Introduction
i-Fundi is a private education institute. This document outlines its privacy policy when visiting the i-Fundi website.
For the purposes of this policy, clients refers to both potential and existing clients.
Ifundi undertakes to only collect and process client’s personal information pertaining to the client’s educational or financial needs.
The nature of the information required depends on the nature of client’s needs and the purpose and requirements for which the information must be collected.
Wherever possible Ifundi will inform the client of the information required, information that is optional and the reasons for same.
Examples of personal information that Ifundi may collect in order to render services to its clients include, but is not limited to:
- Client’s identity/passport numbers
- Client’s names, surnames, addresses and proof thereof (as per FICA requirements), postal codes, marital status and number of dependents
- Description of client’s places of residence, businesses, assets, bank statements and/or financial information, proof of banking details etc.
Any other relevant information required by Ifundi in order to render services to the client as may be required and/or permissible in law.
Ifundi also lawfully collects and processes their client’s personal information for marketing purposes subject to the client’s knowledge and consent in order to ensure that our services and products remain relevant to our clients and to potential clients.
Ifundi aims to have agreements in place with all product suppliers, insurers and third-party service providers to ensure a mutual understanding with regard to the protection of the client’s personal information.
Ifundi undertakes to make use of service providers and third parties who are committed to upholding the underpinning values of POPI and data protection.
No confidential information is shared with third parties or service providers without the client’s prior consent.
- USE OF PERSONAL INFORMATION
Client’s personal information will only be used for the purpose and to the extent that it is necessary and relevant for Ifundi to supply services and goods to the client.
This may include, but is not limited to:
- Providing products or services to clients and to carry out the transactions requested
- For providing accredited educational programmes
- For assessment and reporting purposes insofar as accreditation may be required
- For underwriting purposes
- Assessing and processing claims
- Conducting credit reference searches or verification
- Confirming, verifying, and updating client details
- For the purposes of verifying client history
- To prevent crime, fraud, money laundering or any other malpractices
- To comply with any law, statute, or regulation
- To conduct audits and for recordkeeping purposes
- In connection with legal proceedings
- Providing services to clients, rendering services requested by clients and maintaining client relationships.
The aforementioned categories of personal information are processed inter alia in accordance with section 10 of POPI. Such personal information may only be processed if certain conditions, listed below are met and accompanied by supporting documentation:
- The client’s full and informed consent is obtained; and
- The information to be processed is necessary, adequate, and relevant and is causally linked to the purpose for which it is being collected.
- The collection of such information must not be excessive.
- Processing of personal information complies with an obligation imposed by law on the Ifundi group.
- The processing protects a client’s legitimate interest, and it is in the client’s best interests to disclose the personal information
- Processing is necessary for pursing the legitimate interests of the Ifundi group or a third-party/supplier whose services clients elect to use.
- The Ifundi group assures that it has agreements in place with its employees, contractors, suppliers and third parties to whom personal
- information is supplied to uphold data protection and privacy.
- DISCLOSURE OF PERSONAL INFORMATION
Ifundi may disclose a client’s personal information to any of the Ifundi subsidiaries and or approved/verified product or third-party service providers whose services or products clients elect and consent to use or use as a consequence of their agreement with the Ifundi group.
Confidentiality and data protection agreements are in place to adequately protect personal information and uphold the privacy of the data subject.
Ifundi may also share client personal information with and obtain information for third parties or service providers for reasons mentioned above.
Ifundi may also disclose a client’s information where it has a duty or a right to disclose same in terms of any applicable legislation, regulation or where it is deemed necessary to protect Ifundi’ rights.
- SAFEGUARDING OF CLIENT INFORMATION
It is a requirement of POPI to adequately protect personal information Ifundi commits to continuously reviewing its security measures and processes to ensure that personal information is kept secure.
The following procedures are in place in order to protect personal information:
- The policy has been put in place throughout the Ifundi group and training on this policy and the POPI Act will be implemented and put in place for all staff contractors and/or any other interested or relevant parties.
- Every employee in the Ifundi group will be required to sign an addendum to their employment contracts containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of the POPI Act.
- Every employee currently employed within the Ifundi group will be required to sign an addendum to their employment contracts containing the relevant clauses for the use, storage and protection of any relevant data subject’s personal information including, but not limited to, suppliers, clients and third parties.
- Archived information is stored securely on site in accordance with POPI with limited access to authorised personnel only.
- Any personal information in hard-copy form is kept for the time required by law and destroyed thereafter through the use of appropriate equipment.
- Ifundi suppliers, insurers and third-party service providers will be required to sign service level agreements guaranteeing their commitment and compliance with POPI.
- All electronic files and data are securely backed up and stored on internal and third-party servers that have the requisite security measures in place to prevent data breaches and physical threats.
- Consent to process client’s information is obtained from clients (or such a person who is duly authorised to act on the client’s behalf) during the commencement of any relationship.
- ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
Clients have the right to access their personal information as data subjects insofar as it is being held by Ifundi.
Clients have the right to request that their personal information be updated, changed, corrected and/or deleted on reasonable grounds subject to verification and necessary approval.
Should a client object to the processing of their personal information or making changes to their personal information, the Ifundi group shall no longer process said personal information.
Ifundi takes all reasonable steps to confirm its clients ‘identities before providing any details of their personal information or making changes to their personal information.
HEAD OFFICE DETAILS:
PHYSICAL ADDRESS: 155 West Street, 2196
POSTAL ADDRESS: P.O Box 785932 Sandown 2031
TELEPHONE NUMBER: (010)880 1806
EMAIL ADDRESS: info@ifundi.co.za
- AMENDMENTS TO POLICY
Any amendments to, or reviewing of, this policy shall take place on an ad hoc basis or on an annual basis.
