. To opt out please send an email to office@pilanehurst.com requesting removal from any direct marketing communications.

6. STAFF TRAINING AND AWARENESS
PILANEHURST will continue to ensure that all staff who have access to any kind of Personal Information is provided with awareness training at least annually, which will cover at a minimum an overview of this policy and the corresponding staff responsibilities in terms of both the Policy and the POPI Act itself.

7. POLICY CONTRAVENTIONS & DISCIPLINARY MEASURES In the event of an employee committing a breach of policy or any of the provisions, such breach may, at the discretion of Pilanehurst, result in disciplinary action, which may include dismissal.

Privacy Policy

Copyright © 2023 Pilanehurst . All rights reserved. || Website designed and developed by Thinkbetter Media