Guardrisk Privacy Notice

Guardrisk Group (Pty) Ltd (“Guardrisk”) respects the right to privacy and confidentiality of our potential and existing client’s personal information. We are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently. This notice extends to all entities within Guardrisk Group (Pty) Ltd.

The purpose of this notice

This privacy notice is meant to help you understand the type of personal information Guardrisk collects and how we collect, use, share and protect your personal information. Guardrisk subscribes to the conditions of the Protection of Personal Information Act 4 of 2013 (POPIA) as well as the principles set out in Section 51 of the Electronic Communications and Transactions Act 25 of 2002 to make sure that you are always protected when supplying us with personal information.

What is personal information?

POPIA describes personal information as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.

Examples of personal information include, but are not limited to, contact information, financial information, information relating to race, gender, sexual orientation, age, contact details, identity number, religion, name, culture, language and nationality. The person to whom personal information relates is referred to as the “data subject”.

What type of personal information does Guardrisk collect?

The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose. When personal information is collected, Guardrisk will indicate the purpose for the collection and whether the information required is compulsory or voluntary.

Personal information collected by Guardrisk can include a data subject’s name, contact details, birth date, identity number, gender, employment details, marital status, family, policy details, claims history location information, online identifier, bank account, medical, financial information or health information.

How does Guardrisk collect personal information?

Guardrisk collects information either directly from the data subject, the employer or through intermediaries. In certain instances, Guardrisk may request third parties to collect on its behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.

Use of personal information

After obtaining consent, the personal information collected or held by Guardrisk may be used, stored, transferred or disclosed or shared only for the purposes for which it was collected or agreed with you. This may include:

  • For underwriting purposes;
  • To assess and process claims;
  • Providing on-going administration services for the duration of the contract;
  • Fulfilling a transaction on request of a data subject;
  • To respond to your inquiries and/or complaints;
  • To confirm and verify your identity or to verify that you are an authorised person for security purposes;
  • For the detection and prevention of fraud, crime, money laundering or other malpractice.
  • For any other purpose associated with your policy/contract or applicable legislation

Records of personal information will be retained for the period necessary for achieving the purpose for which the information was collected and as prescribed by applicable legislation. Please note that you have a right to object to the processing of your personal information for example for purposes of direct marketing, unless consent was obtained from you.

Methods of processing

Data processing is carried out using computers and/or IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In some cases, the data may be accessible to certain types of persons in charge, involved with the operations inside Guardrisk (underwriting, compliance, marketing, legal, system administration, etc.) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by Guardrisk.

Sharing of personal information

Guardrisk will only share your personal information with third parties if you have consented to such disclosure. If consent has been obtained, the company may share your personal information with third parties who are involved in the delivery of services to you. We have agreements in place to ensure that they comply with POPIA.

Where Guardrisk discloses personal information to any third parties, the third party will be obliged to use that personal information only for the reasons and purposes it was disclosed for. We may be obliged to share your personal information to the extent that it is required to do so by law, for the purposes of achieving the objectives of your policy/contract, in connection with any legal proceedings or prospective legal proceedings, or for the purposes of protecting the interest of clients, for example fraud prevention or to give effect to an agreement.

Securing personal information

Guardrisk processes the data of data subjects in a proper manner and shall take all reasonable technical and organisational security measures to prevent loss of, damage of personal information, unauthorised access, disclosure, modification, or unauthorised destruction of the data. The company will store all the personal information in secured environments, for example on secured servers in a protected data centre.

Right to access and rectify personal information collected

You have the right to request to review your personal information contained by Guardrisk at any time to correct or update the information. If the purpose for which your personal information was requested initially does not exist anymore, for example you no longer have an active contract, you may request information held by the company to be removed. However, Guardrisk can decline your request to delete the information from its records if other legislation requires the continued retention thereof or if it has been de-identified.

If you would like to obtain a copy of your personal information held by Guardrisk, please review our information manual located at www.guardrisk.co.za

Disclaimer

The disclaimer set out below applies to this website

Apart from the provisions of sections 43(5) and 43(6) of the Electronic Communications and Transactions Act, as amended, neither Guardrisk nor any of its agents or representatives shall be liable for any damage, loss or liability of whatsoever nature arising from the use or inability to use this web site or the services or content provided from and through this web site. Furthermore, Guardrisk makes no representations or warranties, implied or otherwise, that, amongst others, the content and technology available from this website are free from errors or omissions or that the service will be 100% uninterrupted and error free. Users are encouraged to report any possible malfunctions and errors to the webmaster.

