Privacy Policy Statement
Ensimini Financial Services (Pty)Ltd and Ensimini Administration Services (Pty)Ltd (hereafter referred to as Ensimini) recognizes its obligations as Responsible Party and as an Operator in respect of the retirement funds we provide services to under the Protection of Personal Information Act 4 of 2013 (POPIA).
1. Processing of personal information
POPIA requires the Responsible Party to ensure that it and any of its Operators comply with the conditions for lawful processing of personal information as set out in POPIA when it determines the purpose of processing the personal information and every time the company or its operators actually processes it.
We or anyone else collecting personal information on our behalf may only do so for a, “specific, explicitly defined and lawful purpose”
A Responsible Party or Operator may only process personal information if one or more grounds exist.
Grounds are:
- The data subject (or their parent or guardian if it’s a minor child ) consents to the processing
- Processing the personal information is necessary for the performance of a contract to which the data subject is party
- Processing complies with a legal obligation on the company
- Processing protects the data subject’s legitimate interest
- Processing is necessary for a public body to properly perform a public law duty (this condition cannot apply to us unless we are processing personal information for a public body).
- Processing is necessary to pursue the company’s or a third party’s legitimate interest, provided that the information is supplied to that third party.
Ensimini ensures that:
- The conditions of lawful processing of personal information are complied with;
- Processing is done in a responsible manner that does not infringe on the privacy of a data subject;
- Taking into account the purpose for which it is processed, the processing is adequate, relevant and not excessive;
- The required consent and justification is applied in processing personal information;
- Allowance is made for the data subject to object to processing of personal information subject to certain limitations and procedures;
- Personal Information is collected directly from the data subject;
- Personal information is collected for a specific , explicitly defined purpose related to our functions;
- Necessary record management policies, processes and standards are in place to ensure appropriate retention, restriction, archiving or destruction of records of personal information are in place;
- Further processing of personal information is compatible with the purpose for which it was collected;
- Necessary processes are in place to ensure personal information is complete, accurate, and updated where necessary;
- The data subject is aware of certain specified information that is held by Ensimini;
- Security safeguards are in place to ensure integrity and confidentiality of personal information under its control.
1.1 Why we collect Personal Information
We collect Personal Information for the purpose of:
- Providing retirement benefits and services to the members of the Retirement Funds we administer;
- Complying with our legal obligations under the Pension Funds Act 24 of 1956, the Income Tax Act 58 of 1962, the Financial Sector Regulation Act 9 of 2017, and other applicable laws and regulations;
- Protecting our legitimate interests, such as managing the Fund's assets and liabilities, preventing and detecting fraud, ensuring the security of our systems and data;
1.2 What Personal Information do we process
- Your name, date of birth, gender, marital status, identity number, passport number, tax number, contact details, bank account details, and other identification information.
- Your employment details, such as your employer, job title, salary, service period, contribution rate, and leave records.
- Your membership details, such as your member number, benefit option, contribution history, investment choice, fund value, benefit statement, withdrawal or retirement application, and beneficiary nomination.
- Your beneficiary details, such as their name, date of birth, gender, relationship to you, identity number, passport number, tax number, contact details, bank account details, and other identification information.
2. Notification and Management of Data Breaches
Ensimini’s Information Officer will manage notifications of data breaches in terms of our data protection policy.
This means that:
- In general, all incidents must be reported to the Information Officer;
- The Information Officer must authorise all notifications to the Information Regulator, the authorities, or data subjects in writing;
- The Information Officer must approve all external communications about an incident;
- The Information Officer must, in consultation with the board, 1.decide where and how to allocate resources to handle breaches; and
- The Information Officer must assemble a response team and instruct them on their specific responsibilities.
3. Data Subject Participation
3.1 Providing Access to Personal Information
A data subject may enquire if we have any personal information about them (and who has accessed it) and for a copy of that personal information. If they request the information, the data subject must furnish us with adequate proof of their identity. We may charge a fee to confirm if we have their personal information (or not), and we may charge a fee to provide a copy thereof.
When we provide a copy of their personal information, we must advise them of their right to request us to correct it. There are legislated turnaround times for responses to requests and refusals must comply with statutory grounds of refusal. PAIA applies to requests and refusals under POPIA.
3.2 Asking for Correction or Deletion of Personal Information
A data subject may request us to correct or delete any personal information in our possession that is incorrect or has been retained beyond the period it is allowed to be retained in terms of POPIA.
We must then, as soon as reasonably practicable correct it, delete it or give the data subject evidence showing that they have already deleted it (to the data subject’s satisfaction). Or mark the information as uncorrected even though the data subject has made a request to correct it (where we and the data subject can’t agree on how to correct the information). We must keep the data subject informed about the outcome of their request.
Information Officer:
Belinda Botes
E-mail: Belinda.Botes@ensimini.com