RSUM Privacy Notice Dec 2024

RSUM (PTY) LTD

Privacy Notice in terms of the Protection of Personal Information Act No. 4 of 2013 (South Africa)

Physical Address:

70 MainRoad, Paarl 7646

Domicillium Address:

70 MainRoad, Paarl 7646

Information Officer:

Pierre Marais

Telephone Number:

021 271 1020

E-mail:

info@rsum.co.za

INDEX

No.

Heading

Page

1.

Purpose of this notice

3

2.

Who is RSUM

3

3.

Definitions

3

4.

The Data we may collect

4

5.

How do we collect personal information

4

6.

How we use your personal information

5

7.

Who we share your personal information with

5

8.

International Transfer of Information

6

9.

Data security

6

10.

Data Retention

7

11.

Your rights

7

12.

How to contact us

7

13.

Changes to this privacy notice

8

14.

Information collected and what it is used for

8

15.

Information Regulator

8

1.

PURPOSE OF THIS PRIVACY NOTICE

The Protection of Personal Information Act, No. 4 of 2013 (South Africa), hereinafter referred to as POPIA protects your privacy and protecting your personal information.

As RSUM we subscribe in full to POPIA and the protection of the data of our Data Subjects are extremely important to us.

This notice describes how and why we collect and assess the data collected to provide the cover as quoted and accepted by the insured and also the requirements placed upon us by law to store and or share or otherwise process personal information.

It also details your rights in relation to your personal information and how to contact us if you have any questions or complaints.

This document will be updated from time to time and it will always be available on request.

2.

WHO IS RSUM

RSUM (Pty) Ltd is duly appointed and mandated FSP who are authorised on behalf of WESTERN NATIONAL INSURANCE COMPANY LTD to provide specialized liability covers.

3.

DIFINITIONS

Please find herewith the definitions as used in the notice:
We, us or our
means RSUM (Pty) Ltd
Personal information means

means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
  2. Information relating to the education or the medical, financial, criminal, or employment history of the person;
  3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
  4. The biometric information of the person;
  5. The personal opinions, views, or preferences of the person;
  6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. The views or opinions of another individual about the person; and
  8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
POPI Act
means the Protection of Personal Information Act 4 of 2013, as amended from time to time.
Processing

means any operation or activity, or any set of operations, whether or not by automatic means, concerning personal information, including:

  • The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, or use
  • Dissemination by means of transmission, distribution or making available in any other form; or
  • Merging, linking, as well as restriction, degradation, erasure, or destruction of information.
PAIA

means the Promotion of Access to Information Act, No. 2 of 2000.

4.

THE DATA WE MAY COLLECT

On the receipt of a request to assess information with the objective to provide insurance cover we would need to process only the information relevant to the request to provide cover.

We may collect and process the following information about our data subjects:

  1. Identity data being that of a legal entity and its directors or executive staff, or other relevant staff; or
  2. Identity data for natural persons;
  3. Including the name of the risk; contact information which by legislation will include email addresses, telephone numbers, physical addresses, postal address and other relevant information which is needed to uniquely identify the data subject; but
  4. Data request must be relevant to the business activities performed; and
  5. Data relevant to perceived risks; and
  6. Financial Data required to assess the data subject and to be able to provide a quotation; and
  7. Your verified banking details provided in a specific format which will allow Western National to debit your bank account; and
  8. Such other personal information as is reasonably required by us to engage with you and/or provide services to you.

5.

HOW DO WE COLLECT PERSONAL INFORMATION

We can only collect or obtain personal information about you through the means of a specific proposal form relative to the business sector in which you conduct your business and this can only be done as follows:

  1. Directly from you through the interaction of your broker and
  2. where required through the course of our interactions with you, but
  3. at all times with the consent or in the presence of your broker when you attend meetings where we are present; or
  4. when you visit and/or interact with us on any platform or any other social media platforms or IT services; or
  5. From publicly available sources; or
  6. From a third party who is authorised to share that information; and
  7. Via a mobile or other software / apps developed for us or your Broker.

6.

HOW WE USE YOUR PERSONAL INFORMATION

The personal information we may collect and why and how we use it depends on the type of insurance cover required by the data subject.

RSUM Acknowledge that POPIA requires that personal information “is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.

Further, the POPI Act provides that personal information may only be processed if:

  1. the Data Subject, or a competent person where the Data Subject is a child, consents to the processing;
  2. processing is necessary to carry out actions for the conclusion of an insurance contract to which the Data Subject is party;
  3. processing complies with an obligation imposed by law;
  4. processing protects a legitimate interest of the Data Subject;
  5. processing is necessary for the proper performance of a public law duty by a public body; or
  6. processing is necessary for pursuing the legitimate interests of RSUM or of a third party to whom the information is supplied.

We have set out below a list of the types of information we collect and explains why we collect and use it.

We may collect other personal information from time to time where you provide it to us, as is necessary for our business requirements, or in order to comply with applicable laws, regulations or rules.

Where it is lawful and practicable for us to allow it, you have the right not to identify yourself when dealing with us. However, if you don’t provide us with your personal information, it may impact our ability to engage with you and/or provide services to you.