Information, ideas and opinions expressed on this site should not be regarded as professional advice of Guardrisk, but users are encouraged to consult professional advice before taking any course of action related to information, ideas or opinions expressed on this site.

Neither Guardrisk nor any of its agents or representatives shall be liable for any damage, loss or liability of whatsoever nature arising from the use or inability to use this web site or the information on this web site.

We take reasonable and necessary precautions to secure your transactions on our website - however, we cannot guarantee the confidentiality of your transactions. Using this website is entirely at your own risk. Guardrisk will not be held legally responsible for any personal information that you reveal to a third party, which has a link on the www.guardrisk.co.za website. It is important that you refer to that third party's privacy notice before you reveal any of your personal information.

Analytics

Services contained in this section enable Guardrisk to monitor and analyse web traffic and can be used to keep track of user behavior. Google Analytics and Hotjar may be used. These are web analysis service providers that utilize the data collected to track and examine the use of the Guardrisk website, to prepare reports on its activities to improve the site's user experience and performance. Each web service provider is responsible for adherence to relevant data protection rules which can be obtained via their own Privacy Notice.
https://www.hotjar.com/legal/policies/privacy
https://policies.google.com/privacy

Cookies and usage data

  • Place of processing: US
  • A cookie is a small text file stored on your device by the website you are visiting.
  • The Guardrisk website may make use of cookie and tracking technology, where information that you send while on the website, is saved on your hard drive. This allows the Guardrisk website to recognise you on your next visit. This technology is useful for gathering information, such as the type of browser and operating system you use. The information will enable us to track the number of visitors to our website and understand how visitors use it. Personal information cannot be collected via cookie technology.
  • You can limit the collection of your information by disabling cookies on your browser. You may also be able to modify your browser settings to require your permission each time a site attempts to set a cookie. However, Guardrisk relies on cookies to enable certain functionality. If you choose to disable cookies, you will still have access to the website and its functions, but some of the services available on our website may not work properly.
  • This privacy notice may be amended from time to time without any notice to you. Every time you use our website, you are automatically bound to the privacy notice that is current at that moment.

Managing Data Privacy at Board Level and Reporting Frequency

Guardrisk Group’s data governance matters are managed and reported at the Momentum Metropolitan Board Risk Capital and Compliance Committee (BRCC), a sub-committee of the Board, accountable to address and manage the risk of data privacy and cyber security. The BRCC follows the board cycle and convenes on a quarterly basis. The Momentum Metropolitan Group Chief Risk Officer (CRO) is the business representative on BRCC for data privacy, data security and cyber security. The Momentum Metropolitan Chief Risk Officer provides guidance and input regarding appropriate Risk Management.

Employee Training on Cyber Security and Data Privacy

Employee Training on Cyber Security and Data Privacy forms part of ongoing compliance training. Cyber Security training is currently further required as a basic compliance training that all employees must complete. As part of the POPIA management programme, there is a specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff.

Centralised Cyber Security and Data Security Functions and Coordination

To deal with Cyber Security and Data Privacy, two separate centralised functions exist. The IT Security environment includes managing cyber security as a capability and the Data Management environment deals with the aspects of data privacy and extended data security and privacy which is enabled through IT security.

Updating this Notice

Please note that we may amend this Notice from time to time. Please check this website periodically to inform yourself of any changes

Guardrisk’s Privacy Policy

Our Privacy Policy governs the manner in which Guardrisk treats your personal information, collected electronically when you use our website, to apply online for certain products and services, contact us electronically or register for one of the services we offer on the website.

How to Contact us

This Privacy Notice applies to Guardrisk Group (Pty) Ltd, incorporating all its operating entities.
Please direct any questions, complaints or concerns regarding this privacy notice, data privacy and our treatment of your Personal Information to the following:

dataprivacy@mmltd.co.za

Upon receiving your request, we will contact you directly, investigate your request, and work to address your concerns. We will respond to your request without undue delay. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.

INFORMATION REGULATOR

If you are not satisfied with the manner in which Guardrisk has handled and/or resolves your query, complaint or concern, you have the right to complain to the Information Regulator, whose contact details are:
Tel: 012 406 4818
Fax: 086 500 3351
Email: inforeg@justice.gov.za


Privacy Notice