ASSURITY INSURANCE BROKERS (PTY) LTD REGISTRATION NUMBER: 2014/276799/07
PRIVACY NOTICE

1.OVERVIEW of the ASSURITY GROUP

ASSURITY INSURANCE BROKERS (PTY) LTD hereinafter referred to as (ASSURITY) is a multi-faceted commercial information bureau that offers innovative information solutions in a range of spheres within the Republic of South Africa. ASSURITY prides itself in offering customers the latest technology solutions in, data management, call center solutions, and an OMNI channel approach to all marketing and prospecting requirements. ASSURITY’s legal entity structure can be found on its website at: www.assurity.co.za

2.DEFINITIONS

In this document, references to ASSURITY are to ASSURITY INSURANCE BROKERS (PTY) LTD, its subsidiary companies, Strategic Alliance Partners (SAP’s), divisions, segments and business units. Confirmation as to whether this privacy notice applies to a specific company associated with ASSURITY can be sought through the contact details provided in this privacy notice. Any product or service offered to a customer by any company in ASSURITY is referred to as a solution in this document.

In this notice “process” means how ASSURITY collects, uses, stores, makes available, destroys, updates, discloses, or otherwise deals with customers’ personal information. As a general rule, ASSURITY will only process customers’ personal information if this is required to deliver or offer a solution to a customer. ASSURITY respects customers’ privacy and will treat their personal information confidentially. ASSURITY may combine customers’ personal information and use the combined personal information for any of the purposes stated in this notice.

3.PURPOSE OF THIS NOTICE

Protecting customers’ personal information is important to ASSURITY. To do so, ASSURITY adheres to general principles in accordance with applicable privacy laws.

This privacy notice aims, among other things, to enable its customers to understand how the various companies within ASSURITY undertake to collect, use and store their personal information. This notice also outlines customers’ privacy rights and how the law protects customers.

ASSURITY collects personal information about its customers. This includes information customers share with us, information that ASSURITY gathers during the course of the relationship with the customer, as well as information about your marketing preferences.

In terms of applicable privacy laws, this notice may also apply on behalf of other third parties (such as authorised agents and contractors), acting on the ASSURITY’s behalf when providing customers with solutions. If ASSURITY processes personal information for another party under a contract or a mandate, however, the other party’s privacy policy or notice will apply.

The ASSURITY may change this notice from time to time if required by law or its business practices. Where the change is material, the ASSURITY will notify customers and will allow a reasonable period for customers to raise any objections before the change is made. Please note that the ASSURITY may not be able to continue a relationship with a customer or provide customers with certain solutions if they do not agree to the changes. The latest version of the notice displayed on ASSURITY’s website will apply to customers’ interactions with the ASSURITY and is available at: www.assurity.co.za

4.RESPONSIBLE PARTY AND OPERATOR

ASSURITY is the responsible party together with its subsidiary companies, including Strategic Alliance Partners (SAP’s). These parties or companies are responsible for determining why and how the ASSURITY will use customers’ personal information. When a customer uses any ASSURITY solution, the responsible party will be the company which the customer engages to take up the solution, acting jointly with the other companies within ASSURITY. It will be clear to customers from the documentation and/or electronic notifications they receive when using or taking up a solution who the responsible party is who should be contacted in the first instance. Where ASSURITY is the responsible party, its subsidiary companies, including Strategic Alliance Partners (SAP’s) will be the operator who processes personal information for ASSURITY in terms of a contract or mandate, without coming under the direct authority of that party.

5.WHAT IS PERSONAL INFORMATION?

