PRIVACY AND SECURITY NOTICE

Your right to privacy and security is very important to us. The GWK Group and its subsidiaries, (GWK, we, us, our) treat personal information as private and confidential.

How and why we collect personal information

  • We collect personal information for the purposes set out in this notice or otherwise communicated to you.
  • We collect personal information directly from you when you conclude a business transaction with us, purchase our products or services, contact us directly or provide information through our website.
  • We may collect from and share your personal information with selected third parties to ensure we meet our responsibilities, amongst others, as an authorised financial services provider. These third parties may include, but are not limited to:
    • Regulatory bodies
    • Financial Advisers and other intermediaries
    • Member companies of the Standard Bank Group
    • Credit bureaus
    • Other insurers or authorised financial services providers, amongst others, for the prevention of fraud
  • We collect personal information from and about you for the following purposes, but not limited to:
    • Assess your individual requirements accurately
    • Deliver effective and personalised services to you that comply with applicable regulations.
    • Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services)
    • Tell you about services and products available within the Group
    • Constantly improve our offerings to suit your unique needs
    • To verify and protect your identity
    • Conduct credit checks
    • Regulatory reporting
    • Comply with relevant regulatory requirements, including monitoring and analysing your account for credit, fraud, compliance and other risk-related purposes as required by law.
    • As otherwise allowed by law

Without your personal information, we may not be able to provide or continue to provide you with the products or services that you need.

What personal information do we collect?

Each of our divisions collect and process different attributes of your personal information at specific points of our business processes, to fulfil a legislative mandate or for internal business purposes. Please see below a non-exhaustive list of personal information categories that we collect and process:

  • Identifying number (employee number; company registration number, ID number),
  • Email-address, physical address, telephone number
  • Name, surname, marital status, nationality, age, physical health status, mental health status, well-being, disability status, language, date of birth. Some of the information may be more prevalent in our employment processes than in the core business divisions.
  • Biometric information such as fingerprinting, particularly in our employment processes.
  • Information on your race, ethnic or social origin, criminal recordings/proceedings.
  • Financial, education, medical, employment information 

Transfer across borders

Where necessary and appropriate, your personal information may be processed in other countries for:

  • Business purposes, in instances where our third parties are located in countries outside of South Africa;
  • Sharing with other regulators outside of South Africa for fulfilling a legislative mandate or
  • Law enforcement agencies for investigation purposes.

These countries may not have the same level of protection. However, before we transfer personal information outside South Africa, we have processes to ensure that appropriate organisational and security safeguards are put in place to protect the personal information which includes contractual and internal due diligence measures. 

Storage and retention of personal information

We store personal information as required by law and take all relevant security safeguards to ensure the protection of the information.

Our retention schedule and information policies define how long we keep all types of records, including any personal information we process in the different divisions. Personal information is retained and destroyed as required or authorised by law, and for defined purposes related to the activities of the GWK Group.

Our use of technology to follow your use of our website

We collect and examine information about visits to our website. We use this information to find out which areas of the website people visit most. This helps us to add more value to our products and services. This information is gathered in such a way that we do not get personal information about any individual or their online behaviour on other websites.

Cookies

We use cookie technology on some parts of our website. A cookie is small pieces of text that are saved on your Internet browser when you use our website. The cookie is sent back to our computer each time you visit our website. Cookies make it easier for us to give you a better experience online. You can stop your browser from accepting cookies, but if you do, some parts of our website or online services may not work. We recommend that you allow cookies.

Marketing by post, email or text messages

If you give us permission, we may use your personal or other information to tell you about products, services and special offers from us or other companies that may interest you. We will do this by post, email or text message (SMS). If you later decide that you do not want us to do this, please contact us and we will stop doing so. This may be done by phoning our customer servicing centre on 0861 495 111 or sending an email to emailus@gwk.co.za.

Third parties

We ask other organisations to provide support services to us. When we do this, they have to agree to our privacy policies if they need access to any personal information to carry out their services.

Our website may contain links to or from other websites. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. We recommend that you always read the privacy and security notices on these websites.

When we may reveal personal information without consent

We will not reveal personal information to anyone outside GWK or certain of our service providers without your permission, unless:

  • we must do so by law or in terms of a court order
  • it is in the public interest
  • we need to do so to protect our rights
  • there is a legitimate purpose for the sharing.

