INVEST BAMBOO (PTY) LIMITED

POPIA PRIVACY AND DATA PROTECTION POLICY

1.        INTRODUCTION 

The FAIS Act provides for the protection of personal information of Clients; and The Protection of Personal Information Act, 2013 (“Privacy Policy”) provides for 8 Data protection Information principles to apply with to ensure the protection of all data that relates to companies, staff and Clients. The Promotion of Access to Information Act, 2 of 2000 provides for access to such information and in which instances it may be refused.

2.        PURPOSE 

Data privacy and data protection is important to the FSP and this Policy sets out the POPIA principles in line with existing FAIS requirements to ensure the safekeeping of all Data by the FSP and Persons/Employees/Parties (as applicable).      This Privacy Policy applies to all data obtained via our products, services, events operated by Bamboo, website https://investbamboo.co.za/       and its subdomains (collectively, “Website”) via our mobile application (the “Bamboo App”), including any content, component, functionality and/or service offered on or through the Website or Bamboo App (collectively and together with Website and Bamboo App, the “Platform” or “Service”) owned or controlled by Invest Bamboo (Pty) Limited, or its affiliated companies, which are entities that control, are controlled by or are under common control with us (“Affiliates”) (collectively, the “Company” or “we” or “our” or “us”).      

3.        DEFINITIONS 

•        Information: means any Data relating to the Data Subject and includes reference to personal information.

•        Data Subject: means the person to whom the personal information relates and can include Clients, staff and/or Company information.

•        Processing: Any use by any means of a Data Subject’s Information.

4.         WHAT IS PERSONAL INFORMATION?

In terms of POPI, "personal information" is defined as information relating to a natural/juristic person, including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

5     .        THE 8 POPIA PRINCIPLES

Principle 1: Accountability: The FSP must appoint an Information Officer who will be responsible for ensuring that the 8 POPIA information principles are implemented and enforced in the FSP.

Principle 2: Processing Limitation:  Only necessary Information should be collected, directly from the person to whom the Personal Information relates and with their consent and the processing should be for a lawful purpose.

Principle 3: Purpose specification: Personal Information should be collected for a specific purpose and the Data Subject must be made aware of the purpose for which it was collected.

Principle 4: Further processing limitation: Further processing of Personal Information must be compatible with the purpose for which the information was collected (Principle 3).

Principle 5: Information quality: Reasonable steps must be taken to ensure that all Information collected is accurate, complete, not misleading and up to date in accordance with the purpose for which it was collected (Principle 3).

Principle 6: Openness: The Party collecting the Information must be transparent and inform the applicable regulator if it is going to process the Information and ensure that the Data Subject has been made aware that his/her Information is going to be collected.

Principle 7: Security Safeguards: The integrity of the Information under the control of a party, must be secured through technical and operational measures.  

Principle 8: Data Subject Participation: Data Subjects have the right (free of charge) to request confirmation from the party that holds their Information on the details they hold and may request for it to be amended/deleted.  

6     .        PRACTICAL IMPLICATIONS OF THE POPIA DATA PROTECTION PRINCIPLES 

Appointment of the Information Officer:

The FSP has appointed an Information Officer who is a senior person in the FSP, who will be responsible for ensuring that the FSP has been properly informed and trained on ensuring the safekeeping and protection of Information in the FSP and that the required processes are implemented to ensure compliance. The Information Officer can be contacted at [email protected] and Deputy Information Officer at [email protected] 

Information Purpose:

The type of Information the FSP collects will depend on the purpose for which the Data is collected and used.

The FSP will collect the necessary Information from Data Subjects for various purposes, including the following:

 

•        rendering suitable services for e.g. financial services (including the rendering of advice and intermediary services) and administrative services to Data Subjects;

•        improving services and product offerings to Data Subjects;

•        providing information and resources most relevant and helpful to Data Subjects;

•        appointing suitable individuals/companies to provide financial services/products to Data Subjects;

•        ensuring compliance with legislation that requires specific information to be collected.

Access to Information:

•        Data Subjects have the right to request a copy of the Information that the FSP hold on them or their business. Should a Data Subject wish to obtain any such information, the Data Subject may request it by contacting the Information Officer on the details provided above. Any such access request may be subject to the payment of an allowable administration fee.

•        The FSP will not disclose or share Information relating to any Data Subject unless: it is specifically agreed with the Data Subject; it is already publicly available or in the interests of the public; required in terms of Law or if the FSP believes in good faith that the Law requires disclosure thereof.

