1. Who is legally responsible for the handling of your personal data and who can you contact about this subject?

In data protection law terminology, such role lies with the data “controller”, namely:

Sanlam Global Investments Solution Ltd
Victoria Place
31 Victoria Street
Hamilton HM 10
Bermuda

SGIS is required to handle (or “process”) Your personal data securely and otherwise in accordance with applicable data protection laws.

For the purposes of applicable data protection law, SGIS is typically the “data controller” of any personal information provided to us. Specifically, your data will be controlled by the SGIS that you have instructed, or that is providing services to or communicating with you. In certain circumstances, we may also act as a “processor” (meaning that we process personal data only in accordance with the directions of a data controller, or as otherwise permitted by law).

Please read the following information carefully to understand our views and practices regarding how we handle personal information.

Should You have queries or complaints about the way in which SGIS processes Your personal data, you may send an email to sgisops@sanlaminvestments.com.

2. What personal data may we hold about you and where do we source such data?

SGIS may collect personal information from you in the course of our business, when you contact us or request information from us, when you instruct us to provide services, when you use our website, or as a result of your relationship with any of our personnel or clients.

The personal information that we process includes:

1. Basic details, such as your name, role/title, employer/s, your relationship to a person, and your contact information (such as your email address, physical address, contact numbers);
2. Identification information to enable us to check and verify your identity (e.g. your birthdate; your passport details), and information collected from publicly available resources to verify the same;
3. Bank account or other financial information, if relevant to our engagement with you;
4. Personal information provided to us by or on behalf of our clients, or generated by us in the course or providing services to them, which may include special categories of personal data;
5. Any other information relating to you which you may provide to us.



We may collect your personal information:

6. As part of our new business intake and client on-boarding or client maintenance activities, and when you seek services from us;
7. When you provide (or offer to provide) services to us, either yourself or on behalf of your employer;
8. When you interact with our website;
9. When you interact with us in respect of any of our marketing communications or events;

We collect most of this information directly from you, or through your use of our website. However, we may also collect data about you from a third party source, such as our clients, your employer, other parties to matters in which we are involved, platform operators for technology used in our business (e.g. webinar platforms), other organisations that you have dealings with, regulators or other government authorities, credit reporting agencies, information service providers, or from publicly available records.

The information you provide may be confidential, and we will maintain such confidentiality and protect your information in accordance with our professional obligations and applicable law. We have arrangements in place with personnel and service providers who may process your personal information, to ensure that confidentiality is maintained.

3. What will we use your data for and does the law allow this?

Whether we receive your personal data directly from you or from a third party, we will only use your personal information if we have obtained your consent, or if we have another lawful basis upon which to do so (e.g. for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such contract; for compliance with a legal obligation on us; to protect your vital interests or those of another natural person; or for our own legitimate interests, or those of a third party, except where such interests are overridden by your own rights or interests). The purposes for which we process your personal information are as follows:

The purposes for which SGIS uses and processes Your personal data are summarised below, together with the specific grounds under data protection law (see the bold bullet points) which allow us to do this:

1. Providing Services to You
2. Communicating with you in respect of legal developments and the promotion of our legal practice;
3. Managing our business relationship with you (or your organisation), whether in connection with the provision of our legal services, the procurement of your goods and services, or as your employer (or potential or former employer), including processing payments, accounting, auditing, billing and collection and related support services;
4. Complying with our legal obligations, including with respect to legal and regulatory considerations (e.g. anti-money laundering and sanctions checks, audits, enquiries by regulatory authorities);
5. Managing and securing access to our premises and information technology systems, and monitoring the technology side of our operations;
6. Keeping your contact details accurate and current using information provided by you, or information publicly available;
7. For any purpose related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.

4. Who might we share your data with?

Where necessary to fulfil Your instructions to us and for the other purposes outlined above, SGIS may share information about You with a range of recipients including (but not limited to) the following: credit reference agencies, background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, courts, public authorities (including tax authorities), Sanlam Group entities and service providers, professional advisors, auditors, insurers and potential purchasers of elements of our business.

5. Will we transfer your data to other countries?

It may sometimes be necessary for us to share your personal information with other Sanlam offices or professional services firms around the world, who provide services to us or on our behalf. These procedures include contractual obligations to ensure that all such entities safeguard your personal information and use it only for the purposes that we have specified and communicated to you. When we transfer your information to other countries, we will use, share and safeguard that information as described in this Privacy Notice.

6. How long will we keep your data for?

In general terms, we retain Your personal data if necessary, for the purposes for which We obtained it (see section 3 above). In making decisions about how long to retain data SGIS takes account of the following:

1. The termination date of the relevant contract or business relationship;
2. For five years from the date of our contract with You as per our policy
3. Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.

7. Will we use your data for marketing and/or profiling purposes?

We may use Your personal data to give You information about products and services offered by us or our Sanlam Group affiliates that we think You may be interested in receiving. Where we consider it appropriate, and so far as compliant with marketing laws, we may contact You in this regard by email or telephone. We refer to Your right to object to marketing activity in the next section.

“Profiling” in the context of this notice is the use of an automated process to analyse personal data in order to assess or predict aspects of a person’s behaviour. SGIS does not use profiling.

8. What data protection rights do you have?

Various rights may be available to you, depending on the circumstances and the applicable law. We summarise key rights likely to be available to most data subjects:

1. Withdraw consent: When personal information is processed based on consent, you may withdraw consent at any time, although such withdrawal will not affect the lawfulness of processing occurring prior to such withdrawal;
2. Access and rectification, etc.: You may request access to and rectification or erasure of personal information, or restriction of Processing concerning the Data Subject or to object to Processing as well as the right to data portability;
3. Objecting and restricting: You may object, on legitimate grounds, to the processing of your personal information, or request that processing be restricted; and
4. Complaints: If you believe that your data protection rights may have been breached, you may lodge a complaint with the relevant data protection authority.

9. Are you under an obligation to provide us with your personal data?

You are not required by law to provide us with Your personal data. However, if You refuse to do so, SGIS may not be able conduct further business with You. For example, in order to satisfy our anti-money laundering obligations, we must verify the identity of our clients. This inevitably requires us to collect certain personal data from current and prospective clients.

10. Changes to this privacy notice

We may from time to time make changes to this Privacy Notice. Where these are likely to be material, we will communicate these in advance. Otherwise, these will become effective once the amended Privacy Notice is posted on our website. Please check back regularly to keep informed of updates to this Privacy Notice.