.

+61 272 408 586

Promotion of Access to Information Act

 PROMOTION OF ACCESS TO INFORMATION ACT

1.1 The Promotion of Access to Information Act, No 2 of 2000, as amended (the Act) was enacted on 3 February 2000 and aims to give effect to the constitutional right of access to information: (i) subject to justifiable limitations, including limitations aimed at the reasonable protection of privacy, commercial confidentiality and effective, efficient and good governance; and (ii) in a manner which balances that right with other rights including those entrenched in the Bill of Rights in Chapter 2 of the Constitution of the Republic of South Africa. The purpose of the Act, amongst others, is to give effect to the constitutional right of access to information held by private bodies for the exercise of or protection of rights and to establish the procedures to give effect to that right, as swiftly and inexpensively as reasonably possible.

1.2 Section 51 of the Act requires a private body to compile a manual (the Manual) which details the requisite procedural issues attached to a request for information, the prescribed rates, the requirements which such request must meet as well as the grounds for refusal or partial refusal of such request. Please refer to the sections below for more information.

  1. PURPOSE OF THIS MANUAL

2.1 The purposes of this Manual are to:

2.1.1 provide a description of the available records of SPL (see section 4);

2.1.2 provide a description of the Personal Information processing activities of SPL, as prescribed by the Act; and

2.1.3 facilitate any request for information a requester may have under the Act, required for the protection or exercise of any right. Such a request may however be subject to justifiable limitations, as per Part 3, Chapter 4 of the Act.

  1. WHO MAY REQUEST TO THE INFORMATION HELD

3.1 This Manual is designed to facilitate any request for information from a requester (which includes a Data Subject). In terms of section 50 of the Act, a requester must be given access to any record held by a private body where:

3.1.1 that record is required for the exercise or protection of any rights;

3.1.2 the requester complies with the procedural requirements in terms of the Act pertaining to a request for access; and

3.1.3 access to that record is not refused in terms of any of the grounds for refusal listed in the Act.

3.2 The above-mentioned request includes access to a record containing Personal Information of the requester or the person on whose behalf the request is being made.

3.3 A requester has the right to ask SPL to confirm whether or not it holds Personal Information of the requester, free of charge. Additionally, a requester may request that SPL provide a record or description of the Personal Information of the requester held by SPL as well as the information regarding the identity of all third parties or categories of third parties, who have, or have had, access to the

Personal Information:

3.3.1 within a reasonable time;

3.3.2 at the prescribed fee, if any;

3.3.3 in a reasonable manner and format; and

3.3.4 in a form that is generally understandable.

3.4 Please note that if a requester requires a record or description of the Personal Information held by SPL, a written estimate of the fee (determined in accordance with the Regulations of the Act) will be provided to the requester and a deposit may be required.

3.5 A requester, in relation to a private body, means:

3.5.1 any person, including, but not limited to, a public body or an official thereof, making a request for access to a record of that private body; or

3.5.2 a person acting on behalf of the person contemplated above.

3.6 Should a request be made on behalf of another person or entity, the requester must submit details and proof of the capacity in which the requester is making a request, to the satisfaction of SPL.

3.7 Where a public body requests access to information from SPL, for the exercise or protection of any rights, other than its rights, it must be acting in good faith and in the interest of the public.

  1. TYPES OF RECORDS HELD

4.1. Records are held and made available in terms of the legislation listed in Annexure “A” as applicable to the entities listed herein.

4.2. The following other records are held by SPL:Products and services subjects-

  • Long-term insurance products
  • All records kept in terms of legislation applicable to any of the above products or services and the Financial Services Industry in general
  • Finance
  • Actuarial
  • Client care
  • Product Management
  • All records kept in terms of the Company Laws of South Africa
  • Distribution
  • Marketing
  • Information technology
  • Human resources Subjects on whom records are held-
  • Shareholders
  • Policyholders
  • Directors
  • Employees
  • Prospective Employees
  • Applicants
  • Officials
  • Consultants
  • Investors
  • Subsidiary companies
  • Advisers
  • Brokers
  • Clients
  • Banking institutions
  • External companies/ contractors
  • Third-party Service Providers
  • Associate Companies and Join Ventures
  • Auditors

Which records are held in respect of the abovementioned subjects?

