PAIA and POPIA Procedures – Juristic entities including Affiliate Operations Liberty Broker Franchises 300124
Affiliate Operations, Liberty Broker Franchises, Liberty Services Providers and Group Tied Brokers or any other Juristic Persons
Review of contract templates – Deeds of Adherence
The Deed of Adherence must be signed by every person who does not have a contract directly with Liberty.
This includes every Financial Adviser or person employed or contracted by any Affiliate Operation, Liberty Broker Franchise (LBF), Liberty Services Provider (LSP, Group Tied Broker (GTB) or any other institution providing outsourced services for Liberty. It also includes secretaries, assistants and administrators, appointed on behalf of Liberty Tied Financial Advisers as well as the staff of Affiliate Operations, LBFs, LSPs and GTBs.
Copies of such Deeds of Adherence and other documents must be retained by each operation and be available upon request.
Information Officer
In terms of the provisions of the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA), an Information Officer may be appointed by every private body. A “private body” includes any company or juristic entity, and includes each Affiliate Operation, Liberty Broker Franchise, Liberty Services Provider or Group Tied Broker. If an Information Officer is not appointed, then the Managing Director or Chief Executive Officer is deemed to be the Information Officer of that entity/private body.
The CEO/Information Officer is accountable to ensure that privacy policies are in place for the juristic entity, including any processes for objections, complaints or requests for personal information or personal records.
POPIA does not itself require the registration of an Information Officer for each private body/juristic person, but Guidelines have been published by the Information Officer which do require registration. No deadline is provided by when an Information Officer must be registered.
A copy of the Guidance Note is provided below:
The web link to register an Information Officer is: https://www.justice.gov.za/inforeg/portal.html
Privacy Notice/Statement
This is required for any website of any juristic entity. An example of Liberty’s Privacy Notice is set out below. Any website containing a Privacy Notice requires approval from Liberty: MarComms_Approval@liberty.co.za
An example of Liberty’s Privacy Notice is referred to below, which can be tailor-made for any juristic person.
Liberty Privacy and Security Notice
Your right to privacy and security is very important to us. Liberty Holdings Limited and its subsidiaries, (Liberty, we, us, our) treat personal information as private and confidential.
How and why we collect personal information:
- We collect personal information for the purposes set out in this notice or otherwise communicated to you.
- We collect personal information directly from you when you purchase our products, contact us directly or provide information through this website.
- We may collect from and share your personal information with selected third parties to ensure we meet our responsibilities as a registered long-term insurer and authourised financial services provider. These third parties may include, but are not limited to:
- Regulatory bodies
- Financial Advisers and other intermediaries
- Member companies of the Standard Bank Group
- Credit bureaus
- Other insurers or authorised financial services providers for prevention of fraud
- We collect personal information from and about you for the following purposes, but not limited to:
- Assess your individual requirements accurately
- Deliver effective and personalised services to you that comply with applicable regulations
- Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services)
- Tell you about services and products available within the Group
- Constantly improve our offerings to suit your unique needs
- Verify and protect your identity
- Conduct credit checks
- Comply with regulatory reporting requirements
- Comply with other relevant regulatory requirements, including monitoring and analysing your account for credit, fraud, compliance and other risk-related purposes as required by law
- Purposes as otherwise allowed by law
Without your personal information, we may not be able to provide or continue to provide you with the products or services that you need.
Transfer across borders
Sometimes we will process your personal information in other countries, either to carry out your instructions or for ordinary business purposes. These countries may not have the same level of protection. We will only process your personal information with your consent. If necessary, we will ask the party to whom we transfer your personal information to agree to our privacy principles, associated policies and practices.
Storage
We store personal information as required by law.
Our use of technology to follow your use of our website
We collect and examine information about visits to this website. We use this information to find out which areas of the website people visit most. This helps us to add more value to our services. This information is gathered in such a way that we do not get personal information about any individual or their online behaviour on other websites.
Cookies
We use cookie technology on some parts of our website. A cookie is small pieces of text that are saved on your Internet browser when you use our website. The cookie is sent back to our computer each time you visit our website. Cookies make it easier for us to give you a better experience online. You can stop your browser from accepting cookies, but if you do, some parts of our website or online services may not work. We recommend that you allow cookies.
Marketing by post, email or text messages
If you give us permission, we may use your personal or other information to tell you about products, services and special offers from us or other companies that may interest you. We will do this by post, email or text message (SMS). If you later decide that you do not want us to do this, please contact us and we will stop doing so. This may be done by phoning our customer servicing centre on [INSERT TELEPHONE NUMBER] or contacting your Financial Adviser.
Third parties
We ask other organisations to provide support services to us. When we do this, they have to agree to our privacy policies if they need access to any personal information to carry out their services.
Our website may contain links to or from other websites. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practises or their content. We recommend that you always read the privacy and security notices on these websites.
When we may reveal personal information without consent
We will not reveal personal information to anyone outside Liberty or certain of our service providers without your permission, unless:
- We must do so by law or in terms of a court order
- It is in the public interest
- We need to do so to protect our rights
- There is a legitimate purpose for the sharing
Our security practices
- We are committed and obliged to implement all reasonable controls to safeguard access to your personal information.
- Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other legal requirements, we ensure that they are contractually bound to apply the appropriate security practises.
- All use of our website and transactions through it are protected by encryption (secret codes) in line with international standards.
- We may share with or receive personal information from parties as set out above, where these parties reside outside of the Republic of South Africa.
Your right to access information
- You have the right to request access to the personal information we process about you. You may exercise this right by following the Promotion of Access to Information (PAIA) manual, available on the website.
