Privacy Policy
POLICY ON THE PROTECTION AND PROCESSING OF INFORMATION
1. Definitions
1.1. “Finance 365” means Finance 365 (Pty) Ltd;
1.2. “Business” means the business of Finance 365, being the provision of financial wellness and the introduction of associated products and services including the referrals to various third party registered financial service providers, which includes all matters reasonable connected thereto, including matters relating to legal and corporate governance;
1.3. “Information” means “personal information” and “special personal information” as defined in POPIA.
1.4. “Information Officer” means the person described in clause 12;
1.5. “Information Regulator” means the information regulator as that term is defined in Section 39 of POPIA;
1.6. “Operator” means a Person who Processes Information on behalf of Finance 365 in terms of a contract or mandate, without coming under the direct authority of Finance 365 and may include, without limitation, Finance 365’s auditors, information technology service providers and related and/or inter-related persons as that term is defined in Section 2 of the Companies Act No. 71 of 2008;
1.7. “Person” means a person defined in POPIA, and “Persons” will have a corresponding meaning;
1.8. “Policy” means this policy and any amendments made to it from time to time;
1.9. “POPIA” means the Protection of Personal Information Act No. 4 of 2013;
1.10. “Process” and “Processing” means anything that is done by Finance 365 in relation to its Stakeholders’ Information, whether or not by automated means, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure and/or destruction of Information;
1.11. “Stakeholder” means any Person whose Information Finance 365 Processes, and this may include Information pertaining to Finance 365’s employees, candidates for employment, customers, suppliers, officers, business associates, partners, clients and the like.
2. Background to POPIA
2.1. POPIA is South Africa’s primary data protection law.
2.2. The purpose of POPIA is to promote the protection of Information that is Processed by any Person, by prescribing certain minimum requirements for the Processing of Information.
2.3. These minimum requirements must be met in order for a Person to Process Information and include those requirements set forth in clause 4 of this Policy.
2.4. It is the policy of Finance 365 that it will comply with the minimum requirements set forth this Policy at all times.
3. Purpose of this Policy
3.1. From time to time in the conduct of its Business, Finance 365 will come into possession of and will concomitantly Process the Information of its Stakeholders.
3.2. The purpose of this Policy is to record how Finance 365 will Process the Information of its Stakeholders and, in doing so, comply with the minimum requirements set forth in this Policy.
4. Minimum Requirements for Processing Information
In order for Finance 365 to Process Information in a manner which is consistent with POPIA, Finance 365 must:
4.1. Process the Information lawfully and in a reasonable manner that does not infringe the right to privacy of the Person whose Information is being Processed;
4.2. Process the Information for a specific, explicitly defined and lawful purpose related to a function or activity of Finance 365;
4.3. Process the Information only if, given the purpose for which it is Processed, it is adequate, relevant and not excessive and if:
4.3.1. the Person whose Information will be Processed has consented to its Information being Processed;
4.3.2. it is necessary to Process the Information to carry out actions for the conclusion or performance of a contract to which the Person whose Information will be Processed is a party; or
4.3.3. it is necessary to Process the Information to comply with an obligation imposed by law on Finance 365 or to protect a legitimate interest of Finance 365, the Person to whom the Information is supplied and/or the Person whose Information will be Processed;
4.4. take reasonable steps to ensure that the Person whose Information will be Processed is aware of the Information that will be Processed, the source from which that Information will be collected and the purpose for which that Information will be Processed;
4.5. take reasonable steps to ensure that the Information that is Processed is complete, accurate, not misleading and updated where necessary;
4.6. take reasonable technical and organisational measures to secure the integrity and confidentiality of Information that is Processed so as to prevent the loss, damage or unauthorised destruction of Information and the unlawful access to or Processing of Information; and
4.7. take reasonable steps to ensure that the Person whose Information will be Processed is aware of its rights in and to their Information.
5. Purpose of and Processing Information
5.1. Finance 365 will only Process Information for a specific, explicitly defined and lawful purpose related to a function or activity carried out by it.