•        The FSP’s PAIA Manual (in terms of the Promotion of Access to Information Act, 2 of 2000) sets out the process for access by third parties to a Data Subject’s Information kept by the FSP, and the instances in which it may be refused.

     

Disclosing Personal Information:

Service Providers

     

We engage service providers to perform functions and provide services to us. We may share your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions.

Authorized Personnel. Our employees, agents, consultants, contractors, or other authorized personnel, including those of our contractors, service providers, subsidiaries and affiliates, may have access to user information as necessary in the normal course of our business.

Business Transfers. In some cases, we may choose to buy or sell assets, or have engaged in discussions with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Service users is among the assets transferred. In these types of transactions, user information is typically one of the business assets that is transferred. Moreover, if the Service, the Company, or substantially all of its assets, were acquired, liquidated, or dissolved, personal information would be one of the assets that is transferred.

We also may exchange information, including, without limitation, Personal Information, with other companies and organizations to protect the rights, property, or safety of the Company and its affiliates, personnel, users, third parties, or others. We reserve the right to disclose a user’s Personal Information if we believe, in good faith, that the user is in violation of the Terms of Service, even without a subpoena, warrant or other court order.

Social Media Networks. We may include applications or widgets from social media networks that allow interaction or content sharing by their users.

     

 These widgets, such as a Facebook “Share” or “Like” button, are visible to you on the web page you visit. Integration between the Service and social media networks such as Facebook, Twitter and others may allow social media networks in which you participate to collect information about you, even when you do not explicitly activate the network’s application or widget. Please visit the applicable social media network’s privacy policy to better understand their data collection practices and choices they make available to you. The privacy policy of the social media network controls the collection, use and disclosure of all personal information transmitted to that network.    

 

Collection of Information:

•        General: The FSP collects Information in various ways e.g. directly from individuals (for example, when purchasing a financial product, registering an account, using a product, or signing up for a newsletter), from employers, publicly available information, through cookies, and/or similar technology. Where possible, the FSP must inform Data Subjects which information they are legally required to provide to the FSP, and which information is optional. With the Data Subject’s consent, the FSP may supplement the information with other information received from other companies and/or organizations such as the South African Revenue Services (SARS) in order to enable the FSP to render suitable and proper services to Data Subjects.

•        User Supplied Information: The Data Subject may be required to provide some personal information, for example, his/her name, address, phone number, email address, payment card information (if applicable), and/or certain additional categories of information as a result of using/receiving financial services, purchasing financial products, and using websites and related services. The FSP will keep this information in a contact database for future reference, as needed.

•        Marketing: The FSP may use certain Information provided by Data Subjects to offer them further services that the FSP believes may be of interest to them or for market research purposes. These services are subject to prior consent being obtained from Data Subjects. If a Data Subject no longer wishes to receive further services or offers from the FSP, IT may unsubscribe from the services or contact the Information Officer at the contact details provided above.

•        Usage and Web server logs: The FSP may track information about a Data Subject’s usage and visits on the FSPs website. This Information may be stored in usage or web server logs, which are records of the activities on the FSP’s services, products and/or sites. The FSP’s servers automatically capture and save such Information electronically. Some examples of the Information that may collected include the Data Subject’s:

o        Unique Internet protocol address;

o        Name of the Data Subject’s the unique Internet Service Provider

o        The city, state, and country from which a Data Subject accesses the FSP’s website

o        The kind of browser or computer used;

o        The number of links clicked within the site;

o        The date and time of visits to the site;

o        The web page from which the Data Subject arrived on the FSP’s site;

o        The pages viewed on the site;

o        Certain searches/queries conducted on the site via the FSP’s services, products and/or websites.

o        The information collected in usage or web server logs help the FSP to administer the services, products and sites, analyse its usage, protect the product and/or website and content from inappropriate use and improve the user's experience.

•        Cookies: In order to offer and provide a customized and personal service through the FSP’s products and websites, the FSP may use cookies to store and help track information about the Data Subject. A cookie is a small text file sent to the Data Subject’s device that the FSP uses to store limited information about the Data Subject’s use of the services, products or website. The FSP uses cookies to provide the Data Subject with certain functionality (such as to enable access to secure log-in areas and to save the Data Subject having to re-enter Information into product, services or website forms) and to personalize the FSP’s services, products or website content. Without cookies, this functionality would be unavailable.

