Guardrisk respects your right to privacy and the confidentiality of your personal information. Our Privacy Policy, set out below, governs and sets out the manner in which Guardrisk will collect and treat your personal information based on your use of our website.
At Guardrisk Group (Pty) Ltd (“Guardrisk” or “We”), we are deeply committed to respecting your privacy and safeguarding your personal information. As part of our ongoing dedication to protecting your data, we adhere to the highest standards and legal frameworks in line with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and the Electronic Communications and Transactions Act 2002 (“ECT Act”). We take all reasonable measures to ensure the confidentiality, integrity, and security of your personal information. Guardrisk is committed to maintaining your privacy and handling your data responsibly, both during the course of our business relationship and for as long as required by law after you are no longer a client. Our commitment to protecting your personal information is reinforced by our compliance with the principles outlined in Section 51 of the ECT Act, which enshrines your right to privacy and to have your information kept secure. We recognize that your trust is vital, and we continually work to ensure that your personal data remains protected in accordance with all applicable laws and regulations. At Guardrisk, we value transparency and strive to provide you with peace of mind that your personal information is in safe hands.
At Guardrisk, we respect your privacy and are committed to safeguarding your personal information. We will only collect, disclose, process, and store (“use”) your personal information with your explicit written consent, unless required by law. The specific purpose for which your data will be used will be clearly disclosed to you in writing. We will not use your personal information for any other purpose without your further consent, unless legally obligated to do so.
.png)
POPIA defines personal information as any information that relates to an identifiable, living natural person, or, where applicable, an identifiable, existing legal entity. The individual to whom the personal information pertains is referred to as the "data subject".
The personal information collected by Guardrisk may include details such as the data subject's name, contact information, date of birth, identity number, gender, employment details, marital or family status, policy information, location data, online identifiers, bank account information, and medical or health records. When collecting personal information, Guardrisk – or a third party acting on its behalf – will inform the data subject of the purpose for which the information is being collected, and whether the information requested is mandatory or optional.
Personal information may be collected directly from you, your employer, or through third parties such as brokers, administrators, and other partners. If your data is obtained from sources other than you, we will inform you of the source.
Guardrisk takes all reasonable technical and organizational measures to protect your personal information from loss, misuse, or alteration. Your data will be securely stored in protected environments, such as secure servers in a protected data centre. For more information on how we ensure compliance with the Protection of Personal Information Act (POPIA), please refer to our full Public Privacy Policy.
.png)
Special personal information refers to sensitive data that is subject to additional protection under privacy laws due to its nature. This includes information about your religious or philosophical beliefs, race, ethnic origin, trade union membership, political opinions, health status, biometric data (such as fingerprints or facial recognition), and criminal history or alleged offences.
Examples of situations where special personal information may be collected include applying for health-related products, insurance policies, verifying your identity, or meeting legal requirements such as anti-money laundering regulations.
Because of the sensitive nature of this data, it is handled with extra care and only collected when necessary for specific purposes, and with your consent where required.
We may transfer your personal information to third parties in other countries under certain conditions, such as when the recipient country provides adequate protection for your data, when the transfer is necessary for a contract, or when you’ve given consent. Any transfer will comply with legal requirements and safeguards to ensure your information is protected. For example, your information may be transferred for international payments or when processing occurs within the Guardrisk Group’s global operations.
.png)
Under data privacy laws, you have several rights regarding your personal information, including the right to access, correct, or request copies of your data. You can ask us to stop processing, delete, or restrict the use of your data in certain situations, and withdraw consent if there is no other legal basis for processing. You may also request data portability, object to automated decisions, and lodge a complaint with the relevant data protection authority. It’s important to keep us updated with any changes to your personal information to ensure its accuracy.
We may use Automated Decision Making (ADM) technologies, including profiling, to provide you with products and services. ADM involves decisions made through algorithms or AI without human intervention. We ensure our use of ADM is legally justified and offer you rights to request human intervention, challenge decisions, and express your views. To maintain fairness, we implement regular audits, data minimisation, and anonymisation, as well as provide clear avenues for appeals and human review. Our goal is to protect your rights and ensure the integrity of ADM processes.
Guardrisk is the responsible party for all personal information collected and used in compliance with POPIA. We may share your data with selected third-party service providers and appointed operators to perform specific functions, ensuring all legal requirements are met. Your data will always be handled confidentially and in accordance with applicable laws.
.png)
Momentum Group has two centralized functions to address Cyber Security and Data Privacy: the IT Security function, which manages cyber security, and the Data Management function, which handles data privacy and security. Both functions report to the Group Exco and work closely together to ensure coordinated efforts in meeting all relevant requirements.
.png)
Employee training on Cyber Security and Data Privacy is a key part of ongoing compliance at Guardrisk. All employees are required to complete basic Cyber Security training, along with mandatory Data Privacy and Cyber Security awareness programs. The POPIA management program is actively overseen at the Momentum Group level, with full participation from all subsidiaries, including Guardrisk.
.png)
Our website may use web beacons (single-pixel gifs) to count page views and access cookies, but these do not collect or share any personal information. They are used solely to gather anonymous data about website activity.
We automatically collect Internet usage data, such as your IP address, browsing habits, and website activity, through server logs. This includes information like software version, system type, language settings, and the time spent on our site. Please note that other websites visited before ours may include personal information in your URL, over which we have no control.
.png)
Please contact us on POPIARequests@Guardrisk.co.za should you wish to get in touch. Contact Details of the Regulator: Should you believe that Guardrisk has utilised your personal information contrary to Applicable Laws, you undertake to first attempt to resolve any concerns with Guardrisk. If you are not satisfied with such process, you may have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
The Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein,
Johannesburg, 2001 P.O. Box 31533, Braamfontein, Johannesburg, 2017
