hvm-2-icon-financial-services

POPI POLICY

PERSONAL INFORMATION

Personal information is collected only when an individual knowingly and voluntarily submits information. Personal Information may be required to provide an individual with further services or to answer any requests or enquiries relating to this service.

It is the Financial Service Provider (FSP) intention that this policy will protect an individual’s personal information from being prejudiced in any way and this policy is consistent with the privacy laws applicable in South Africa.

The FSP collects, stores and use the personal information provide by an individual, in order to provide an estimated insurance quotation.

USE OF INFORMATION

The FSP needs to collect personal or other information:

  • For underwriting purposes
  • Assessing and processing claims
  • Conducting credit reference searches or verification
  • Confirming and verifying an individual’s identity
  • For credit assessment and credit management
  • For purposes of claims history
  • For the detection and prevention of fraud, crime, money laundering or other malpractice
  • Conducting market or customer satisfaction research
  • For audit and record keeping purposes
  • In connection with legal proceedings
  • Follow an individual’s instructions
  • Inform an individual of services
  • Make sure the FSP’s business suits the individual’s needs

Personal information that an individual submits is used only for the purpose for which it was intended. Copies of correspondence that may contain personal information, is stored in archives for record-keeping and back-up purposes only.

The FSP will not, without an individual’s consent, share information with any other third parties, for any purposes whatsoever.

SECURITY

The FSP strives to ensure the security, integrity and privacy of personal information submitted. The FSP will review and update its security measures in accordance with future legislation and technological advances. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure, however, the FSP will endeavour to take all reasonable steps to protect the personal information, which an individual submits to the FSP or to the FSP’s online products and services. The FSP will at all times set the highest standards to ensure the integrity of their systems.

The FSP may engage with other organisations to provide support services to the FSP. Third Parties are obliged to respect the confidentiality of any personal information held by the FSP. A Service Level agreement is in place with all Third parties to ensure adherence to all Privacy Policies.

The FSP’s employees are obliged to respect the confidentiality of any personal information held by the FSP. All employees are required to sign an employment contract which includes a confidentiality clause.

The FSP will not reveal any personal information to anyone unless:

  • It is compelled to comply with legal and regulatory requirements or when it is otherwise allowed by law.
  • It is in the public interest.
  • The FSP needs to do so to protect their rights.

The FSP endeavours to take all reasonable steps to keep secure any information which they hold about an individual, and to keep this information accurate and up to date. If at any time, an individual discovers that information gathered about them is incorrect, they may contact the FSP to have the information corrected.

The FSP recognises the importance of protecting the privacy of information collected about individuals, in particular information that is capable of identifying an individual ("personal information").

CONDITIONS FOR THE LAWFUL PROCESSING OF PERSONAL INFORMATION

According to the POPI Act there are eight conditions that must be complied with to ensure that the processing of personal information is lawful. These conditions include:

  1. Accountability

The responsible party must ensure that the conditions set out in Chapter 3 of the POPIA and all the measures that give effect to such conditions, are complied with at the time of determining the purpose and the means of the processing.

  1. Processing Limitation

Personal information may only be processed in a lawful and reasonable manner that does not infringe on the privacy of the data subject.

Personal information may only be processed if:

  • the data subject or a competent person, where the data subject is a child, consents to the processing;
  • processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
  • processing complies with an obligation imposed by law on the responsible party;
  • processing protects a legitimate interest of the data subject;
  • processing is necessary for the proper performance of a public law duty by a public body; or
  • processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  • The FSP will also ensure that any personal information that is processed by it was obtained directly from the data subject.
  1. Purpose Specific

The FSP will process personal information only for specific, explicitly defined, and legitimate reasons. The FSP will inform data subjects of these reasons prior to collecting or recording the data subject’s personal information.

  1. Further Processing Limitation

Personal information will not be processed for a secondary purpose unless that processing is compatible with the original purpose.

Therefore, if the FSP wishes to process existing personal information for a purpose other than the purpose for which it was originally collected, the FSP will first obtain additional consent from the data subject.

  1. Information Quality

The FSP will take reasonable steps to ensure that all personal information collected is complete, accurate and not misleading.

Where personal information is collected or received from third parties, the FSP will take reasonable steps to confirm that the information is correct by verifying the accuracy of the information directly with the data subject or by way of independent sources.

  1. Openness

The FSP will take reasonable steps to inform all data subjects whose information is being collected of:

  • The information being collected and where the information is not collected from the data subject, the source from which it is collected;
  • The name and address of the responsible party;
  • The purpose for which the information is being collected;
  • Whether or not the supply of the information by that data subject is voluntary or mandatory;
  • The consequences of failure to provide the information;
  • Any particular law authorising or requiring the collection of the information;
  • The fact that, where applicable, the responsible party intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation.
  1. Security Safeguards

The responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information; and unlawful access to or processing of personal information.

To achieve the abovementioned results, the responsible party must take reasonable measures to:

  • identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
  • establish and maintain appropriate safeguards against the risks identified;
  • regularly verify that the safeguards are effectively implemented; and
  • ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
  1. Data Subject Participation

A data subject may request whether their personal information is held, as well as the correction or deletion of his or her personal information held by the FSP. The FSP will take all reasonable steps to confirm your identity before providing details of your personal information.

CONTACT INFORMATION

Any questions relating to the FSP’s POPI policy or the treatment of an individual’s personal data may be addressed to the contact details below:

Information officer: Nadia Mason
Telephone number: 031 562 7400
Fax number: 031 562 7420
Postal address: 9 Savell Ave, Glen Ashley
Durban North, KZN, South Africa
Physical address: 9 Savell Ave, Glen Ashley
Durban North, KZN, South Africa
Email address: nadia@hvm.co.za
Website: http://www.hvm.co.za/healthcare/

POPI COMPLAINTS

Data subjects have the right to complain in instances where any of their rights under POPIA have been infringed upon.

All complaints must be submitted to the FSP in writing and will be considered by the Information Officer.

Where the data subject is not satisfied with the Information Officer’s determination, the data subject has the right to complain to the Information Regulator.

Information Regulator

Tel:      +27 (0)12 406 4818 or +27 (0) 10 023 5207
Email: inforeg@justice.gov.za