Personal information refers to any information that identifies a customer (including juristic entity) or specifically relates to a customer. Personal information includes, but is not limited to, the following information about a customer: marital status (married, single, divorced); national origin; age; language; birth; education; financial history (e.g. income, expenses, obligations, assets and liabilities or buying, investing, lending, insurance, and money management behaviour or goals and needs based on, amongst others, account transactions);employment history and your current employment status (for example when a customer applies for a financial product); gender or sex (for statistical purposes as required by the law); identifying number (e.g. an account number, identity number or passport number); e-mail address; physical address (e.g. residential address, work address or physical location); telephone number; information about your location (e.g. geolocation or GPS location); online identifiers; social media profiles; biometric information (e.g. fingerprints, signature or voice); race (for statistical purposes as required by the law); physical health; mental health; wellbeing; disability; religion; belief; conscience; culture; medical history (e.g. HIV/AIDS status); criminal history; employment history; personal views, preferences and opinions; confidential correspondence; or another’s views or opinions about a customer and a customer’s name also constitute personal information

6.WHAT IS SPECIAL PERSONAL INFORMATION?

Special personal information, includes the following personal information about a customer: religious and philosophical beliefs (for example where a customer enters a competition and is requested to express a philosophical view); race (e.g. where a customer applies for a solution where the statistical information must be recorded); ethnic origin; trade union membership; political beliefs; health including physical or mental health, disability and medical history (e.g. where a customer applies for an insurance policy); biometric information (e.g. to verify a customer’s identity); or criminal behaviour where it relates to the alleged commission of any offence or the proceedings relating to that offence.

7.PROCESSING CUSTOMERS’ PERSONAL INFORMATION

ASSURITY may process customers’ personal information for the reasons outlined below.

7.1.If it is necessary to conclude or perform under a contract the ASSURITY has with a customer or to provide a solution to a customer. This includes: assess and process applications for solutions; to conduct affordability assessments, credit assessments and credit scoring; to provide a customer with solutions they have requested; to enable the ASSURITY to deliver goods, documents or notices to customers; to communicate with customers and carry out customer instructions and requests; to respond to customer enquiries and complaints; to enforce and collect on any agreement when a customer is in default or breach of the terms and conditions of the agreement, such as tracing a customer, or to institute legal proceedings against a customer; to disclose and obtain personal information from credit bureaus regarding a customer’s credit history; to meet record-keeping obligations; to conduct market and behavioural research, including scoring and analysis to determine if a customer qualifies for solutions, or to determine a customer’s credit or insurance risk; to enable customers to participate in and make use of value-added solutions; for customer satisfaction surveys, promotional and other competitions; for security and identity verification, and to check the accuracy of customer personal information; or for any other related purposes.

7.2 Law – ASSURITY may process customers’ personal information if the law requires or permits it. This includes: to comply with legislative, regulatory, risk and compliance requirements (including directives, sanctions and rules); to comply with voluntary and involuntary codes of conduct and industry agreements; to fulfill reporting requirements and information requests; to process payment instruments and payment instructions (such as a debit order); to meet record-keeping obligations; to detect, prevent and report theft, fraud, money laundering, corruption and other crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when concluding a transaction with ASSURITY, or avoiding liability by way of deception, to the extent allowable under applicable privacy laws. This may also include the monitoring of our buildings including CCTV cameras and access control.

7.3 Legitimate interest – ASSURITY may process customers’ personal information in the daily management of its business and finances and to protect it’s customers, employees, service providers and assets. It is to ASSURITY’s benefit to ensure that its procedures, policies and systems operate efficiently and effectively. The ASSURITY may process customers’ personal information to provide them with the most appropriate solutions and to develop and improve solutions and ASSURITY’s business. ASSURITY may process a customer’s personal information if it is required to protect or pursue their, ASSURITY’s or a third party’s legitimate interest.