  • Confidential
  • Personal
  • Commercial
  • Financial
  • Group/company incorporation
  • Group/company financial
  • Group/company departments
  • Strategy
  • Contractor
  • Medical
  • Information technology
  • Client
  • Product and services
  • Contracts
  • Rules of Funds
  • Statutory required reports
  • Board of Trustee decisions
  • Unsecured loans.
  • Scientific
  • Research
  • Operational
  • Trade
  • Business
  • Internal group/ company divisions
  • Group/ company structure
  • Operational
  • Policyholder
  • Shareholder
  • External Companies
  • Broker
  • Directors
  • Employee
  • Banking institutions
  • Official/legal
  • Policy documents
  1. PRESCRIBED FEES

5.1. The tariffs relating to a request are determined in accordance with the Regulations of the Act.

5.2. In order to access any records the requester must complete the prescribed form/s with sufficient detail.

5.3. The completed form must be forwarded to the Information Officer or Deputy Information Officer whose details are provided below (see section 9 below).

5.4. Once the completed form has been submitted the Information Officer will advise the requester if any fees will be payable and the payment methods and provide the requester with a written estimate of the fees which will be payable.

5.5. The Information Officer shall by notice request the requester to pay the prescribed fee before processing of the request further.

5.6. Please note that a request will not be processed until the request fee and the deposit (where applicable) has been paid.

  1. DECISION

6.1. The Information Officer will, as soon as reasonably possible, but within 30 days (or such other extended period determined and notified by the Information Officer, subject to the provisions of the Act), after the request has been received or after the requisite information pertaining to the request has been received:

6.1.1. decide, in accordance with the Act, whether to grant the request;

6.1.2. inform the requester of their right to correct any Personal Information; and

6.1.3. notify the requester of the aforementioned decision.

6.2. Where the request is granted, the notice must contain the access fee applicable, the form in which access will be given; and outline the requisite dispute resolution procedures available to the requester should they be dissatisfied with the outcome.

6.3. Information, or parts thereof, may be refused in accordance with the grounds for refusal listed in Part 3, Chapter 4 of the Act.

6.4. Information which does not fall within the ambit of a recognised ground for refusal must be disclosed.

6.5. If all reasonable steps have been taken to find a record, and such a record cannot be found or if the records do not exist, then the Information Officer will notify the requester, by way of an affidavit or affirmation, that it is not possible to give access to the requested record.

  1. THE PROCESSING OF PERSONAL INFORMATION

7.1. The Purpose of the processing SPL collects, processes and stores Personal Information:

  • to meet our responsibilities to our customers;
  • to meet our responsibilities to employees;
  • to meet our contractual responsibilities to third-party service providers;
  • to inform customers of products and services; to comply with all legal and regulatory requirements, including industry codes of conduct;
  • to protect and pursue the legitimate interests of SPL; and
  • for any further purposes related to the above.

For more information, please visit our Privacy Notice at

https://sanlacorp.com/privacy-notice/

7.2. Categories of data subjects

Shareholders Subsidiary companies Joint ventures Advisors Independent brokers Directors

Employees Customers Officials Banking institutions Consultants External companies / contractors

Offenders and suspected offenders Suppliers and service providers Investors Policyholders and

Beneficiaries Complainants Professional advisers Trustees Pension Fund members Employers and

employees of other organisations Prospective employees Leads or prospective customers Board  members.

7.3. Classes of Personal Information processed Personal details Financial details Lifestyle and medical Information Education details Employment details Goods or services provided Special Personal Information Personal opinions and preferences

7.4. Personal Information may be received from or supplied to:

  • any regulatory authority (such as the National Credit Regulator and the Financial Sector Conduct Authority) and the regulators they appoint for the various financial sectors;
  • comply with any regulation passed under the relevant legislation, or any other legal process;
  • any legal or juristic person with an appropriate legal basis;
  • an executor of an estate, beneficiaries, or any other authorised representative;
  • pension fund administrators;
  • brokers, advisers, or intermediaries;
  • law enforcement agencies; media outlets; and third-party service providers.