7.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH

Depending on the circumstances, we may share Personal Information with the parties set out below for the purposes set out in the table:

  1. Your Auditor, our Insurer, Your authorised Insurance Intermediary, legal and other professional advisers or other third parties who help us deliver our services, including the investigation and settlement of your claims;
  2. Information Technology and other service providers who manage or store the personal information;
  3. Government and law enforcement authorities;
  4. Financial institutions;
  5. Other third parties where disclosure is required by law or otherwise required for us to perform our obligations and provide our services; and
  6. To any other person with your consent to such disclosure.
  • We require all Third-Parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our Third-Party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions. We take reasonable steps to protect the confidentiality and security of your personal information when it is disclosed to a third party and seek to ensure the third-party deals with your information in accordance with our instructions, applicable privacy laws, and only for the purpose for which it is disclosed. Data processing agreements, addendums or clauses are concluded or agreed to with all third-party operators.

8.

INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

We may transfer your Personal Information to recipients outside the Republic of South Africa for the purposes of insurance requirements by Re-insurers or other related third party’s forthcoming from the providing of a service which is related to your insurance cover placed through RSUM. We will ensure hat if we disclose personal information to a country outside the borders of South Africa, that we will take appropriate safeguards to protect your personal information to ensure that the recipient will handle the information in a manner consistent with this notice and the level of protection provided for in the POPI Act.

We will act in the following manner:

  1. Some of our External Third-Parties are based outside South Africa, so their processing of your Personal Information could involve a transfer of data outside the Republic.
  2. Whenever we transfer your Personal Information outside South Africa, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implement
  1. We will only transfer your Personal Information to countries that have appropriate data protection and privacy legislation to protect your Personal Information.
  2. Where we use certain service providers, we conclude an agreement with them to confirm that your Personal Information is confidential, they can only process on our instructions and that they should establish and maintain appropriate technological and organisational measurements to protect your Personal Information.
  3. By submitting your Personal Information to us you consent to the transfer of your Personal Information outside the borders of South Africa (when required). In some cases, the third parties to whom we may disclose your personal information may be located outside your country of residence (for example, in a cloud service, system or server), and may be subject to different privacy regimes.

9.

DATA SECURITY

We have put in place appropriate technological and organisational measures to prevent Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use a range of physical, electronic, and procedural safeguards to do this. We update these safeguards regularly to address new and emerging security threats.

We also train our people on privacy matters as appropriate and seek to limit access to personal information to those of our people who need to know that information.

In addition, we limit access to Personal Information to those employees, contractors and other third-parties who have a business need to know. They will only process Personal Information on our instructions, and they are subject to a duty of confidentiality.

Where there are reasonable grounds to believe that your personal information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the information regulator and you, unless a public body responsible for detection, prevention or investigation of offences, or the information regulator, informs us that notifying you will impede a criminal investigation.

We may hold your personal information in electronic or in hard copy form. We may keep this information at our own premises, or at sites managed by our service providers.

10.

DATA RETENTION

Technically we retain all information received for quotation purposes for future reference as is in line with acceptable standards in the insurance Industry.

We retain records as per the applicable regulations in our industry, which requires us to retain records up to a minimum of 5 years after cancellation or last transaction of the policy.

RSUM do delete records as per our FAIS act after a period of five years elapsed after the last transaction being cancellation of the policy and it is purged by our service provider. We do have a SoP for this practice and a responsible person who applies this practice monthly.

11.

YOUR RIGHTS

Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Information to ask what personal information we hold about you;

  1. Request access to the personal information that we hold about you;
  2. Ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you;
  3. Object to the processing of your personal information.

If you wish to exercise any of these rights or should you have any queries regarding the personal information that we hold about you, you can contact us at the details provided in this document.

To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity.

If you want us to delete all personal information we have about you, we are obliged to adhere to the industry legislation which are obliged to adhere to and we can refuse to delete your information if we are required by law to retain it, or if we need it to protect our rights or legitimate interests.

12.

HOW TO CONTACT US

Any query, concern or complaint should be made in writing to info@rsum.co.za if you have a question, concern, or complaint regarding the way in which we handle your personal information, or if you believe that we have failed to comply with this notice or breached any applicable laws in relation to the management of that information, you can make a complaint.

If you wish to make a request to access your personal information in terms of Section 23 of the POPI Act, please follow the procedure described in the PAIA manual.

13.

CHANGES TO THIS PRIVACY NOTICE

This notice was published on 30 June 2021 and

This notice was last updated on 30 June 2021.

14.

TYPES OF INFORMATION WE COLLECT AND WHY WE USE IT

The table below sets out a list of the types of information we collect and why we use it.
Information Type
Reasons why we require this information
Identification information: the name of the risk; contact information which by legislation will include and other relevant information which is needed to uniquely identify the data subject
Information is required to issue a legitimate policy document required by various laws and legislation which are applicable on our specific industry.
Contact information: such as, email addresses, telephone numbers, physical addresses, postal addresses
We are required by various acts and legislation to have all insured’s contact details available to be able to communicate to all insured’s at any given time.
Banking information as provided on a Debit order Authority
Collection of premiums in our industry is affected through means of a Debit Order authority granted to the insurer.
Underwriting information contained in the relevant proposal forms and supporting documentation required
Inherent risk factors and information are disclosed for an assessment of the risk to determine the suitability of placing the risk onto appropriate insurance cover and also to determine the premium relevant to that risk.
Claims related information
We are provided by the insured with a notification of a potential claim. We will then require relevant and specific information depending on the type of claim in order to assess the appropriate handling and or settlement of such claim.

15.

INFORMATION REGULATOR

Technically we retain all information received for quotation purposes for future reference as is in line with acceptable standards in the insurance Industry.

Physical address:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address:

P.O Box 31533, Braamfontein, Johannesburg, 2017

Complaints e-mail:

complaints.IR@justice.gov.za

General enquiries email:

inforeg@justice.gov.za