- If you have any questions regarding this, please let us know on [INSERT EMAIL ADDRESS].
Privacy and security statements that apply to specific online services
Different online services or businesses of Liberty may have their own privacy and security policies because the service or product they offer may need different or extra policies. These specific policies will apply to your use of the particular service where they are different from our general policies.
Personal use of emails and notice about checking on emails
Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Liberty. We do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent or received using our systems, according to any law that applies.
Right to change this privacy and security notice
We may always change this privacy and security notice. We will put all changes on our website. The latest version of our privacy and security notice will replace all earlier versions of it, unless it says differently. Email us on [INSERT EMAIL ADDRESS] if you have any questions about this privacy and security notice.
Promotion of Access to information act
The Promotion of Access to Information Act (PAIA) was passed in order to give effect to the constitutional right of access to information held by a public or private body for the exercise or protection of any right.
Liberty Holdings Limited, including all wholly or partially owned subsidiaries and associated juristic persons (hereinafter referred to as “Liberty”) is a private body as defined in the Act. Liberty is bound by this Act and shall process any request made in terms thereof.
Please click on the links below to access the Liberty Information Manual and Request form.
- PAIA Manual PAIA Manual
- The Request Form (Refer to Annexure 1 in the PAIA Manual)
Right of access to information
A requester must be given access to any information record of Liberty if all the following requirements are met:
- The record is required for the exercise or protection of any right of the individual.
- The requester meets the procedural requirements of the Act relating to a request for access to an information record.
- The request falls outside any of the grounds of refusal contemplated in the Act.
Liberty clients
All Liberty clients are allowed access to their own information without having to use the Request for Access to Information procedures as set out in the Promotion of Access to Information Act, including, but not limited to:
- Policy documents
- Account information
- Personal records
- Voice recordings
All Liberty clients should contact the relevant call centre or department to request access to their own information without having to use the Request for Access to Information procedure. Please note that there may be administration costs associated with retrieval of certain types of information records.
Any Liberty client who wishes to be given access to information that is deemed to belong to Liberty or any of its other clients must follow the Request for Access to Information procedure (Request procedure).
Request procedure
The following procedure is applicable to requests for access to information in terms of the Act:
- The requester must complete in full the prescribed request form and send that to the Group Privacy Officer.
- Where required to do so by the Group Privacy Officer, the requester must deposit a prescribed fee to ensure that processing takes place (the requester will be notified where the Group Privacy Officer requires a deposit).
- The prescribed fee, where applicable, as provided for in paragraph 9.2 of the PAIA Manual, must be paid and proof of payment (e.g. copy of deposit slip) submitted following the request (the following reference must be used for the deposit or we will not be able to identify it: “PAIA” followed by requester’s initial(s) and surname e.g. If the requester’s initials and surname are AN Smith, they must use ‘PAIA AN Smith’ as the reference).
- If the requester qualifies for exemption of the payment of any fee, the reason for exemption must be stated.
- The completed request form and proof of deposit must be sent to:
Particulars of Liberty (or Division of Liberty)
Group Privacy Officer
PO Box 10499
Johannesburg
2000
Tel:
E-mail:
- Upon receipt of the request form and proof of deposit, Liberty will:
- Assess the request form to ensure completeness
- Confirm receipt of the request fee
- Process the request if it meets the procedural requirements of the act
- Notify a third party where applicable
- Decide whether to grant or deny the request
- Let the requester know of the decision
- Notify the requester about the payable access fee if the request is granted
- Repay the R50 (fifty rand) request fee to the requester if the request is refused
- Release the requested information record to the requester upon confirmation of receipt of the payable access fee
Liberty must process a request that meets the procedural requirements within 30 (thirty) days of receipt thereof. Liberty shall inform the requester in writing of any extension of the period to deal with a request.
Contact person
All requests for information must be directed to the following address:
Group Privacy Officer
PO Box 10499
Johannesburg
2000
Tel:
E-mail:
PAIA and POPIA Manual
The legal entity must have a procedure in place to record and report all privacy requests, all objections, as well as any data losses or breaches of privacy which may take place. These cases must also be reported to Liberty’s Group Privacy Officer: privacy@liberty.co.za
Every legal entity should have a POPIA and PAIA Manual. An example of a Manual is attached.
In the Manual, the contact details of the Chief Executive or the Information Officer should appear.
Social media and branding
Written approval is required from Marcomms before any social media is sent out. This includes websites, blogs, Instagram, Facebook, YouTube or any other form of created content. MarComms_Approval@liberty.co.za
Data storage
Access control to physical offices and documents is required. Paper files must be kept in lockable, sturdy cabinets.
Back-up of electronic media
If the electronic records are maintained on any systems administered by any affiliate operation, Liberty Broker Franchise, or other non-Liberty institution, then regular back-ups of all electronic storage is required. Regular back-ups should be maintained on at least a weekly basis, but more frequently if the volumes require daily back-ups. Strict logical access control (including password controls) to the electronic systems must be maintained by each operation. All operations must maintain and review a Disaster Recovery Plan to protect against all forms of disasters, including details of how all paper and electronic records will be protected.
One Drive, Google Drive and Drop Box are the most secure Cloud usage systems. They use AWS Credential Vaults behind which there are secure access controls.
Privacy Policy
Every legal entity should have a Privacy Policy, which could include the Privacy Statement, approved by its Board of Directors. An example of a Privacy Policy is included below.
Termination of an adviser
When advisers are terminated, whether as a result of retirement, resignation, transfer, death or termination by Liberty, all client information i.e. physical files must be handed back to Liberty. All electronic devices and external drives must be re-formatted before the termination is finalised. All exit protocols/termination check-lists must be followed and completed.