POPI Compliance

Everything you need to know

THE PROTECTION OF PERSONAL INFORMATION ACT – PRIVACY NOTICE

Introduction

The right to privacy is an integral human right recognised and protected in the South African Constitution and the Protection of Personal Information Act 4 of 2013 (“POPIA”).

POPIA aims to promote the protection of privacy by providing guiding principles that are intended to be applied to the processing of personal information in a context-sensitive manner.

Through the provision of quality services, INfund Solutions is necessarily involved in the collection, use and disclosure of certain aspects of the personal information of clients, customers, employees and other stakeholders. A person’s right to privacy entails having control over his or her personal information and being able to conduct his or her affairs relatively free from unwanted intrusions.

Commitment to compliance with POPI

Given the importance of privacy, INfund Solutions is committed to effectively managing personal information in accordance with POPIA’s provisions. To meet the requirements of POPI, INfund Solutions has drafted a POPI Risk Management Programme which includes:

  • Development and implementation of Information processing plan and procedures, including the safeguards of personal information required under POPI.
  • Development and implementation of a compliance monitoring plan.
  • Appointment of Information Officer.
  • Delegation of duties to staff and training on their duties.
  • Development of disclosures and client POPI engagement processes.
  • Documentation of relationships with third parties on the sharing of personal information and/or service agreements for the outsourcing of certain POPI obligations.

Information Officer

INfund Solutions appointed Siya Maki as its Information Officer. All correspondence to the Information Officer may be submitted via the Deputy Information Officer by e-mail to: Paul von Stein at paul@INfund.co.za

Privacy Statement

INfund Solutions is committed to processing personal information in accordance with the below principles when collecting, recording, storing, disseminating, and destroying personal information, and responding to government requests for our users’ data:

  • We shall process your personal information for a specific, lawful reason and only adequate, relevant information which is limited to the purposes for which they are processed, and which relates to the functions or the activity of INfund Solutions.
  • If you cancel your services with INfund Solutions, we will delete or otherwise de-identify your personal information after the minimum storage periods required under our risk and statutory record-keeping periods have expired.
  • We take measures to ensure data is kept safe and prevent loss of, damage to, or unauthorized destruction of personal information, and unlawful access to or processing of personal information.

INfund Solutions renders services to Retirement Funds. Those Retirement Funds may from time to time share personal information of such members with us to enable us to render services to the members. INfund Solutions does not collect and process special personal information unless it is a requirement by law to process such information as part of our service delivery. We may collect information about minor dependents of members of the Funds in order to render services to the members. We shall strictly limit processing of such information to the purpose of servicing the member. We do not otherwise knowingly collect personal information from children (under 18 years of age) without the permission of their parent/s or guardian.

INfund Solutions and its employees may disclose personal information to:

  • other service providers directly involved in the rendering of services or the provision of products to the clients;
  • to service providers, it is engaged with to assist it to manage its day-to-day operations, such as accountants, compliance officers, administration etc, if INfund Solutions has a duty or a right to disclose same in terms of law or certain industry codes, or if it is necessary to protect INfund Solutions’ legal rights and interests,
  • to regulators when required.

We undertake to review and update our security measures in accordance with future legislation and technological advances. Access to client data from within our organisation is limited to essential staff or specialist contractors that are required to access our systems for client service or maintenance purposes, and who are bound by the requirements of the legislation and are required to maintain safety and security measures. INfund Solutions will not transfer personal information to a third party in a foreign country without ensuring that such transfer complies with the provisions of POPI.

Request to access personal information procedure

In terms of POPI, data subjects have the right to:

  • Request what personal information INfund Solutions holds about them and why.
  • Request access to their personal information.
  • Be informed on how to keep their personal information up to date.

Access to information requests can be made by email, addressed to the Information Officer at the details listed under the relevant section. The Information Officer will provide the data subject with a “Personal Information Request Form”.

Once the completed form has been received, the Information Officer will verify the identity of the data subject before handing over any personal information. All requests will be processed and considered against INfund Solutions’s Promotion of Access to Information Act (PAIA) Policy.

The Information Officer will process all requests within a reasonable time.

POPI Complaints and objections procedure

A client has a right to object to the use of personal information, however in certain instances failure to provide us with personal information may result in the inability to deliver said services or products to data subjects, or data subjects shall receive limited services.

Data subjects have the right to complain in instances where any of their rights under POPIA have been infringed upon. INfund Solutions takes all complaints very seriously and will address all POPI related complaints in accordance with the following procedure:

  • POPI complaints must be submitted to INfund Solutions in writing. Where so required, the Information Officer will provide the data subject with a “POPI Complaint Form”.
  • The Information Officer will provide the complainant with a written acknowledgement of receipt of the complaint.
  • The Information Officer will carefully consider the complaint and amicably address the complainant’s concerns. In considering the complaint, the Information Officer will endeavor to resolve the complaint in a fair manner and in accordance with the principles outlined in POPIA.
  • Where the data subject is not satisfied with the Information Officer’s suggested remedies, the data subject has the right to complain to the Information Regulator.

The Information regulator’s contact details are as follows:

Complaints email: complaints.IR@justice.gov.za

General enquiries email: inforeg@justice.gov.za