If a customer is a juristic person, such as a company or close corporation, ASSURITY may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons. If customers provide the personal information of a related person to ASSURITY, they warrant that the related person is aware that they are sharing their personal information with ASSURITY, and that the related person has consented thereto. ASSURITY will process the personal information of related persons as stated in this notice, thus references to “customer/s” in this notice will include related persons with the necessary amendments

8.PROCESSING CUSTOMERS’ SPECIAL PERSONAL INFORMATION

ASSURITY may process customers’ special personal information in the following circumstances, among others: if the processing is needed to create, use or protect a right or obligation in law; if the processing is for statistical or research purposes, and all legal conditions are met; if the special personal information was made public by the customer; if the processing is required by law; if racial information is processed and the processing is required to identify the customer; if health information is processed, and the processing is to determine a customer’s insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation; or if the customer has consented to the said processing.

9.PROCESSING THE PERSONAL INFORMATION OF CHILDREN?

A child is a person who is defined as a child by the country’s law, and who has not been recognised as an adult by the courts.

ASSURITY may process the personal information of children if any one or more of the following applies: a person with the ability to sign legal agreements has consented to the processing, being the parent or guardian of the child; the processing is needed to create, use or protect a right or obligation in law, such as where the child is an heir in a will, a beneficiary of a trust, a beneficiary of an insurance policy or an insured person in terms of an insurance policy; the child’s personal information was made public by the child, with the consent of a person who can sign legal agreements; the processing is for statistical or research purposes and all legal conditions are met; where the child is legally old enough to transact with the ASSURITY without assistance from their parent or guardian; where the child is legally old enough to sign a document as a witness without assistance from their parent or guardian; or where the child benefits from a ASSURITY transaction and a person with the ability to sign legal agreements has consented to the processing.

10.WHEN, AND FROM WHERE, DOES ASSURITY OBTAIN PERSONAL INFORMATION ABOUT CUSTOMERS?

We collect information about customers: directly from customers; based on customers’ use of ASSURITY solutions or service channels (such as the ASSURITY website, applications, including both assisted and unassisted customer interactions) as applicable; based on how customers engage or interact with ASSURITY, such as on social media, and through emails, letters, telephone calls and surveys; based on a customer’s relationship with ASSURITY; from public sources (such as newspapers, company registers, online search engines, deed registries, public posts on social media); from technology, such as a customer’s access and use including both assisted and unassisted interactions (e.g. on the ASSURITY website and mobile applications) in order to access and engage with ASSURITY’s platforms; customers’ engagement with ASSURITY advertising, marketing and public messaging; and from third parties that the ASSURITY interacts with for the purposes of conducting its business (such as partners, reward partners, list providers, ASSURITY, credit bureaus, regulators and government departments or service providers) ASSURITY collects and processes customers’ personal information at the start of, and for the duration of their relationship with ASSURITY. ASSURITY may also process customers’ personal information when their relationship with the ASSURITY has ended, as required by law. ASSURITY may also collect customers’ personal information from third parties (which may include parties the ASSURITY engages with as independent responsible parties, joint responsible parties or operators), these third parties may include, but are not limited to, the following: any connected companies, subsidiary companies, its associates, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; the customer’s spouse, dependents, partners, employer, joint applicant or account holder and other similar sources; people the customer has authorised to share their personal information, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, ASSURITY’s and other persons that assist with the processing of customers’ payment instructions, such as bank card scheme providers (including VISA or MasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; the ASSURITY’s service providers, agents and subcontractors, such as couriers and other persons the ASSURITY uses to offer and provide solutions to customers; courts of law or tribunals; participating partners, whether retail or online; the ASSURITY’s joint venture partners; marketing list providers; social media platforms; or online search engine providers.

11. REASONS WHY ASSURITY MAY FURTHER USE OR PROCESS CUSTOMERS’ PERSONAL INFORMATION

At the time that ASSURITY collects personal information from a customer, it will have a reason or purpose to collect that personal information. In certain circumstances, however, the ASSURITY may use that same personal information for other purposes. The ASSURITY will only do this where the law allows it to, and the other purposes are compatible with the original purpose/s applicable when the ASSURITY collected the customer’s personal information. The ASSURITY may also need to request a customer’s specific consent for the further processing in limited circumstances. Examples of these other purposes are included in the list of purposes set out in section 7 above. The ASSURITY may also further use or process a customer’s personal information if: the personal information about the customer was obtained from a public record, like the deed’s registry; the customer made the personal information public, like on social media; the personal information is used for historical, statistical or research purposes, the results of which will not identify the customer; proceedings have started or are contemplated in a court or tribunal; it is in the interest of national security; if the ASSURITY must adhere to the law, specifically tax legislation; or the Information Regulator has exempted the processing.

