Privacy Policy

THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT POLICY

The Protection of Personal Information (POPI) Act requires us to inform clients how we use and disclose their personal information obtained from them. We are committed to protecting our clients’ privacy and will ensure that clients’ personal information is used appropriately, transparently and according to applicable law. Your right to privacy and security is very important to us. We, the Group, treat personal information obtained as private and confidential and are committed to providing you with secure access to our services.

This Privacy Policy tells you how we will process and protect your personal information. It should be read together with our Terms of Service, which outlines what services we provide, how we provide our services and what we do with your personal information. It is important that you read, understand and accept our Terms of Service if you would like to use our services.

1. Personal information

Personal information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information. Because of the sensitivity of some personal information, we ensure that the way we process your personal information complies fully with POPIA.

This Privacy Policy applies to any of your personal information that we collect and process through our website www.registeredfinancialadvice.co.za and or which you authorise us to collect from third parties.

You will see that some of the words listed in this Privacy Policy are in italics. Those words are defined in POPIA and those definitions apply to this Privacy Policy. For example, under POPIA, you are defined as a data subject.

Our Privacy Policy terms may change from time to time. When we change them, the changes will be made on our website. Please ensure that you visit our website and regularly read this Privacy Policy. Although we do not promise to do so, we may give you notice of any changes we think are important.

2. Your rights under this Privacy Policy

You have the right to have your personal information processed lawfully. Your rights include the right:

  • To be notified that your personal information is being collected or that your personal information has been accessed or acquired by an unauthorised person,g. where a hacker may have compromised our computer system;
  • To find out whether we hold your personal information and to request access to your personal information;
  • To request us to, where necessary, correct, destroy or delete your personal information;
  • To object, on reasonable grounds, to the processing of your personal information;
  • To object to the processing of your personal information for purposes of direct marketing, including by way of unsolicited communications;
  • Not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your personal information;
  • To submit a complaint to the Regulator if you believe that there has been interference with the protection of your personal information, or if you believe that an independent adjudicator who may be resolving your complaint against us has not decided the matter correctly; and
  • To institute civil proceedings against us if you believe that we have interfered with the protection of your personal information.

3. Types of personal information collected and how we collect it

We collect and process clients’ personal information mainly to provide our clients with access to the services and products of the providers with whom we have contractual agreements in place and to help us improve our services to our clients. The type of information we collect may depend on the need for which it is collected and will be processed for that specific purpose only. Where possible, we will inform the client what information is required to be provided to us and what information is optional.

We collect and process your personal information mainly to provide you with access to our services and products (and all other activities and processes incidental thereto), to help us improve our offerings to you and for certain other purposes explained below.

The type of information we collect will depend on the purpose for which it is collected and used (processed). We will only collect information that we need for that specific purpose.

Examples of personal information we collect are as follows (but not limited to):

Your first and last name, identity number, email address, a home / postal or other physical address, other contact information, your title, birth date, gender, marital status, details of a driving license, occupation, qualifications, past employment, residency status, your investments, assets, liabilities, insurance (including previous insurance and claims experience), income, expenditure, family history, medical information, telephone recordings of conversations, emails, your banking details, premiums paid and information relating to claims and other investigations (including reports and photos).

We collect information directly from you, where you provide us with your personal details, for example, when you purchase products or services from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.

We also collect information about you from other sources, as explained below. 

With your consent, we may also supplement the information that you provide to us with information we receive from other companies, such as Product Providers or other Financial Services Providers, in order to offer you a more consistent and personalised experience in your interactions with us.

We will not intentionally collect and process the personal information of a child unless we have the permission of a competent person. The examples of Collection are summarised below (but not limited to):

  • Our Computer Systems,
  • Our Website,
  • Insurance, Investment, Customer Due Diligence and other Proposal and Application Forms,
  • Previous and Current Insurance, Investment or other Policies or Schedules (Provided via Astute with Your Consent or by You Directly),
  • Claim Forms,
  • Telephone Calls,
  • Emails,
  • Business Partners, such as Product Providers, Assessors, Brokers, etc.
  • Social Media Platforms, such as WhatsApp, Facebook, etc.

4. How we use your information

Given our aim to provide you with ongoing financial services, we would like to use your information to keep you informed about other financial products and services which may be of particular interest to you. You may also give and withdraw consent and tell us what your communication preferences are.

We do not and will not sell personal information to a third party. We may disclose your personal information to our service or product providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms.