Our security practices

  • We are committed and obliged to implement all reasonable controls to safeguard access to your personal information.
  • Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other legal requirements, we ensure that they are contractually bound to apply the appropriate security practices.
  • All use of our website and transactions through it are protected by encryption (secret codes) in line with international standards.
  • We may share with or receive personal information from parties as set out above, where these parties reside outside of the Republic of South Africa.

Your right to access information

  • You have the right to request access to the personal information we process about you. You may exercise this right by following the Promotion of Access to Information (PAIA) manual, available on our website.
  • If you have any questions regarding this, please let us know on compliance@gwk.co.za.

Privacy and security statements that apply to specific online services

Different online services or businesses of the GWK Group may have their own privacy and security policies, because the service or product they offer may need different or extra policies. These specific policies will apply to your use of the particular product or service where they are different from our general policies.

Personal use of emails and notice about checking on emails

Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside GWK. We do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that applies.

Right to change this privacy and security notice

We may always change this privacy and security notice. We will put all changes on our website. The latest version of our privacy and security notice will replace all earlier versions of it, unless it states differently.

Email us on compliance@gwk.co.za if you have any questions about this privacy and security notice.

Promotion of Access to Information Act

The Promotion of Access to Information Act (PAIA) was passed in order to give effect to the constitutional right of access to information held by a public or private body for the exercise or protection of any right.

GWK, including all wholly or partially owned subsidiaries and associated juristic persons is a private body as defined in the Act. GWK is bound by this Act and shall process any request made in terms thereof.

Right of access to information

In terms of the Promotion of Access to Information Act, a Requester must be given access to any information record of GWK, if all the following requirements are met:

  • The record is required for the exercise or protection of any right of the individual.
  • The requester meets the procedural requirements of the act relating to a request for access to an information record.
  • The request falls outside any of the grounds of refusal contemplated in the act.

GWK clients

All GWK clients are allowed access to their own information without having to use the request for access to information procedures as set out in the Promotion of Access to Information Act, including, but not limited to:

  • Policy documents
  • Account information
  • Personal records
  • Voice recordings

All GWK clients should contact the relevant call centre or department to request access to their own information without having to use the request for access to information procedure. Please note that there may be administration costs associated with retrieval of certain types of information records.

Any GWK client who wishes to be given access to information that is deemed to belong to GWK or any of its other clients must follow the request for access to information procedure (Request procedure).

Request procedure

The following procedure is applicable to requests for access to information in terms of the Promotion of Access to Information Act:

  • The requester must complete in full the prescribed request form and send that to the Group Information Officer
  • Where required to do so by the Group Information Officer, the requester must deposit a prescribed fee to ensure that processing takes place (The requester will be notified where the Group Information Officer requires a deposit)      
  • The prescribed fee, where applicable, as provided for in the PAIA manual, must be paid and proof of payment (e.g. copy of deposit slip) submitted following your request (Please ensure that you use the following reference for your deposit or we will not be able to identify it as belonging to you: “PAIA” followed by your initial(s) and surname e.g. If your initials and surname is AN Smith, you must use PAIA AN Smith as your reference).
  • If you qualify for exemption of the payment of any fee, please state the reason for exemption
  • The completed request form and proof of deposit must be sent to:

Particulars of GWK (or Division of GWK)

Group Information Officer

PO Box 47

Douglas
8730
Tel: +27 53 298 8200

E-mail: compliance@gwk.co.za

  • Upon receipt of the request form and proof of deposit, GWK:
    • Assess the request form to ensure completeness
    • Confirm receipt of the request fee
    • Process the request if it meets the procedural requirements of the act
    • Notify a third party where applicable
    • Decide whether to grant or deny the request
    • Let the requester know of the decision
    • Notify the requester about the payable access fee if the request is granted
    • Repay the R50 (fifty rand) request fee to the requester if the request is refused
    • Release the requested information record to the requester upon confirmation of receipt of the payable access fee

GWK must process a request that meets the procedural requirements within 30 (thirty) days of receipt thereof. GWK shall inform the requester in writing of any extension of the period to deal with a request.

Contact person

All requests for information must be directed to the following address:

Group Information Officer

PO Box 47

Douglas
8730
Tel: +27 53 298 8200

E-mail: compliance@gwk.co.za