POLICY ON PROTECTION OF PERSONAL INFORMATION

(ALSO KNOWN AS “POPIA”)

EWING TRUST COMPANY (PTY) LTD

Authorised Financial Services Provider FSP 713

(Hereinafter referred to as ‘ETCL’)

  1. INTRODUCTION
    1. ETCL is an authorised financial service provider who is obliged to comply with The Protection of Personal Information Act (‘POPIA’).
    2. POPIA requires ETCL to inform their clients as to how their Personal Information is used, disclosed and destroyed.
    3. ETCL guarantees its commitment to protecting the privacy of their clients and ensuring their Personal Information is used appropriately, transparently, securely and in accordance with applicable laws.
    4. This Policy sets out how ETCL deals with the Personal Information of their clients and in addition for what purpose the said information is used for.
  2. THE PERSONAL INFORMATION COLLECTED
    1. Section 9 of POPIA states that “Personal Information may only be processed if given the purpose for which it is processed; it is adequate, relevant and not excessive.”
    2. The FSP collects and processes the Personal Information of clients that pertains to their Financial Needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, the FSP will inform the client what information they are required to provide ETCL with and what information is optional.
      Examples of the Personal Information ETCL collects includes but is not limited to:
      1. Client’s identity number, name, surname, address, postal code, marital status and how many dependents he or she has;
      2. Description of client’s residence, business and assets; and
      3. Any other information required by ETCL, their suppliers and insurers in order to provide clients with an accurate analysis of their financial needs.
    3. ETCL also collects and processes the Personal Information of clients to ensure that their products and services remain applicable to their clients and potential clients.
    4. ETCL has agreements in place with all product suppliers, insurers and third party service providers to ensure that there is a mutual understanding with regard to the protection of client personal information.

      Our suppliers are subject to the same regulations as what we are subjected to.

    5. With the consent of clients, ETCL may also supplement the information provided with information received from other providers in order to offer a more consistent and personalized experience in the interaction that clients have with ETCL.
    6. For purposes of this policy, clients include potential and existing clients.
  3. HOW PERSONAL INFORMATION IS USED
    1. The personal information of clients will only be used for the purpose for which it was collected and agreed.

      This may include:

      1. Providing products or services to clients and to carry out the transactions requested;
      2. For confirming, verifying and updating details of clients;
      3. For purposes of providing financial advice;
      4. For the detection and prevention of fraud, crime, money laundering or other malpractice;
      5. For conducting market or customer satisfaction research;
      6. For audit and record keeping purposes;
      7. In connection with legal proceedings;
      8. For providing our services to clients to carry out the services requested and to maintain and constantly improve the relationship;
      9. For providing communications in respect of ETCL and regulatory matters that may affect clients; and in connection with, and to comply with legal and regulatory requirements as and when it is allowed by law.
    2. According to Section 10 of POPIA personal information may only be processed if certain conditions are met which are listed below along with supporting information for ETCL’s processing of personal information:
      1. Client consents to the processing: consent is obtained from clients during the introductory, appointment and needs analysis stage of the relationship;
      2. The processing is necessary: in order to conduct an accurate Analysis of the client’s financial needs and certain personal information is required;
      3. Processing complies with an obligation imposed by law on ETCL. The Financial Advisory and Intermediary Services Act (‘FAIS’) requires Financial Service Provider’s to conduct a Needs Analysis and obtain information from clients about their Financial Needs in order to provide them with applicable and beneficial products;
      4. Processing protects a legitimate interest of the client: it is in the client’s best interest to have a full and proper Needs Analysis performed in order to provide them with an applicable and beneficial product, this requires obtaining personal information;
      5. Processing is necessary for pursuing the legitimate interests of ETCL or of a third party to whom information is supplied: in order to provide clients with products both ourselves and our product suppliers and insurers need certain personal information from clients to make an expert decision on the unique and specific product they require.
  4. DISCLOSURE OF PERSONAL INFORMATION
    1. We may disclose the Personal Information of clients to our providers whose services or products clients elect to use. We have agreements in place to ensure that they comply with confidentiality and privacy conditions.
    2. We may also share personal information with, and obtain information about clients from third parties for the reasons already discussed in 2.4 above.
    3. 4.3 We may also disclose the information of clients where we have a duty or a right to disclose in terms of applicable legislation, the law or where it may be necessary to protect our rights.
  5. SAFEGUARDING CLIENTS INFORMATION
    1. It is a requirement of POPI to adequately protect the personal information we hold and to avoid unauthorised access and use of personal information. We will continuously review our security controls and processes to ensure that personal information is secure.
    2. The following procedures are in place in order to protect the personal information of clients. This list is not exhaustive:
      1. ETCL’s Information Officer is Gareth Collingwood whose details are available below and who is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI. Gareth Collingwood is assisted by Angela Klynhans who will function as the Deputy Information Officer;
      2. This policy has been put in place and training on this policy and the POPI Act takes place annually;
      3. Employment Contracts containing clauses pertaining to POPI have been drafted;
      4. Our archived client information is stored at either an offsite third party provider or safely in our own offices;
      5. All electronic files are backed up by an Authorised IT Service Provider who is also responsible for system security which protects third party access and physical threats;
      6. A security incident management register is kept to log any security incidents and to report on and manage said incidents;
      7. Consent to process client information is obtained from clients (or from a person who has been authorised to act on behalf of a client or a person authorised by the client to provide the client’s personal information) during the introductory, appointment and needs analysis stage of the relationship;
      8. We personally deliver to and instruct a professional shredding company to ensure proper destruction of personal information that is printed for whatsoever reason.
  6. ACCESS AND CORRECTION OF PERSONAL INFORMATION
    1. Clients have the right to access the personal information we hold about them. Clients also have the right to ask us to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, ETCL may no longer process the said personal information. We will take all reasonable steps to confirm the identity of our clients before providing details of their personal information or making changes to their personal information.
    2. The details of our Information Officer and office are as follows:
      1. Information Officer Details
        1. NAME: Gareth Collingwood
        2. TELEPHONE NUMBER: 031 765 5937
      2. Office Details
        1. ADDRESS: Mafavuke House, 28 Old Main Road, Hillcrest, 3610
  7. AMENDMENTS TO THIS POLICY

    Amendments to this Policy will take place on an ad hoc basis or at least once a year. In the instance where material changes take place clients will be notified directly.