5.2. Finance 365 will accordingly Process the Information of its Stakeholders from time to time for the purpose of carrying on its Business and for good and lawful cause.
5.3. Clause 5.1 and 5.2 above encompass situations including but not limited to assistance with financial wellness.
5.4. Finance 365 will ensure that it only Processes the Information of its Stakeholders for the specific purpose referred to in clause 5.2 of this Policy and will take reasonable steps to ensure that its Stakeholders are aware of that purpose.
6. Source of Information
6.1. Finance 365 will only Process Information that it receives directly from a Stakeholder, save where:
6.1.1. the Information is public record or has deliberately been made public by the Stakeholder;
6.1.2. the Stakeholder has consented to the collection by Finance 365 of the Information from another source;
6.1.3. the collection of Information from a source other than the Stakeholder would not prejudice a legitimate interest of the Stakeholder, is necessary to maintain or comply with an obligation imposed on Finance 365 by law or to maintain the legitimate interests of Finance 365 or the Information will be used for legal proceedings;
6.1.4. it is not reasonably practicable in the circumstances of the particular case to collect the Information directly from a Stakeholder, or to do so would prejudice a lawful purpose of the collection, or
6.1.5. it has received the consent of a Stakeholder to Process Information about that Stakeholder that it receives from another source, in which event it may Process Information about a Stakeholder that it receives from another source.
7. Awareness and Consent
7.1. Finance 365 is required to ensure that its Stakeholders are aware of the purpose for which their Information is being Processed, the manner in which it will be Processed and their rights in respect thereof. Finance 365 will do this by:
7.1.1. Providing a copy of this Policy on request;
7.1.2. making a copy of this Policy available for inspection at its principal place of business at:
1 Old Main Road, Umhlali, KwaZulu- Natal, 4390;
7.1.3. using bona fide endeavours to communicate the existence of this Policy to those of its Stakeholders whose Information Finance 365 has Processed prior to the date referred to in Section 114(1) of POPIA;
7.1.4. referring to this Policy in its recruitment and/or job advertisements;
7.1.5. incorporating this Policy by reference into, inter alia, the following documents:
7.1.5.1 employment agreements;
7.1.5.2 terms of engagement; and
7.1.5.3 any other contracts or agreements that Finance 365 may enter into with its Stakeholders.
7.2. Finance 365 will, where it is necessary or appropriate to do so, obtain the consent of its Stakeholders to Process their Information in accordance with POPIA, inter alia, by:
7.2.1. requesting its Stakeholders to consent to the Processing by Finance 365 of their Information;
7.2.2. requiring applicable Stakeholders to sign any one or more of the documents contemplated in clause 7.1.5 of this Policy.
7.3. Finance 365 will catalogue and store the record of consents that it obtains from its Stakeholders.
8. Retention and safeguarding of Information
8.1. Finance 365 is required to store, retain and secure the integrity and confidentiality of its Stakeholders’ Information by taking appropriate, reasonable technical and organisational measures to prevent the loss, damage or unauthorised destruction of their Information and to prevent any person from unlawfully accessing their Information.
8.2. Finance 365 will accordingly secure the integrity and confidentiality of its Stakeholders’ Information, inter alia, by ensuring that:
8.2.1. Information that is in printed form is dealt with only by those representatives of Finance 365 who need to deal with that Information;
8.2.2. Information that is in printed form is stored in a secure cabinet or facility when it is not being Processed;
8.2.3. all employees and officers of Finance 365 who have access to or Process Information keep their workstations tidy and free of Information which is not then being Processed to ensure that any Information that is visible at workstations, and is not being Processed, is not disseminated other than in accordance with the provisions of this Policy;
8.2.4. all Information in electronic form is stored in a database that is protected from unauthorised access by appropriate hardware and software;
8.2.5. any hardware on which Information is stored is secure and password protected;
8.2.6. employees and officers of Finance 365 will ensure that Information is not displayed upon their computer hardware when they are not themselves Processing that Information on such hardware;
8.2.7. where any device on which Information is stored is lost or stolen, the Information Officer is immediately notified and will use reasonable endeavours to attempt to recover and/or delete any Information stored upon that device.