Clients are always advised to access the Ifundi website periodically to stay informed of any changes to our policies.
Should any material changes be affected, Ifundi shall inform affected parties.
- RECORDS THAT CANNOT BE FOUND
Should any records held by Ifundi for whatsoever reason or cause arising go missing or are destroyed (including but not limited to force majeure events), the data subject will be notified by way of a sworn affidavit. The affidavit deposed to by a duly authorised representative of Ifundi shall make reference to how the records were lost, misplaced and/or destroyed.
PART B
POLICY ON THE RETENTION AND CONFIDENTIALITY OF DOCUMENTS,
PERSONAL INFORMATION AND ELECTRONIC TRANSACTIONS
- PURPOSE
- To exercise effective control over the retention of documents and electronic transactions as prescribed by law and as dictated by business practice.
- Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. Documents are also necessary with regards to any litigation which may subsequently arise to protect Ifundi rights in law.
- To ensure that the Company’s rights in law remain protected and that the Company and its client’s privacy and confidentiality is not breached.
- To ensure that the Company’s interests are protected and that the Company’s and client’s rights to privacy and confidentiality are not breached.
- Queries may be referred to the Head Office.
- SCOPE AND DEFINITIONS
All documents and electronic transactions generated within and/or received by the Company.
Definitions
- “Clients” includes, but is not limited to, shareholders, debtors, students, creditors as well as any affected personnel and/or departments related to a service division of the Company.
- “Confidential Information” refers to all information or data disclosed to, or obtained by, the Company through any means whatsoever and shall include, but not be limited to:
- financial information and records
- all other information, including information relating to the structure, operations, processes, intentions, product information,
- know-how, trade secrets, market opportunities, customers and business affairs subject to where lawful disclosure is required.
- “Constitution” refers to the Constitution of the Republic of South Africa, 108 of 1996.
- “Data” refers to electronic representations of information in any form.
- “Documents” includes books, records, security or account and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro-mechanically or optically, or in any other form.
- “ECTA” refers to the Electronic Communications and Transactions Act, 25 of 2002.
- “Electronic communication” refers to communication by means of data messages.
- “Electronic signature” refers to data attached to, incorporated in or logically associated with other data and which is intended by the user to serve as a signature.
- “Electronic transactions” refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
- “Electronic transactions” includes electronic mails sent and received.
- “PAIA” refers to Promotion of Access to Information Act, 2 of 2002.
- ACCESS TO DOCUMENTS
All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear or redress, in the following circumstances (see clause 4.2 below):
- where disclosure is under compulsion of law.
- where there is a duty to the public to disclose any information in the public interest;
- where there is an interest to disclose on behalf of the company; and
- where disclosure is made with the express or implied consent of the data subject.
DISCLOSURE TO 3RD PARTIES:
All employees have a duty of confidentiality in relation to the company and clients. In addition to the provisions of the clause above, the following are also applicable:
- We acknowledge our client’s right to confidentiality and privacy as contained in the provisions of the Constitution and the ECTA.
- Clients may consent in writing to have their personal information shared with third parties.
- Requests for information are dealt with in accordance with the governing provisions of PAIA, however, the Company may refuse access to such information for any lawful reasons whatsoever, including compliance with the provisions of POPI.
- Parties requesting such information are required to do so in writing, stating their reasons therefore, and may undertake to pay any such fees as may be applicable to retrieve and access same.
- Confidential company and/or business information may not be disclosed to third parties as this could constitute a breach of intellectual property rights and allude to corporate espionage. The affairs of the company are to be kept confidential at all times.
The company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary proceeding
- STORAGE OF DOCUMENTS
HARD COPIES
- Hard copies are stored on secure archiving premises with limited authorised access to authorised personnel only.
- All hard copies are kept for 7 years in accordance with the provisions of the Companies Amendment Act, 3 of 2011 or for any other time period as specified and stipulated by law, including, but not limited to, the National Credit Act, 34 of 2005; the Consumer Protection Act, 68 of 2008; the Financial Advisory and Intermediary Services Act, 37 of 2002; the Financial Intelligence Centre Act, 38 of 2001; the Compensation for Occupational Injuries and Diseases At, 130 of 1993; Basic Conditions of Employment Act, 75 of 1997; Employment Equity Act, 55 of 1998; Labour Relations Act, 66 of 1995; Unemployment Insurance Act, 63 of 2002; Tax Administration Act, 28 of 2011; Income Tax Act, 58 of 1962; Value Added Tax Act, 89 of 1991.
- Any other documents required by law to be retained indefinitely are stored accordingly.
ELECTRONIC STORAGE
- The internal procedure requires that electronic storage of information is overseen by the IT department and CIO who arrange for the secure storage, indexing and retrieval thereof.
- Scanned documents: If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 year after the date of scanning, with the exception of documents pertaining to personnel.
- Any document containing information on the written particulars of an employee, including: employee’s name and occupation, time worked by each employee, remuneration and date of birth of an employee under the age of 18 years; must be retained for a period of 3 years after termination of employment.
- Section 51 of the Electronic Communications Act No 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is used.
- It is also required that all personal information which has become obsolete must be destroyed.
- DESTRUCTION OF DOCUMENTS
- Documents may be destroyed after the termination of the retention period specified in Annexure “A” hereto. Registration will request departments to attend to the destruction of their documents and these requests shall be attended to as soon as possible.
- Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file.
- Original documents must be returned to the holder thereof, failing which, they should be retained by the Company pending such return.
- After completion of the process in 6.2 above, the General Manager of the department shall, in writing, authorise the removal and destruction of the documents in the authorisation document. These records will be retained by Registration.
- The documents are then made available for collection by the removers of the Company’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
- Documents may also be stored off-site, in storage facilities approved by the Company