21 JUNE 2021
Protection of Personal Information Act (POPIA) Privacy Notice
The Protection of Personal Information Act aims to give effect to the constitutional right to privacy by safeguarding personal information and regulating the way personal information is processed.
In terms of Section 18 of the Protection of Personal Information Act, 4 of 2012
1. What Personal Information does the Company require?
1.1. 10X Investments (Pty) Ltd (“the Company”)’s Personal Information Protection Policy governs the Processing of your Personal Information. You may view the Personal Information Protection Policy by contacting the Information Officer at firstname.lastname@example.org or on 021 412 1010.
1.2. “Personal Information” is defined in the Protection of Personal Information Act (Act no. 4 of 2013) (“POPIA”) as follows: “Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –
- (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
- (b) information relating to the education or the medical, financial, criminal, or the employment history of the person;
- (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- (d) the biometric information of the person;
- (e) the personal opinions, views or preferences of the person;
- (f) correspondence sent by the person, that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- (g) the views or opinions of another individual about the person; and
- (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.”
1.3. “Processing” is defined in POPIA as follows:
“any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
- (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- (b) dissemination by means of transmission, distribution or making available in any form; or
- (c) merging, linking, as well as restriction, degradation, erasure or destruction of information;”
1.4. The Company is a Responsible Party in respect of the Personal Information you (Data Subject) provide to the Company. The Company processes the following types of Personal Information from you:
1.4.1. Identification document;
1.4.2. Proof of residential/business operating address;
1.4.3. South African Income Tax registration number;
1.4.4. South African VAT registration number (if applicable per individual/legal entity);
1.4.5. Contact numbers;
1.4.6. E-mail addresses;
1.4.7. Banking details.
2. Why does the company require your Personal Information?
2.1. This Personal Information is required in terms of the Financial Intelligence Centre Act, 38 of 2001 and the Company’s Risk Management and Compliance Programme; the Financial Services and Intermediary Services Act, 37 of 2002 and the General Code of Conduct for Financial Services Providers; the Pensions Fund Act, 24 of 1956; the Income Tax Act, 58 of 1962; and the Insurance Act, 18 of 2017 and the Long-term Insurance Act, 52 of 1998. The Personal Information forms part of the Company’s requirements when obtaining a discretionary mandate from you or opening an account to facilitate the relevant business activities.
2.2. The Company needs your Personal Information to provide you with the following services:
2.2.1. To establish a legal relationship with you;
2.2.2. To populate the client account information required on the various onboarding platforms to open your account; and
2.2.3. To generate statements and capture contact information related to this discretionary mandate or account.
3. How is your Personal Information Processed?
3.1. Your Personal Information is Processed and Stored at Suite 105, Sovereign Quay, 34 Somerset Road, Greenpoint, or, where applicable, such designated location, necessary for the purpose for which your Personal Information is being processed.
3.2. No third-party providers have direct access to your Personal Information unless specifically required by law and to satisfy client due diligence principles.
3.3. Your Personal Information will not be shared with third-party providers without your consent unless it is necessary for further processing compatible with the purpose for which it was collected.
4. How long does the Company keep your Personal Information?
4.1. Under South African law, the Company will not retain Personal Information any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed. After this period, your Personal Information will be irreversibly destroyed. For more information, please refer to our Personal Information Retention Policy which can be accessed by contacting the Information Officer at email@example.com.
5. What are your rights?
5.1. Should you believe that any of your Personal Information held by the Company is incorrect or incomplete, you have the right to request to view this information, rectify it or have it deleted. Please contact the Company’s Information Officer on firstname.lastname@example.org should this be required, or follow this link.
5.2. In addition, if you wish to complain about how the Company has handled your Personal Information, please contact the Information Officer on email@example.com. The Company’s Compliance Department will investigate your complaint and contact you within five (5) business days of the complaint being lodged and work with you to resolve the matter.
5.3. If your query relating to your Personal Information is not, in your opinion, adequately dealt with, you can contact the Information Regulator on 012 406 4818 or firstname.lastname@example.org to file an official complaint.