Name of Body: Halfway Group Holdings (PTY) LTD
Registration number: 2015/274007/07
Physical Address: 31 Stevens Road, Park Rynie, 4182
Telephone number: 039 978 7500
The Information Regulator South Africa
Physical Address: SALU Building, 316 Thabo Sehume Street, Pretoria 4180
Email Address: email@example.com
The right to privacy is a basic human right entrenched in the South African Constitution. The importance of the right to privacy is further entrenched with the enactment of the Protection of Personal Information Act 4 of 2013 (“POPIA”).
POPIA is a comprehensive set of data protection legislation enacted in South Africa. POPIA aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests. POPIA further seeks to regulate every step of the processing of personal information from how personal information must be handled when it is collected until the time it is destroyed.
Given the importance of privacy, the Halfway Group is fully committed to protecting your privacy to ensure that your personal information is collected and processed properly, lawfully, and transparently.
We collect and process your personal information mainly to provide you with our products and services, and as required by, tax and other legislation.
We use your personal information to do the following:
Identify you or to verify that you are an authorised user for security purposes.
Process your requests or instructions.
To be able to sell you our products and services.
Manage the goods and services you purchased from us.
Comply with the laws of South Africa.
Detect and prevent fraud, money laundering and other malpractice.
For audit and record keeping purposes
Offer other products and services to you.
Specific Personal Information processed
We will use your personal information only for the purposes for which it was collected and agreed with you. We will ensure that your personal information is adequate, relevant, and not excessive. In most instances we collect information directly from you. If information is obtained from a third-party source, we will obtain your express consent to do so. Where possible, we will inform you what information you are required to provide to us and what information is optional.
The Halfway Group processes information about the following categories of Data Subjects, including but not limited to:
Category of Data Subjects
Types of Information processed
Individuals (customer, policyholders etc)
Name, surname, South African identity number or other identifying number (e.g., passport), date of birth, age, marital status, citizenship, telephone numbers, email address, physical and postal addresses, drivers’ licence, income tax number, employment information, occupation, financial information (e.g., remuneration), banking information including account numbers, claims and payment history, FICA documentation.
Entities (Corporate Customers, Companies, Close Corporations, Trusts and Partnerships)
Entity name, registration number, tax-related information, contact details for representatives, FICA documentation, beneficial owners’ personal information (as for Individuals).
Directors, Members, Partners & Trustees
Identity numbers, names, physical and postal address, contact numbers, email address & FICA documentation.
Employees (potential employees, new recruitments, independent contractors)
Name, surname, South African identity number or other identifying number (e.g., passport number), contact details, physical and postal address, date of birth, age, marital status, race, disability, information, employment history, criminal background checks, fingerprints, CVs, education history, banking details, income tax reference number, remuneration and benefit information, drivers’ licence, health information, details related to employee performance, disciplinary procedure information.
May also include the personal information of children / minors, if they are listed as beneficiaries or dependants.
Service providers (including outsourced or hosted services, auditors, etc)
Company registration details, identity numbers, BEE certificates, tax clearance, income tax and VAT registration details, payment information including bank account numbers, invoices, contractual agreements, addresses, contact details.
Information is automatically collected.
Cookies are small text files that are created when you view a website. They gather usage data which includes information about the sites you visited, the number of times you visit, the date, time and length of your visit, which products or services you viewed and which areas of the site you visited. We may assign you one or more unique identifiers to help keep track of your future visits.
Other information automatically collected may include your IP (Internet protocol) address, browser type and version, preferred language, geographic location, wireless or Bluetooth technology on your device, operating system, and computer platform.
Information collected through online advertising.
We use internal and external service providers to help us deliver our banner advertisements and other online communications.
To understand which types of offers, promotions and advertising are most appealing to our customers, these service providers may collect and use some of your personal information. This information is aggregated and cannot be linked to you.
Data aggregation is any process in which information is gathered and expressed in a summary form using specific variables such as age, profession, income and interests.
Network Advertising Initiative at http://www.networkadvertising.org/managing/opt_out.asp
In order to provide our products and services to you, we may share your personal information with:
Service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
Entities within the Group. We only do this, in instances where we have received your express consent to do so.
Insurers, intermediaries, administrators, and Underwriting Managers.
Provident Funds and their Trustees and Principal Officers.
Medical aid companies.
Recruitment organisations that may collect information on our behalf.
Regulators and Law Enforcement Agencies.
Motor Licencing Bureau.
Original Equipment Manufacturers (OEMs).
Banks and other financing Institutions.
The South African Revenue Service (SARS).
We will also disclose your personal information to fulfil legal obligations that we may have.
We take every reasonable precaution to protect your personal information (including information about your activities) from theft, unauthorised access and disruption of services.
Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our website, data centres, systems, and other assets for security vulnerabilities.
Our security policies and procedures cover:
When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
We will only retain your personal information for a period necessary to achieve the intended purpose unless –
Retention is required or authorised by law.
Retention is required by the Halfway Group for lawful purposes related to its function or activities.