8.3. Finance 365 will review the Information that it Processes and stores from time to time, and will destroy and/or delete any Information of its Stakeholders that is no longer required for the purpose in clause 5 of this Policy, or that it is no longer authorised or obliged to retain.
8.4. In the event that it comes to the attention of Finance 365 that its Stakeholders’ Information has been accessed, acquired or Processed by any unauthorised person:
8.4.1. the Information Officer will notify the applicable Stakeholder or Stakeholders and the Information Regulator as soon as reasonably possible; and
8.4.2. Finance 365 will comply with such directions as the Information Regulator may prescribe.
9. Disclosure of Information
9.1. Finance 365 will not hold its Stakeholders’ Information as its own and will make no claim to ownership thereof, unless a Stakeholder agrees otherwise.
9.2. Finance 365 will only disclose its Stakeholders’ Information to those of its employees and officers who need to know for the purpose described in clause 5 above and will not disclose Information to any third party unless the consent of the applicable Stakeholder to do so has been obtained.
9.3. Notwithstanding the provisions of clause 9.2 of this Policy, Finance 365 may disclose its Stakeholders’ Information without first obtaining consent:
9.3.1. if Finance 365 deems it appropriate to disclose that Information to an Operator for the purpose in clause 4 of this Policy; and/or
9.3.2. if Finance 365 is required by any applicable law or any applicable regulator to disclose that Information.
9.4. Finance 365 will not transfer the Information of any of its Stakeholders to any third party in any country in which Finance 365 operates, other than South Africa, unless:
9.4.1. Finance 365 has obtained the consent of the affected Stakeholder to do so;
9.4.2. the third party has agreed to Process that Information on substantially the same terms as those recorded in this Policy and/or in any agreement entered into between Finance 365 and the Stakeholder;
9.4.3. the transfer is necessary for the conclusion or performance of a contract between the Stakeholder and Finance 365;
9.4.4. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Stakeholder between Finance 365 and a third party; or
9.4.5. the transfer is for the benefit of the Stakeholder, and it is not reasonably practicable to obtain the consent of the Stakeholder to that transfer or, if it were reasonably practicable to obtain such consent, the Stakeholder would, in Finance 365’s view, likely give it.
10. Information Quality
10.1. Finance 365 is required to take reasonably practicable steps to ensure that the Information of its Stakeholders that it Processes is complete, accurate, not misleading and updated where necessary.
10.2. Finance 365 will accordingly ask its Stakeholders to verify the completeness and accuracy of the Information provided by them from time to time.
11. Unsolicited Information
In the event that a Stakeholder makes Information available to Finance 365 which is gratuitous and/or not required for the purpose referred to in clause 5, this Policy (save in respect of this clause 11) will not apply, and Finance 365 will use its bona fide efforts to secure that Information, and proceed to delete, erase or destroy that Information as soon as practicable after its receipt.
12. Stakeholder Participation and Rights in and to its Information
12.1 Each Stakeholder, after having provided adequate proof of identity to Finance 365, has the right to:
12.1.1. request that Finance 365 confirms, free of charge, whether or not it holds Information about that Stakeholder;
12.1.2. request the record of or a description of the Information that Finance 365 holds about that Stakeholder;
12.1.3. request that Finance 365 correct or delete any Information in its possession or under its control about the Stakeholder that is inaccurate, irrelevant, excessive, out of date, incomplete or misleading, or destroy or delete a record of any Information about it that Finance 365 is no longer authorised to retain;
12.1.4. withdraw its consent for Finance 365 to Process its Information at any time, but the withdrawal of consent will not affect:
12.1.4.1. the Processing of its Information before the withdrawal of consent; and
12.1.4.2. the Processing of any of its Information that is required by Finance 365 to comply with law and/or finalise the performance of any agreement that it has entered into with the Stakeholder concerned.
