Fairsure acknowledges and supports individual rights including the fundamental human right to privacy. Accordingly, we will ensure that personal information is collected and handled in a transparent and lawful manner in alignment with the Protection of Personal Information Act, 2013 (POPIA).
It is important that you read this Statement carefully before submitting any information to Fairsure:
- By submitting any information to Fairsure, you provide consent to the processing of your personal information as set out in this Statement.
- The provisions of this Statement are subject to mandatory, unalterable provisions of applicable laws.
- If you do not consent to the provisions of this Statement, or parts of the Statement, we may not be able to provide products and services to you.
Our responsibility to you is governed by our contractual arrangement, which requires us to be compliant with all applicable data protection laws and regulations. As such, we do all that is necessary to ensure that any non-compliance risk is mitigated. We promise:
- To implement reasonable computer (logical), physical and procedural (process) safeguards to protect the security and confidentiality of the information we collect.
- To limit the information collected to the minimum required to provide a better service and/or product or meet our other goals.
- To permit only properly trained, authorised employees to access information.
- Not to disclose your information to external parties unless consent has been provided or we are required or permitted by law to do so.
This privacy statement applies to all the companies making up Fairsure, with the specific company processing your information being dependent on the specific service provided.
3. PURPOSE AND USE OF INFORMATION
We collect and use personal data to administer our relationship with you, including to respond to your enquiries or complaints, to provide our products and services to you, to manage our contracts with you, to inform you about our products and services, to administer and improve our services, to respond to requests from authorities, to comply with our contractual and legal obligations, and for other legitimate business purposes.
Personal information we process is required to provide you with the following:
- Delivery of the contracted service (i.e. employee benefits consulting or administration of retirement funds, including but not limited to contributions and benefits processing).
- Delivery of product (where applicable).
- Personalisation of content, business information or member experience.
- Account set up and administration.
- Legal obligations (e.g. prevention of fraud).
- Meeting internal/external audit requirements.
To achieve this, we collect the following type of personal data:
In respect of clients and third parties:
- Personal details of principals (including full names, identity numbers, contact details)
- Full address details
- Contact numbers
- Email addresses
- Financial and payment data such as banking details, invoices and payment terms as well as any personal data for fulfilling and legitimate processing billing information.
In respect of members:
- First name
- Last name
- Identity / Passport number
- Full address details
- Contact numbers
- Email addresses
- Employment information (including Employer details and salary etc.)
- Beneficiary details
- Dependent details
- Banking details
- Online user name (for use of the mobile application or website)
4. INFORMATION DISCLOSURE
All processing of personal information data takes place at Fairsure offices, 11th floor, 117 Strand Street, Cape Town, 8001. Hosting and storage of personal information takes place here.
Notwithstanding anything to the contrary in this Statement, Fairsure reserves the right to disclose any information about you if we are required to do so by law, and if we believe that such action is necessary to: (a) fulfil a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our website, or other users; or (d) in an emergency to protect the health and safety of our website’s users or the general public.
Authorised Fairsure employees will have access to some or all your information.
Your personal data may be disclosed to third party service providers, acting on our behalf, in connection with managing services, data analytics, finance, and accounting or other administrative services and information technology support. These parties will have access to your information as reasonably necessary to perform these tasks on our behalf. Where we contract with service providers, and wherever possible, we impose contractual obligations on them to ensure that your information is handled and secured in accordance with law and industry good practise.
In terms of POPIA and other relevant Acts, we will keep your personal records for no longer than is necessary for the purposes for which it was collected and processed, and not longer than as specified by the relevant applicable laws unless we have your consent to process it indefinitely. After this period, your personal data will be irreversibly destroyed.
6. PROTECTION OF INFORMATION
Fairsure will take reasonable steps to protect the information we collect, hold and process from misuse, loss and from unauthorised access, modification, or disclosure. We hold information at our own premises.
These controls are in line with the principles and requirements of the Act, governed by our Information Security Policy, and is being enhanced on an on-going basis. These controls include, but are not limited to:
- Physical and logical access controls.
- Password controls.
- Period review of access to critical systems.
- Portable media controls.
- Virus management and firewalls.
- Information Security Policies and Cyber security controls.
7. CROSS BORDER TRANSFERS
Fairsure generally does not transfer personal information outside South Africa. Where there is a requirement, we will do so in accordance with applicable data protection laws. Wherever possible, we try to only use service providers that are in countries with similar or more stringent levels of protection.
8. BREACH NOTIFICATION
A security compromise or information breach can be described as unlawful access to or disclosure of personal information. Such incidents are governed by our Security Incident Response process.
When there are reasonable grounds to believe that personal information has been accessed, altered, deleted or acquired by any unauthorised person, we will notify the Information Regulator and yourself.
This notification will be done in accordance with the provisions of POPIA and as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and restore our systems.
9. YOUR RIGHTS TO ACCESS TO INFORMATION
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted (where applicable). Please contact us through the contact details as given below, whereupon you will be sent a Data Subject Access Request Form.
You have the right:
- free of charge, to confirm with us whether we hold any information about you.
- at a prescribed fee:
- to request the record of information held by us
- to request a description of the information held by us, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information
- to update and correct any out-of-date or incorrect information we hold about you.
- destroy or delete a record of information of you which we are no longer authorised to retain.
Before we provide you with access to your information, we may require proof of identity. We may refuse to disclose some information in accordance with PAIA.
Should you wish to complain about how we have handled your personal data, please contact Information Officer at InformationOfficer@Fairsure.co.za or in writing to 11th floor, 117 on Strand, 117 Strand Street, Cape Town, 8001. Our Information Officer will then investigate your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Regulator and file a complaint with them.
10. CHANGES TO THIS STATEMENT
This statement maybe amended from time to time for any of the following reasons:
- Provide for the introduction of new systems, services, and products.
- Comply with changes to any legal or regulatory requirement.
- Rectify any inaccuracies that may be discovered from time to time.
Our information officer contact details are:
Address: 11th floor, 117 Strand Street, Cape Town, 8001
Telephone: 0860 004 400
The Information Regulator (South Africa) contact details are as follows:
Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017