Guardrisk Group (Pty) Ltd (“Guardrisk”) respects the right to privacy and confidentiality of our potential and existing client’s personal information. We are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently. This notice extends to all entities within Guardrisk Group (Pty) Ltd.
This privacy notice is meant to help you understand the type of personal information Guardrisk collects and how we collect, use, share and protect your personal information. Guardrisk subscribes to the conditions of the Protection of Personal Information Act 4 of 2013 (POPIA) as well as the principles set out in Section 51 of the Electronic Communications and Transactions Act 25 of 2002 to make sure that you are always protected when supplying us with personal information.
POPIA describes personal information as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
Examples of personal information include, but are not limited to, contact information, financial information, information relating to race, gender, sexual orientation, age, contact details, identity number, religion, name, culture, language and nationality. The person to whom personal information relates is referred to as the “data subject”.
The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose. When personal information is collected, Guardrisk will indicate the purpose for the collection and whether the information required is compulsory or voluntary.
Personal information collected by Guardrisk can include a data subject’s name, contact details, birth date, identity number, gender, employment details, marital status, family, policy details, claims history location information, online identifier, bank account, medical, financial information or health information.
Guardrisk collects information either directly from the data subject, the employer or through intermediaries. In certain instances, Guardrisk may request third parties to collect on its behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.
After obtaining consent, the personal information collected or held by Guardrisk may be used, stored, transferred or disclosed or shared only for the purposes for which it was collected or agreed with you. This may include:
Records of personal information will be retained for the period necessary for achieving the purpose for which the information was collected and as prescribed by applicable legislation. Please note that you have a right to object to the processing of your personal information for example for purposes of direct marketing, unless consent was obtained from you.
Data processing is carried out using computers and/or IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In some cases, the data may be accessible to certain types of persons in charge, involved with the operations inside Guardrisk (underwriting, compliance, marketing, legal, system administration, etc.) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by Guardrisk.
Guardrisk will only share your personal information with third parties if you have consented to such disclosure. If consent has been obtained, the company may share your personal information with third parties who are involved in the delivery of services to you. We have agreements in place to ensure that they comply with POPIA.
Where Guardrisk discloses personal information to any third parties, the third party will be obliged to use that personal information only for the reasons and purposes it was disclosed for. We may be obliged to share your personal information to the extent that it is required to do so by law, for the purposes of achieving the objectives of your policy/contract, in connection with any legal proceedings or prospective legal proceedings, or for the purposes of protecting the interest of clients, for example fraud prevention or to give effect to an agreement.
Guardrisk processes the data of data subjects in a proper manner and shall take all reasonable technical and organisational security measures to prevent loss of, damage of personal information, unauthorised access, disclosure, modification, or unauthorised destruction of the data. The company will store all the personal information in secured environments, for example on secured servers in a protected data centre.
You have the right to request to review your personal information contained by Guardrisk at any time to correct or update the information. If the purpose for which your personal information was requested initially does
not exist anymore, for example you no longer have an active contract, you may request information held by the company to be removed. However, Guardrisk can decline your request to delete the information from its records
if other legislation requires the continued retention thereof or if it has been de-identified.
If you would like to obtain a copy of your personal information held by Guardrisk, please review our information manual located at www.guardrisk.co.za
Apart from the provisions of sections 43(5) and 43(6) of the Electronic Communications and Transactions Act, as amended, neither Guardrisk nor any of its agents or representatives shall be liable for any damage, loss or
liability of whatsoever nature arising from the use or inability to use this web site or the services or content provided from and through this web site. Furthermore, Guardrisk makes no representations or warranties,
implied or otherwise, that, amongst others, the content and technology available from this website are free from errors or omissions or that the service will be 100% uninterrupted and error free. Users are encouraged to
report any possible malfunctions and errors to the webmaster.
Information, ideas and opinions expressed on this site should not be regarded as professional advice of Guardrisk, but users are encouraged to consult professional advice before taking any course of action related to information, ideas or opinions expressed on this site.
Neither Guardrisk nor any of its agents or representatives shall be liable for any damage, loss or liability of whatsoever nature arising from the use or inability to use this web site or the information on this web site.
We take reasonable and necessary precautions to secure your transactions on our website - however, we cannot guarantee the confidentiality of your transactions. Using this website is entirely at your own risk. Guardrisk will not be held legally responsible for any personal information that you reveal to a third party, which has a link on the www.guardrisk.co.za website. It is important that you refer to that third party's privacy notice before you reveal any of your personal information.
Services contained in this section enable Guardrisk to monitor and analyse web traffic and can be used to keep track of user behavior. Google Analytics and Hotjar may be used. These are web analysis service providers
that utilize the data collected to track and examine the use of the Guardrisk website, to prepare reports on its activities to improve the site's user experience and performance. Each web service provider is responsible
for adherence to relevant data protection rules which can be obtained via their own Privacy Notice.
Guardrisk Group’s data governance matters are managed and reported at the Momentum Metropolitan Board Risk Capital and Compliance Committee (BRCC), a sub-committee of the Board, accountable to address and manage the risk of data privacy and cyber security. The BRCC follows the board cycle and convenes on a quarterly basis. The Momentum Metropolitan Group Chief Risk Officer (CRO) is the business representative on BRCC for data privacy, data security and cyber security. The Momentum Metropolitan Chief Risk Officer provides guidance and input regarding appropriate Risk Management.
Employee Training on Cyber Security and Data Privacy forms part of ongoing compliance training. Cyber Security training is currently further required as a basic compliance training that all employees must complete. As part of the POPIA management programme, there is a specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff.
To deal with Cyber Security and Data Privacy, two separate centralised functions exist. The IT Security environment includes managing cyber security as a capability and the Data Management environment deals with the aspects of data privacy and extended data security and privacy which is enabled through IT security.
Please note that we may amend this Notice from time to time. Please check this website periodically to inform yourself of any changes
This Privacy Notice applies to Guardrisk Group (Pty) Ltd, incorporating all its operating entities.
Please direct any questions, complaints or concerns regarding this privacy notice, data privacy and our treatment of your Personal Information to the following:
Upon receiving your request, we will contact you directly, investigate your request, and work to address your concerns. We will respond to your request without undue delay. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.
If you are not satisfied with the manner in which Guardrisk has handled and/or resolves your query, complaint or concern, you have the right to complain to the Information Regulator, whose contact details are:
Tel: 012 406 4818
Fax: 086 500 3351