12.2 Should any Stakeholder wish to exercise any of the rights referred to above, it can do so by contacting the Information Officer who can be contacted in the manner described in clause 13 of this Policy, and the Information Officer will give effect to the Stakeholder’s request or withdrawal.
13. Information Officer
13.1. Finance 365 appoints Ashleigh Cranke as an Information Officer.
13.2. Ashleigh Cranke can be contacted telephonically on (032) 946 0865, alternatively by way of email at ashleigh@cjcogan.co.za and/or info@finance365.co.za.
13.3. As our Information Officer, she will be responsible for, inter alia:
13.3.1. ensuring that Finance 365 Processes the Information of its Stakeholders in a lawful and reasonable manner that does not unreasonably infringe its Stakeholders’ right to privacy;
13.3.2. providing regular training and support to the employees and officers of Finance 365 who have access to or Process Information, so that they can do so lawfully and in terms of this Policy;
13.3.3. creating awareness about the provisions of this Policy, including by way of the mechanisms contemplated in clause 7 of this Policy; and
13.3.4. ensuring that it applies due diligence in the monitoring of developments in relation to the law pertaining to protection of Information, and in amending and/or updating Finance 365’s approach to such protection, including by way of updating and/or amending this Policy.
13.4. The Information Officer will be trained appropriately to give effect to this Policy, and will address any reasonable queries or concerns that any Stakeholders may have regarding this Policy or the Processing of their Information as contemplated in it.
14. Information Regulator
In the event that a Stakeholder has any queries or concerns that cannot be addressed by the Information Officer, the Stakeholder has the right to contact the Information Regulator. The Information Regulator’s details are as follows:
- Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
- Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017
- Email address: complaints.IR@justice.gov.za and inforeg@justice.gov.za.
15. Status of Policy
This Policy has been adopted by and will apply to Finance 365
16. Amendments
Finance 365 may alter or amend this Policy or any part thereof at any time. Finance 365 will use reasonable endeavours not to change this Policy too often, and to bring to its Stakeholders’ attention any material changes to it, but its Stakeholders will be required to ensure that they keep up to date with the latest version of the Policy that is available on Finance 365’s website and at Finance 365’s principal place of business.
17. Domicilium
Finance 365 chooses as its domicilium citandi et executandi for all purposes under the website, including the giving of any notice, the payment of any sum, the serving of any process, as follows:
1 Old Main Road
Umhlali
4390
FINANCE 365 REWARDS PRIVACY POLICY
This privacy policy (the “Privacy Policy”) explains how we collect, retain, use and disclose your personal information, as is required by the Protection of Personal Information Act No. 4 of 2013, as amended from time to time.
At Finance 365 (PTY) LTD, trading as FINANCE 365 REWARDS, we are committed to protecting your privacy and to ensuring that your personal information is collected, retained, used and disclosed properly, lawfully and transparently.
WHO WE ARE
WHAT INFORMATION WE COLLECT
- We collect and process your personal information mainly to provide you with access to FINANCE 365 REWARDS, to manage your use of FINANCE 365 REWARDS, to provide and administer your FINANCE 365 REWARDS benefits, FINANCE 365 REWARDS services, the FINANCE 365 REWARDS loyalty programme and your FINANCE 365 REWARDS subscription, and to help us improve our offerings to you. It is our policy to respect the confidentiality of your personal information.
- The type of information we collect will depend on the purpose for which it was collected and used. We will only collect information, which is adequate, relevant and not excessive in relation to the purpose for which the information had been collected.
- We collect information directly from you, for example when you use FINANCE 365 REWARDS or when you contact us.
- The supply of your personal information is mandatory to access FINANCE 365 REWARDS and to receive the FINANCE 365 REWARDS benefits, and to enable us to effectively provide the FINANCE 365 REWARDS services to you.
- Failure to provide your personal information, as reasonably required, will effectively prevent you from accessing FINANCE 365 REWARDS, from receiving the FINANCE 365 REWARDS benefits or receiving the FINANCE 365 REWARDS services.
