1. INTRODUCTION
    • Sirius Risk Management (“Sirius Risk Management, we, us, our”) is sensitive to the personal nature of the information you provide to us.
    • This Privacy Policy (“this Policy”) explains how we protect and use your Personal Information.
    • By providing us with your Personal Information, you –
      • agree to this Policy and authorize us to process such information as set out herein; and
      • authorize Sirius Risk Management, its’ Associates, our Service Providers and other third parties to process your Personal Information for the purposes stated in this Policy.
    • We will not use your Personal Information for any other purpose than that set out in this Policy and will endeavour to protect your Personal Information that is in our possession from unauthorised alteration, loss, disclosure, or access.
    • Please note that we may review and update this Policy from time to time. The latest version of this Policy is available on our Company website and/ or available upon request.
    • This Policy applies to all external parties with whom we interact, including but not limited to individual clients, representatives of client organisations, visitors to our offices, and other users of our professional services (“you“). Defined terms used in this Policy are explained in Annexure A.

 

  1. COLLECTION OF PERSONAL INFORMATION
    • We may collect or obtain Personal Information about you –
      • directly from you.
      • during our relationship with you or your organization.
      • when you make your Personal Information public.
      • when you visit and/or interact with our website or our various social media platforms.
      • when you register to make use of any of our professional services including, but not limited to, newsletters and legal updates; or
      • when you visit our offices.
    • We may also receive Personal Information about you from third parties (for example, law enforcement authorities).
    • In addition to the above, we may create Personal Information about you such as records of your communications and interactions with us, including, but not limited to, your attendance at events or at interviews while applying for a job with us, subscription to our newsletters and other mailings and interactions with you during our digital marketing campaigns.

 

  1. CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS

We may process the following categories of Personal Information about you –

  • personal details: full name; and photograph.
  • demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
  • identifier information: passport or national identity number; bank details.
  • contact details: correspondence address; telephone number; email address; and details of your public social media profile(s).
  • instruction details: details of individuals instructing our Company; Personal Information included in correspondence, documents, or other materials that we process while providing services.
  • attendance records: details of meetings and other events organized by or on behalf of Sirius Risk Management that you have attended.
  • consent records: records of any consents you may have given, together with the date and time, means of consent and any related information.
  • payment details: billing address; payment method; bank account number or card number; invoice records; payment records; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
  • data relating to your visits to our website: your device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; and other technical communications information.
  • Employer details: where you interact with us in your capacity as an employee of an organization, the name, address, telephone number and email address of your employer, to the extent relevant; and
  • content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (including, but not limited to, mouse hover, mouse clicks and any forms you complete).

 

  1. SENSITIVE PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
    • Where we need to process your Sensitive Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with applicable law.
    • In the unlikely event that we need to process Personal Information of Children, we will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with applicable law.

 

  1. PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING
    • We will process your Personal Information in the ordinary course of the business of providing our services. We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected. We may subject your Personal Information to processing during various activities, including, without limitation, the following –
      • operating our business.
      • analysis, evaluation, review, and collation of information to fulfil our contracted obligations to our clients and client contracts, and provide professional advice, services, and recommendations (whether in electronic or any other medium whatsoever).
      • compliance with applicable law and fraud prevention.
      • attending to the legitimate interests of Data Subjects.
      • tracking Data Subject activity on the Company websites, various social media platforms and through direct transactions with the business.
      • transfer of information to our Service Providers and other third parties or
      •  
    • We may process your Personal Information for relationship management and marketing purposes in relation to our services (including, but not limited to, processing that is necessary for the development and improvement of our services), for accounts management, and for marketing activities to establish, maintain and/or improve our relationship with you and with our Service Providers. We may also analyze your Personal Information for statistical purposes.
    • We may process your Personal Information for internal management and management reporting purposes, including but not limited to conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis.
    • We may process your Personal Information for safety and security purposes.

 

  1. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
    • We may disclose your Personal Information to our Associates and Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your Personal Information –
      • if required by law.
      • to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
      • to third party Operators (including, but not limited to, data processors such as providers of data hosting services), located anywhere in the world, subject to 6.2.
      • where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise, or defense of legal rights.
      • to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security.
      • to any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation); and
      • to any relevant third-party provider, where our website uses third party advertising, plugins, or content.
    • If we engage a third-party Operator to process any of your Personal Information, we recognize that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to –
      • only process such Personal Information in accordance with our prior written instructions; and
      • use appropriate measures to protect the confidentiality and security of such Personal Information.

 

  1. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
    • We may transfer your Personal Information to recipients outside of the Republic of South Africa.
    • Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the legal and other related services that are required by Sirius Risk Management

 

  1. DATA SECURITY
    • We implement appropriate technical and organizational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
    • Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.
    • Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during such transmission.

 

  1. DATA ACCURACY

The Personal Information provided to our business should be accurate, complete, and up to date. Should Personal Information change, the onus is on the provider of such data to notify Sirius Risk Management of the change and provide us with accurate data. We will endeavour to monitor and keep Personal Information relevant and up to date, wherever possible, to the best of our knowledge.

 

  1. DATA MINIMISATION

Sirius Risk Management will restrict its’ processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.

 

  1. DATA RETENTION

Sirius Risk Management  shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.

 

  1. YOUR LEGAL RIGHTS (ACCESS TO YOUR PERSONAL INFORMATION)
    • Data Subjects have rights under the South African POPI Act, and other laws, to have access to your Personal Information and to ask us to rectify, erase and restrict use of, any of it. You may also have rights to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information.
    • If you would like to access, amend, erase, or restrict use of any of your Personal Information, please contact the Information Officer by emailing edmore@siriusrm.co.za.
    • The Information Officer will provide you with a Personal Information Request Form to complete. Once the completed form has been received, the Information Officer will make every effort to verify the identity of the Data Subject prior to handing over any personal information. All requests will be processed and considered on an individual basis, and within a reasonable time.

 

  1. COOKIES AND SIMILAR TECHNOLOGIES

We may process your Personal Information by our use of Cookies and similar technologies but only for the necessary function of our website. When you visit our website we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law.

 

  1. DIRECT MARKETING
    • We may process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time.
    • If you currently receive marketing information from us which you would prefer not to receive in the future, please email us at edmore@siriusrm.co.za requesting to opt-out of all future communications.

 

  1. COMPLAINTS, FEEDBACK AND INCIDENTS OR DATA BREACHES
    • You may direct any feedback, complaints, data breach notifications, incident notifications and any requests to access, amend, erase, or restrict use of your Personal Information to the following:

 

The Information Officer

Attention: Edmore Ngwenya

Physical Address: 67 Bridge Street, President Ridge, Randburg.

Telephone: 011 781 4356

Email: edmore@siriusrm.co.za

  • Where there is a complaint, incident or data breach identified, it should be brought to the attention of our Information Officer immediately. We will endeavour to investigate the data breach, incident and/ or complaint as a matter of priority.
  • Should you have any issues with the way in which we are processing your personal information, you are entitled to lodge a complaint with the Information Regulator.