Retention is required by a contract between the parties.
You have consented to the retention of the record.
Retention is required for historical, statistical and research purposes.
We will ensure in the aforementioned scenarios that appropriate safeguards against the records being used for any other are purpose are in place.
We will ensure that personal information is deleted, destroyed and de-identified as soon as reasonably practicable after the Halfway Group is no longer authorised to retain the personal information.
We will ensure that the destruction or deletion of the personal information is done in a manner that prevents its reconstruction in an intelligible form.
Every attempt has been made to ensure that your personal information is safe and secure. In the event of a data or security breach which affects you, we are under a legal obligation to notify you as well as any impacted entity of this breach together with the measures we will be taking to mitigate any losses or damages.
Depending on the nature and severity of the breach, we will use the following communication channels to notify you of the breach:
Notification of breach (1st notification) will be issued within 24 hours of detection of the breach.
We take all reasonable steps to ensure that your personal information is complete, accurate, not misleading and updated where necessary. Please make sure that we always have your latest contact details.
Where appropriate, the Halfway Group will ensure that its customers, directors, employees, and service providers are made aware of the rights conferred upon them as data subjects.
Where you are required to fill or complete any forms in relation to a request for access, amendment, objection, and deletion of record of your personal information, the Halfway Group will render such reasonable assistance as necessary free of charge to enable you to complete the required forms.
The Halfway Group recognises that you have a right to establish whether the Halfway Group holds personal information related to you including the right to request access to that personal information.
If you wish to request access to your personal information, you must submit a request to the Information Officer or Deputy Information Officer of Entity within the Halfway Group to which the request pertains by completing Annexure B, the “Personal Information Request Form”.
You have a right, on reasonable grounds, to object to the processing of your personal information.
If you wish to object to processing of your personal information, you must submit a request to the Information Officer or Deputy Information Officer of the entity within the Halfway Group to which the request pertains by completing Annexure C.
In such circumstances, the Information Officer or Deputy Information Officer of the entity within the Halfway Group will give due consideration to the request and the requirements of POPIA. The Entity may cease to use or disclose your personal information and may, subject to any statutory and contractual record keeping requirements, also approve the destruction of your personal information.
You have the right to request, where necessary, that your personal information must be corrected or deleted where the Halfway Group is no longer authorised to retain the personal information.
If you wish to request a correction or deletion of your personal information or the destruction or deletion of a record of your personal information, you must submit a request to the Information Officer or Deputy Information Officer of the entity within the Halfway Group to which the request pertains by completing Annexure D.
We like to keep our customers informed of the latest products and services offered by us and our service providers. When you buy a new product or service from us, we will ask you what your marketing preferences are.
If you do not want to receive marketing from us, you can change your preference by using the “opt out” function or the “unsubscribe option”, alternatively you can contact the Information Officer of the Entity within the Halfway Group. Contact details for the relevant Information Officer can be found on Annexure A of this policy.
Remember that even if you choose not to receive marketing from us, we will still send you communications about your current (product/vehicle etc.).
You may ask us to access, change or remove your personal information from our records. Where legislation allows, we may charge an administrative fee, but we will always inform you of any cost before performing your request.
Any of the aforementioned requests, can be made via email, on the applicable form mentioned above. The email must be addressed to the Information Officer of the Entity within the Halfway Group to which your request pertains to. Contact details for the relevant Information Officer can be found on Annexure A of this document.
Once the completed form has been received, the Information Officer will verify the identity of the Data Subject prior to handing over any personal information.
The Information Officer will endeavour to process all requests within a reasonable time.
You may submit a complaint to the Entity within the Halfway Group to which your complaint pertains to. You may address your complaint via email using the requisite Annexure E. Your complaint must be addressed to the Information Officer of the Entity within the Halfway Group. Contact details for the relevant Information Officer can be found on Annexure A of this policy.
You have the right to submit a complaint to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of your personal information.
In addition, where we are unable to resolve your complaint, to your satisfaction you also have the right to lodge a complaint with the Information Regulator. You may do so, by submitting the completed Annexure F to the Information Regulator. The details for the Information Regulator can be found above.
This policy refers to the term Information Officer and Deputy Information Officer interchangeably. The Information Officer or Deputy Information Officer is a person/s appointed by the entity to ensure compliance with the POPI Act within the entity. A high-level summary of their duties are as follows:
For the purposes of this policy, the Information Officer/Deputy Information Officer is only responsible for the duties listed above in relation to the entity for which s/he has been appointed and therefore only assumes responsibility for the personal information within that Entity.
In addition, it is specifically recorded that the Information Officer for Halfway Group Holdings (PTY) LTD is only responsible for personal information held in relation to the company secretarial function for this company.
We reserve the right to amend this Policy from time to time, and you agree that you will review the terms of this Policy whenever you visit our website for any such amendments.
This Policy will be governed by and construed and interpreted in accordance with the laws of the Republic of South Africa.
Please ensure that you have read and understood the terms and conditions of this Policy before you provide us with your personal information.