The Assupol group of companies (Assupol Holdings Limited and all of its subsidiaries) (“Assupol”) are responsible corporate citizens, and therefore places a high value on the Constitution of South Africa and all of its laws. The right to privacy as enshrined in the Constitution and further specifically protected by the Protection of Personal Information Act, 4 of 2013 (“Popia”). This notice sets out how we give effect to the right to privacy.
1. What is personal information?
The term “personal information”, as used in this notice, applies to information that may be used to identify an individual or a juristic person (i.e. for example a registered company).
Popia defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. The person to whom personal information relates is referred to in Popia as the “data subject”.
Our data subjects include our clients, employees, representatives, independent intermediaries and product and service providers.
Examples of personal information include, among others, contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture and language of the data subject.
In this notice, “we”, “us” or “our” refers to Assupol, and “you” or “your” refers to any of our data subjects.
2. What type of personal information do we collect?
The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose. When personal information is collected, we will indicate the purpose for the collection.
The personal information we collect can include your name, contact details, birth date, identity number, gender, employment details, marital status, family relations and history, insurance history, bank account details and medical or health information.
3. How we collect your personal information?
We collect information either directly from you, your employer or through our intermediaries. If we don’t collect your personal information directly from you, we will disclose the source from which we obtained it to you.
4. Providing your personal information is mandatory
Due to the nature of our business, you are required to provide certain personal information to us. If you do not want to provide the required personal information, we
will not be able to contract with you as a policyholder, employee, representative, independent intermediary or service provider.
5. Use of your personal information
We may use, store, transfer, disclose or share your personal information for the following purposes:
a) Providing you with quotations, for underwriting and processing your insurance applications;
b) Processing your insurance claims;
c) To confirm and verify your identity, or to verify that you are an authorised user of our services for security purposes;
d) Providing you with on-going administration services for the duration of a policy;
e) Collection of premiums due under a policy;
f) Fulfilling a transaction on your request;
g) For the detection and prevention of fraud, crime, money laundering or other malpractice;
h) To conduct market or customer satisfaction research or for statistical analysis;
i) To respond to your enquiries and complaints;
j) To inform you about our products, services and special offers.
6. Sharing of your personal information
We will only share your personal information with third parties if you have consented to such disclosure. If your consent has been obtained, we may share your personal information with third parties who are involved in the delivery of services to you. We have agreements in place with all such third parties to ensure that they comply with Popia.
Where we disclose your personal information to any third party, the third party will be obliged to use that personal information only for the reasons and purposes it was disclosed for. We may also be obliged to disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, or for the purposes of protecting the interest of clients, for example in the pursuit of fraud prevention or to give effect to an agreement.
7. Securing your personal information
We are committed to provide adequate protection for your personal information that we hold and to stop unauthorised access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
a) Physical security;
b) Computer and network security;
c) Access to personal information;
d) Secure communications;
e) Security in outsourcing any activities or functions;
f) Retention and destruction of information;
g) Governance and regulatory issues;
h) Monitoring access and usage of private information;
i) Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that your personal information, for which we remain responsible, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat such information with the same level of protection as we are committed to.
Should we at any point have to transfer your personal information across the borders of South Africa, we will ensure that any service providers used in the transfer of your personal information is bound by contract to the principles of this notice, and that the country to which your personal information is being transferred has privacy protection laws that provide protection to you similar to Popia.
8. Your right to access and rectify your personal information
You can request to review your personal information contained in our records at any time to correct or update the information. These requests will always be free of charge to you, and we will endeavour to make the process as friendly and efficient as possible. If the purpose for which your personal information was requested initially does not exist anymore, for example you no longer have a policy with us, you may request the information we hold to be deleted. However, we can decline your request to delete the information from our records if other legislation requires the continued retention thereof, or if it has been de-identified or otherwise safeguarded to be used for statistical, historical or research purposes.
9. Retention of your personal information
We retain your personal information even after the cancellation or termination of our agreement with you for statistical, historical and research purposes for the longer of the following periods:
a) For as long as may be required by any other law of South Africa that apply to us;
b) For a period not exceeding 20.
We will ensure strict compliance to this data retention policy, and that at the end of retention period, your personal information will be destroyed or disposed of in a manner which prevents its reconstruction in an intelligible form.
10. Communication to your and direct marketing
Other than communicating to you with regards to existing policies or other contracts between us, we will never use any form of electronic communication, including automatic calling machines, facsimile machines, SMSes or e-mail for purposes of direct marketing to you, unless you have provided us with consent for this purpose.
Where we obtain your consent, we will ensure that it is voluntary, specific and well informed. We will further ensure that you can withdraw the consent at any time, and we will immediately act on any request to withdraw consent for direct marketing.
We will ensure that we are always in a position to demonstrate proof of the consent you provided to us on your request.
Any form of direct marketing will always contain an easy to use method for you to opt out of receiving future direct marketing messages.
Although we take all practical precautions to ensure the security of communication sent to you via various communication channels, we cannot guarantee the security of these communications once sent.
11. Updating of this notice
We may update this notice periodically or as required by changes in legislation. An updated version is available on our website at www.assupol.co.za
or may be requested from our Information Officer whose contact details are also available on our website, or by contacting our call centre on 0861 BELONG (0861235664)
, or at any of our offices nationwide.
Download Privacy Statement