The ASSURITY may also further use or process a customer’s personal information if the customer has consented to it or in the instance of a child; a competent person has consented to it. Any enquiries about the further processing of customer personal information can be made through ASSURITY’s Information Officer, contact details as set out in this document below.

12. THE USE OF CUSTOMERS’ PERSONAL INFORMATION FOR MARKETING

ASSURITY will use customers’ personal information to market products, services and other related ASSURITY financial and technology based products, services and solutions to them. (e.g. ASSURITY Lead Generation, Data Management, Construction services, Online/ Digital Marketing/Sales (FSP & non FSP regulated products and services) as well as bespoke Web and Mobile Application Development). ASSURITY will do this in person, by post, telephone, or electronic channels such as SMS, Automated Voice Messages, email and fax. If a person is not a ASSURITY customer, or in any other instances where the law requires, ASSURITY will only market to them by electronic communications with their consent. In all cases, a person can request ASSURITY to stop sending marketing communications to them at any time.

13. WHEN WILL ASSURITY PROCESS CUSTOMERS’ PERSONAL INFORMATION IN A MANUAL, AND/OR MECHANICAL AND/OR ELECTRONIC AND/OR AUTOMATED MANNER IN ORDER TO MAKE DECISIONS ABOUT THEM?

ASSURITY may process a customer’s personal information in a manual, mechanical, electronic and/or automated manner in order to make decisions pertaining to them; as allowed by the law. This will apply in circumstances where the ASSURITY has lawful access to a customer’s personal information due to previous interactions or previous behaviour from said customer or from any circumstances and/or scenarios as set out above. Such interactions, behaviour and/or scenarios will have the result that the customer has expressly or by tacit implication allowed ASSURITY to analyze and process the customer’s personal information and to make contact with said customer when certain circumstances arise, such as: life event scenarios, new to market scenarios or any circumstances that are directly related to the customer’s previous concluded transactions. An example of such analysis and processing is the offering of any product or service to the customer or the offering to a customer of a comparative insurance related product or service, or the offering of any product or service to said customer based on processing of said customer’s personal information. Customers have the right to query any such processing decisions, and ASSURITY will provide reasons for the processing decisions as far as reasonably possible.

14. WHEN, HOW, AND WITH WHOM DOES ASSURITY SHARE CUSTOMERS’ PERSONAL INFORMATION?

In general, ASSURITY will only share customers’ personal information if any one or more of the following apply: if the customer has consented to this; if it is necessary to conclude or perform under a contract we have with the customer; if the law requires it; or if it is necessary to protect or pursue the customer’s, ASSURITY’s or a third party’s legitimate interest.

Where required, each member of ASSURITY may share a customer’s personal information with the following persons, which may include parties that ASSURITY engages with as independent responsible parties, joint responsible parties or operators. These persons have an obligation to keep customers’ personal information secure and confidential: members of ASSURITY, any connected companies, subsidiary companies, associates, cessionaries, delegates, assignees, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; ASSURITY’s employees, as required by their employment conditions; the customer’s spouse, dependants, partners, employer, joint applicant or transaction related party other similar sources; people the customer has authorised to obtain their personal information, such as a person that makes a booking on the customer’s behalf, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, and other persons that assist with the processing of customer payment instructions, such as card scheme providers (including VISA or MasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities and other persons the law requires ASSURITY to share customer personal information with; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; our service providers, agents and subcontractors, ASSURITY uses to offer and provide solutions to customers; courts of law or tribunals that require the personal information to adjudicate referrals, actions or applications; or ASSURITY’s joint venture partners with which it has concluded business agreements.