HOW WE USE YOUR PERSONAL INFORMATION
- We will use your personal information only for the purposes for which it was collected.
- In providing you with access to FINANCE 365 REWARDS, the FINANCE 365 REWARDS benefits and the FINANCE 365 REWARDS services, we may also provide your personal information to third parties who have been contracted by us to provide administrative, compliance, financial, insurance, technology, benefits or legal services.
- We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by applicable law (for example; to protect our legitimate legal interests).
- We shall not retain your personal information for any longer than is necessary.
COOKIES, OTHER SERVICES AND NEWSLETTERS
- Given our aim to provide you with personal and effective FINANCE 365 REWARDS benefits and FINANCE 365 REWARDS services, we would like to use your personal information to keep you informed about your FINANCE 365 REWARDS benefits, other services, updates to our terms and conditions, updates to this Privacy Policy, updates or amendments to FINANCE 365 REWARDS and to issue our monthly newsletter.
- Please email us at finance365@directrewards.co.za if you do not wish to receive such updates and information. You may opt out, at any time, if you do not wish to receive any further communications of this nature.
- FINANCE 365 REWARDS uses Google AdWords Remarketing (“AdWords”) to advertise FINANCE 365 REWARDS across the Internet.
- AdWords will display relevant ads tailored to you based on the parts of the FINANCE 365 REWARDS website you have viewed by placing a cookie on your machine.
- THIS COOKIE DOES NOT IN ANY WAY IDENTIFY YOU OR GIVE ACCESS TO YOUR COMPUTER. The cookie is used to say “This person visited this page, so show them ads relating to that page”.
- AdWords allows FINANCE 365 REWARDS to tailor our marketing campaigns to better suit your needs and only display ads that are relevant to you.
- If you do not wish to participate in the FINANCE 365 REWARDS AdWords campaign, you may opt out by visiting Google’s Ads Preferences Manager.
DISCLOSURE OF YOUR PERSONAL INFORMATION
- We may share your personal information with, and obtain information about you from:
- third parties for the purposes listed above, for example fraud prevention agencies and law enforcement agencies;
- contracted third party suppliers/specialist advisors; and
- other third parties from whom you have chosen to receive marketing information.
- We may also disclose your personal information:
- where we have a duty or a right to disclose such personal information in terms of applicable law or industry codes;
- where we believe it is necessary to protect our rights; and
- where we are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of personal information.
- We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal information is secure.
- We aim to safeguard the privacy of your personal information, and we hold personal information in a combination of secure computer storage facilities and other records.
- We have security policies and procedures in place, which cover:
- physical security;
- computer and network security;
access to personal information; - secure communications;
- security in contracting out activities or functions;
- retention and disposal of personal information;
- acceptable usage of personal information;
- monitoring access and usage of personal information; and
- investigating and reacting to security incidents.
- When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that all personal information, for which we are responsible for, is kept secure.
- We may need to transfer your personal information to another country for processing or storage. We will ensure that anyone that we pass your personal information to agrees to treat your information with the same or similar level of protection as that which we have provided to you in terms of this Privacy Policy.
YOUR RIGHTS
- You have the right to request a copy of your personal information in our possession. You may contact us at the email and addresses listed below and specify what personal information you would like to receive. We will take all reasonable steps to confirm your identity before providing details of your personal information.
- Please note that we are allowed to charge a reasonable fee for such access, however, that we have decided to grant such access free of charge.
- You have a right, at any time and on reasonable grounds, to object to the processing of your personal information, at which time we shall immediately cease doing so and at which time your access to FINANCE 365 REWARDS shall be terminated.
- We endeavour to ensure that the personal information we hold is accurate and up to date.
You have the right to request us to update, correct or delete your personal information. You may do this by contacting us at the email and addresses provided below. - We will take all reasonable steps to confirm your identity before making changes to personal information we may hold about you.
- We would appreciate it if you would keep your personal information accurate. Please notify us at the numbers and addresses below when your personal information changes.