Retaining of Information:

The FSP may retain personal information for purposes of reporting, administration, monitoring its website or to communicate with Data Subjects. Information may be retained only to serve the purpose of collecting the Information and be deleted/destroyed once the purposes has been fulfilled, subject to other regulatory requirements where Information is to be kept for a specific prescribed period. Information and records of a personal nature of Clients and/or Employees will be stored for a period of 5 years before being destroyed.

Correcting/Amending/Updating/Deletion of Information:

Data Subjects are required to inform the FSP should there be any changes to the Information kept by the FSP. A Data Subject may request the FSP to correct, amend, update or delete its Information at any time when applying or making use of any financial products or services of the FSP, by contacting the Information Officer at the contact details provided above. The FSP will take all reasonable steps to confirm the Data Subject’s identity before making changes to Information.

Information Security:

The FSP shall apply the following measure to ensure security of Personal information:

•        The FSP will take all reasonable precautions to protect Information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

•        The FSP will not sell, rent, or lease mailing lists with Information to third parties and will not make a Data Subject’s Information available to any unaffiliated parties, except for approved agents, suppliers and contractors, or as otherwise specifically provided for, as agreed with the Data Subject in writing or as required in terms of any Law.

•        The FSP may disclose Information of a Data Subject or Information about a Data Subject’s usage of the FSP’s financial services, financial products, websites or mobile applications to unaffiliated third parties as necessary to enhance services, financial product experience to meet the FSP’s obligations to content and technology providers or as required by law, subject to agreements in place that provides for the protection of Information of Data Subjects.

•        The FSP has implemented appropriate security measures to help protect Information against accidental loss and from unauthorized access, use, or disclosure. The FSP stores Information about Data Subjects in a restricted access server with appropriate monitoring and uses a variety of technical security measures to secure Information, including intrusion detection and virus protection software. The FSP may also store and process Information in systems located outside the FSP’s premises or the Data Subject’s home country. However, regardless of where storage and processing may occur, the FSP takes appropriate steps to ensure that Information is protected as required under relevant Data Protection/Privacy laws.

•        The Data Subject’s access to some of the FSP’s services and content may be password protected and non-disclosure of such usernames and passwords are required to ensure the safekeeping of the Data Subjects Information. It is recommended that the Data Subject sign out and close the browser of the account or service at the end of each session.

•        The FSP is legally obliged to provide adequate protection of Information, hold and  prevent unauthorised access and use of Information, The FSP is therefore committed to ensure that all Information of the Data Subject (FSP, Clients and/or Employees) will be kept safe and secure and not be disclosed to any unauthorized third parties, without the consent of the relevant Data Subject.

•        The FSP may from time-to-time transfer Information within and between various worldwide locations in compliance with the country of origin’s regulations and this Policy.

•        Persons/Employees/Parties (as applicable) are not allowed to disclose any Information to any unauthorized third party as it may lead to a breach, disciplinary action and possible dismissal.

•        The FSP takes reasonable steps to protect Personal Information, which is held in a firewalled server. The FSP can however not guarantee the security of information transmitted to it electronically from Data Subjects and they do so at their own risk. The FSP maintains administrative, technical and physical safeguards to ensure protection of information against loss, misuse or unauthorized access, disclosure, alteration or destruction of the information provided to the FSP by the Data Subject or you’re the Data Subjects employer.  The FSP seeks to ensure compliance with Data Protection/Privacy regulations, laws and industry best practices in respect of the security of a Data Subjects Personal Information.  and despite the FSP’s best endeavours to ensure protection of information. Where the Data Subject is located in another country with other data protection/privacy laws, the FSP may transfer Personal Information to such other countries but they may not always guarantee the same level of protection for Personal Information as the one in which the Data Subject resides (despite the FSP’s best endeavours to ensure protection of Information. By providing information to the FSP, the Data Subject consents to these transfers.

 

     7.          COMPLAINTS

You have the right to address any complaints you may have regarding your personal information through our normal Complaints channels, details of which are available on our website. Alternatively, you may contact the Personal Information Regulator:

The Information Regulator (South Africa)

SALU Building

316 Thabo Sehume Street

0001 PRETORIA

Tel:  012 406 4818

Fax: 086 500 3351

[email protected].za

We value your privacy

We use cookies to provide you with the best possible experience on our website. Cookies help you navigate efficiently and improve functionality. By clicking "Accept All", you agree to the use of cookies as described in our Cookie Notice.