15. WHEN AND HOW ASSURITY OBTAINS AND SHARES CUSTOMERS’ PERSONAL INFORMATION FROM/WITH CREDIT BUREAUS?

ASSURITY may obtain customers’ personal information from credit bureaus for any one or more of the following reasons: if the customer requested ASSURITY to do so, or agreed that it may do so; to verify a customer’s identity; to obtain or verify a customer’s employment details; to obtain and verify a customer’s marital status; to obtain, verify, or update a customer’s contact or address details; to obtain a credit report about a customer, which includes their credit history and credit score, when the customer applies for a credit agreement to prevent reckless lending or over-indebtedness; to determine a customer’s credit risk; for debt recovery; to trace a customer’s whereabouts; to update a customer’s contact details; to conduct research, statistical analysis or system testing; to determine the source(s) of a customer’s income; to build credit scorecards which are used to evaluate financial applications; or to determine which solutions to promote or to offer to a customer.

ASSURITY will share a customer’s personal information with the credit bureaus for, among others, any one or more of the following reasons: to report the application for a credit agreement; to report the opening of a credit agreement; to report the termination of a credit agreement; to report payment behaviour on a credit agreement;/or to report non-compliance with a credit agreement, such as not paying in full or on time.

Customers should refer to their specific credit agreement with ASSURITY for further information.

16. CUSTOMERS’ DUTIES AND RIGHTS REGARDING THE PERSONAL INFORMATION ASSURITY HAS ABOUT THEM

Customers must provide ASSURITY with proof of identity when enforcing the rights below.
Customers must inform ASSURITY when their personal information changes, as soon as possible after the change.

Customers warrant that when they provide ASSURITY with personal information of their spouse, dependents or any other person, they have permission from them to share their personal information with ASSURITY. ASSURITY will process the personal information of the customer’s spouse, dependent or any other person which the customer has shared with us as stated in this notice.

16.1 Right to access: Customers have the right to request access to the personal information ASSURITY has about them by contacting ASSURITY. This includes requesting: confirmation that ASSURITY holds the customer’s personal information; a copy or description of the record containing the customer’s personal information; and the identity or categories of third parties who have had access to the customer’s personal information.

ASSURITY will attend to requests for access to personal information within a reasonable time. Customers may be required to pay a reasonable fee to receive copies or descriptions of records, or information about, third parties. ASSURITY will inform customers of the fee before attending to their request. Customers should note that the law may limit their right to access information.

Please refer to Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 for further information on how customers can give effect to this right. Further information is available on the ASSURITY website at: www.assurity.co.za

16.2 Right to correction, deletion or destruction: Customers have the right to request ASSURITY to correct, delete or destroy the personal information it has about them if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if ASSURITY is no longer authorised to keep it.

ASSURITY will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on ASSURITY’s platform/systems. ASSURITY may request documents from the customer to verify the change in personal information.

A specific agreement that a customer has entered into with ASSURITY may determine how the customer must change their personal information provided at the time when they entered into the specific agreement. Customers must adhere to these requirements.

If the law requires ASSURITY to keep the personal information, it will not be deleted or destroyed upon the customer’s request. The deletion or destruction of certain personal information may lead to the termination of a customer’s business relationship with ASSURITY.

In certain instances, a customer can give effect to this right by making use of ASSURITY’s unassisted interfaces, e.g. using a ASSURITY app or website to correct their contact details.

16.3 Right to objection: Customers may object on reasonable grounds to the processing of their personal information where the processing is in their legitimate interest, ASSURITY’s legitimate interest or in the legitimate interest of another party.