7.5. Trans border flow of information Further processing and storage may require that SPL send Personal Information to service providers outside of the Republic of South Africa. SPL will not send your

information to a country that does not have information protection legislation similar to that of the RSA, unless we have ensured that the recipient agrees to effectively adhere to the principles for processing of information in accordance with the Protection of

Personal Information Act No 4 of 2013 (“POPIA”).

7.6. SPL’s security practices Information Security deals with SPL’s information and IT security capability and practices.

Information Security deals specifically with the preservation of:

7.6.1. Confidentiality: ensuring that information is accessible only to those authorized to have access;

7.6.2. Integrity: safeguarding the accuracy and completeness of information and processing methods;

7.6.3. Availability: ensuring that authorised users have access to information and associated assets when required.

Information Security is achieved by implementing a suitable set of responsibilities, controls, standards, processes and systems to ensure that the Information Security objectives of SPL are met, and as such Information Security is a tight domain in SPL, that ensures:

  • Rules are set for secure conduct and earning trust.
  • The rules are followed by participants.
  • Trust is established between parties, notably: Client and Partner trust in SPL’s reputation through trust in SPL’s systems; and SPL trust in interacting Client and Partner identities and their reputation.
  • The security intelligence network that extends outside the organisation.
  • Business is enabled because participants know it is safe to participate and know what is expected from them and what can be expected from other participants.
  • Adequate monitoring and detection capabilities are maintained.
  • Organised responses to incidents are effective and followed through into learning.
  1. Requests in terms of the Protection of Personal Information Act

8.1. The POPIA allows a Data Subject, after having provided adequate proof of their identity, the right to:

8.1.1. Request SPL to confirm, free of charge, whether or not the SPL holds their personal information;

8.1.2. Submit a request for a record or description of their personal information;

8.1.3. Submit a request for access to their own personal information (by completing Form 2 of the PAIA Regulations);

8.1.4. Object to their personal information being processed (by completing Form 1 of the POPIA Regulations); and

8.1.5. Submit a request for the correct or deletion of their personal information (by completing Form 2 of the POPIA Regulations).

8.2. Please send your completed form to insure@sanlacorp.com

8.3. Before submitting a request in terms of POPIA, a Data Subject who is a customer of SPL should consider whether other mechanisms for receiving their information are available. All SPL’s customers are allowed to access their own information without lodging a formal POPIA request. The information a customer has access to includes, but is not limited to:

  • Policy documentation;
  • Product information;
  • Product performance;
  • Tax certificates;
  • Personal details; and
  • Account information.
  1. CONTACT DETAILS

9.1. A request for information to any of the applicable entities must be directed to:

Information Officer : Jason Quency

Address (street) : 62 Roeland St, Gardens, Cape Town, 8001

  1. AVAILABILITY

10.1.This Manual, or any updated version hereof, is available:

  • for public inspection, during normal business hours, at the principal place of business (located at 62 Roeland St, Gardens, Cape Town, 8001);
  • to any person upon request and upon the payment of the fee as determined by the Information Regulator; and to the Information Regulator upon request.

11.GUIDE OF THE INFORMATION REGULATOR

11.1.The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available a revised guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in Act and POPIA.

11.2.The Guide is available in each of the official languages and in braille.

11.3.The aforesaid Guide contains inter alia a description of

11.3.1. the objects of the Act and POPIA;

11.3.2. the manner and form of a request for access to a record of a private body;

11.3.3. the assistance available from the Regulator in terms of the Act and POPIA; and

11.3.4. all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by the Act and/or POPIA including:

  • an internal appeal;
  • a complaint to the Regulator; and
  • an application to court against a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;

11.4.Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

11.5.The Guide can also be obtained –

11.5.1. upon request to the Information Officer; or

12.UPDATING THE MANUAL

SPL will update this manual on a regular basis.

SANLA CORPORATION | Insurance Certificate