We may share your personal information with, and obtain information about you from (read with examples of collection):

  • Third parties for the purposes listed above, for example, contracted product providers or insurers, astute, credit reference and fraud prevention agencies, law enforcement agencies, banks, etc.,
  • Other insurers to prevent fraudulent claims,
  • Other companies (as mentioned above), when we believe it will enhance the services and products we can offer to you, but only where you have not objected to such sharing,
  • Other third parties from whom you have chosen to receive marketing information,
  • Third parties or service providers such as IT providers, system administrators, collection agencies, etc. that enable us to operate as a Close Corporation, a Financial Services Provider and an Accountable or Non-Accountable Institution.

5. How consent is obtained

In order to use our services, you need to accurately complete a number of internal forms and documents available from us. These forms require that you provide us with certain personal information which, includes, but is not limited to, your name, email address, identity number, proof of address, contact numbers, and proof of banking.

We also obtain your consent when you complete the forms, allowing us to proceed with the business transaction.

If you do not agree with any part of this Privacy Policy, please request Form 1* from our Chief Information Officer, Florian Wohl, complete it and return it to florian@rfadvice.com.

*Form 1: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION

Please request and refer to our PAIA manual for the procedure to be followed if you wish to gain access to your personal information that we hold.

6. How we use your personal information

6.1. The personal information that we collect from you will be used to provide the following services:

We will use your personal information only for the purposes for which it was collected or as agreed with you. Examples include, but are not limited to, the following:

  • To provide our products or services to you, to carry out the transaction you requested and to maintain our relationship,
  • For underwriting purposes,
  • To assess and process claims and to take recovery action,
  • To confirm and verify your identity for security purposes and update your details,
  • To perform customer due diligence or enhanced customer due diligence processes as required by the money laundering and terrorist financing legislative framework,
  • For operational purposes and where applicable, credit scoring and assessment and credit management,
  • For purposes of claim checks,
  • For the detection and prevention of fraud, crime, money laundering or other malpractice,
  • To conduct market or customer satisfaction research or for statistical analysis,
  • Resolving complaints,
  • For audit and record-keeping purposes, and
  • In connection with legal proceedings.

We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or that apply to us, or when it is otherwise allowed by law.

We will only transfer your personal information outside the borders of South Africa with your consent and where the privacy legislation is of a high standard. We do not use your personal information for marketing purposes without your consent.

7. Retention, amendment and destruction of personal information

7.1. We only retain your personal information for a period necessary to achieve the purpose we collected it for, unless the longer retention of your personal information is required or authorised by law. Once we have achieved that purpose, we will, as soon as reasonably practicable, destroy or delete the record of your personal information in accordance with the provisions of POPIA. 

We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of personal information. We will, on an ongoing basis, continue to review our security and risk management controls and related processes to ensure that your personal information is secure.

Our risk management (security) policies and procedures cover:

  • Physical security,
  • Computer and network security,
  • Access to personal information,
  • Secure communications,
  • Security in contracting out activities or functions,
  • Retention and disposal of information,
  • Acceptable usage of personal information,
  • Governance and regulatory issues,
  • Monitoring access and usage of private information,
  • Investigating and reacting to security incidents.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them (our confidentiality agreements) to ensure that personal information that we remain responsible for is kept secure.

We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.

Personal Information is securely stored on administrative systems, computer systems, servers (in and outside South Africa), laptops, filing cabinets and OneDrive (cloud).

Your personal information is stored for a minimum of five years after the cancellation or termination of the transaction or business relationship in accordance with applicable legislation. We will take reasonable steps to destroy or de-identify your personal information when the law no longer requires us to retain or keep it.

7.2. It’s important that your personal information is up to date and accurate.

8. Transfer of personal information to third parties

8.1. In order for us to carry out our obligations in terms of the services concluded between ourselves and you, we may need to pass your personal information on to third parties, such as our product providers. This Privacy Policy records your consent to us passing your personal information to those third parties. 

8.2. We will ensure that your personal information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your personal information to a third-party operator, we will ensure that the operator processes and protects your personal information using reasonable technical and organisational measures that are equal to or better than ours.

9. Where we store your personal information

Protecting your personal information is very important to us. We store your information on a secure database within a server either hosted in the cloud in South Africa, or in our access-controlled server room, behind a firewall.

10. Transborder transfer of personal information

10.1. We will not transfer any personal information collected from you outside the borders of South Africa.

10.2. In the event that we transfer or store your personal information outside South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your personal information is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection.