Customers must inform ASSURITY of their objection. ASSURITY will not be able to give effect to the customer’s objection if the processing of their personal information was and is permitted by law, the customer has provided consent to the processing and ASSURITY’s processing was conducted in line with their consent; or the processing is necessary to conclude or perform under a contract with the customer.
ASSURITY will also not be able to give effect to a customer’s objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence. ASSURITY will provide customers with feedback regarding their objections.

16.4 Right to withdraw consent: Where a customer has provided their consent for the processing of their personal information, the customer may withdraw their consent. If they withdraw their consent, ASSURITY will explain the consequences to the customer. If a customer withdraws their consent, ASSURITY may not be able to provide certain solutions to the customer. ASSURITY will inform the customer if this is the case. ASSURITY may proceed to process customers’ personal information, even if they have withdrawn their consent, if the law permits or requires it. It may a reasonable time for the change to reflect on ASSURITY s’ systems. During this time, ASSURITY may still process the customer’s personal information.

16.5 Right to complain: Customers have a right to file a complaint with ASSURITY or any regulator with jurisdiction (in South Africa customers can contact the Information Regulator) about an alleged contravention of the protection of their personal information. ASSURITY will address customer complaints as far as possible.

The contact details of the Information Regulator are provided below.

Physical Address: Information Regulator
33 Hoofd Street Forum III,
3rd Floor Braampark
P.O Box 31533
Braamfontein
Johannesburg
2017
Website: www.justice.gov.za/inforeg
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za

17. HOW ASSURITY SECURES CUSTOMERS’ PERSONAL INFORMATION

ASSURITY will take appropriate and reasonable technical and organisational steps to protect customers’ personal information in line with industry best practices. ASSURITY’s security measures, including physical, technological and procedural safeguards, will be appropriate and reasonable. This includes the following: keeping ASSURITY systems secure (such as monitoring access and usage); storing ASSURITY records securely; controlling the access to ASSURITY premises, systems and/or records; and safely destroying or deleting records.

Customers can also protect their own personal information and can obtain more information in this regard by contacting ASSURITY directly.

18. HOW LONG DOES ASSURITY KEEP CUSTOMERS’ PERSONAL INFORMATION?

ASSURITY will keep customers’ personal information for as long as: the law requires ASSURITY to keep it; a contract between the customer and ASSURITY requires ASSURITY to keep it; the customer has consented to ASSURITY to keeping it; ASSURITY is required to keep it to achieve the purposes listed in this privacy compliance notice; ASSURITY requires it for statistical or research purposes; a code of conduct requires ASSURITY to keep it; and/or ASSURITY requires it for lawful business purposes.
Furthermore to the above; ASSURITY may keep customers’ personal information even if they no longer have a relationship with ASSURITY or even if they request ASSURITY to delete or destroy it, if the law permits or requires such information to be kept by ASSURITY.

19. COOKIES

A cookie is a small piece of data that is sent (usually in the form of a text file) from a website, mobile application to the user’s device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” user behaviour (keeping track of previous actions), e.g. remembering the contents of an online user’s query, and actions that the user performed whilst accessing or browsing when not signed up or logged into any online account platform owned by ASSURITY.
ASSURITY does not necessarily know the identity of the user of the device but does see the behaviour recorded on the device. Cookies could, however, be used to identify the device and, if the device is linked to a specific user, the user would also be identifiable. For example, a device or cellular MSISDN number registered to an app.

By using ASSURITY websites or applications, customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable ASSURITY to know that a customer has visited a website or application before and will identify the customer. ASSURITY may also use the cookie to prevent fraud.

Privacy Compliance and Policy Document Dated June 2021
By authority: ASSURITY
Registration Number: 2014/276799/07
Office 1, First Floor, Block J Sable Square
Cnr Bosmansdam and Ratanga Road
Milnerton 7441 Cape Town
For the attention of: LEO VAN WYK duly authorised by the Directorship and Shareholders of ASSURITY INSURANCE BROKERS (PTY) LTD