11. How we use cookies or other personal identification software

11.1. Our websites use cookies. Cookies are small software programmes that install themselves on your computer or your mobile device. They are intended to make your experience of visiting and navigating through our website easier and more pleasant. Cookies may collect personal information such as the identity of your computer or mobile device and your location.

11.2. If you do not want cookies to be installed on your computer or mobile device, please do not use our website. This means that you will not be able to use our services. By using our website, you consent to cookies, including Google Analytics, being installed on your computer or mobile device.

12. Information Security

12.1. We will secure the integrity and confidentiality of your personal information in our possession or under our control. We will do this by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of your personal information; and unlawful access to or processing of your personal information.

12.2. We have installed a firewall network security system to protect all your personal information that is stored in the cloud and on our premises. We have put in place managed security services which maintain and manage our firewall.

12.3. We have also restricted the number of persons who can access your personal information to only our staff members who are required to work on your personal information.

12.4. While we will take every reasonable measure to protect your personal information, it is very important that you maintain control over your account and/or information. You should prevent anyone from accessing your account or information by not disclosing your account details, i.e. usernames, passwords or any information associated with your account.

13. Objecting to the processing of data for advertising purposes

Data subjects have the right to object at any time to the processing of personal data for direct marketing purposes. If a data subject objects, we will no longer process such personal data. Objections must be addressed to our Information Officer. Their details are provided below.

14. Business contact via our website

If a data subject is a business contact who has provided us with personal data, we will store such personal data in our database so that we can follow up on previous business conversations, provide the data subject with additional information about our services and/or assist the User with related services.

15. Email / direct mail campaign data

From time to time, we may contact our clients (data subjects) directly by mail, email, or telephone to provide information concerning new products and services. We will, however, not contact data subjects with any commercial communications that are unrelated to the services provided by us. When responding to one of these campaigns, data subjects may elect to provide us with personal information, which will be used for the purpose indicated.

16. Survey data

From time to time, we may conduct surveys in respect of our service delivery. Participation in these surveys is optional. If, however, data subjects respond to one of the surveys, they may elect to provide us with personal information. Unless a data subject otherwise consents, we will only use the information to determine the type/s of services that may be of interest to the User and to operate and improve our service offerings.

17. Policy amendments

We may amend and/or update these standard terms and conditions at any time. Data subjects are encouraged to frequently check our website for the purposes of familiarising themselves with these standard terms and conditions, particularly in so far as they relate to the protection of personal information. Data subjects acknowledge and agree that it is their responsibility to review these standard terms and conditions periodically and become aware of any amendments and/or updates.

18. Sale of business

In the event of a change in control of the business, an acquisition by another company or preliminary discussions to that effect, the personal data of data subjects may be included as part of the process so that the acquirer can continue to serve you effectively.

19. Acceptance of standard terms and conditions

By using our website, the data subject signifies acceptance of these standard terms and conditions. If a data subject does not agree to these terms and conditions, they are advised not to use our website. The continued use of the website following the posting of updates and/or amendments to these standard terms and conditions will be deemed to be an acceptance by such data subjects of such updates and/or amendments.

20. Contacting us

If a data subject has any questions concerning these standard terms and conditions and/or the practices and/or dealings on our website, kindly contact our Information Officer, Florian Wohl: florian@rfadvice.com.

21. The law governing this Privacy Policy

This Privacy Policy is governed by the laws of the Republic of South Africa. Any dispute arising out of this Privacy Policy will be resolved in a South African court. 

Every person whose personal information we process has the following rights:

  • You have the right to request copies of your personal information, subject to the terms and conditions described in our Promotion of Access to Information (“PAIA”) manual and our POPIA Policy, which is available on request.
  • You have the right to request that we correct any information you believe is inaccurate,
  • You have the right to request that we erase your personal information, under certain conditions,
  • You have the right to object to us processing your personal information, under certain conditions
  • You have the right to lodge a complaint with the Information Regulator, whose contact details are in our PAIA Manual and POPIA Policy.

If you wish to object to the processing of personal information or if you wish to request correction or deletion of personal information, please request Form 1* or Form 2** from our Chief Information Officer, Florian Wohl, complete it and return it to florian@rfadvice.com

*Form 1: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION

**Form 2: REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION

22. How to contact us

If you have questions and/or comments about our Privacy Policy or need to protect any of your rights set out in this Privacy Policy, please contact our Information Officer. Email address: info@rfadvice.com Telephone number: 021 558 6850

Our physical address is:
SureStore Business Park
70 Carmine Drive
Burgundy Estate
Cape Town, Western Cape, 7441

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by