Privacy Policy

Preamble

We understand that your personal information is important to you and that you may be apprehensive about disclosing it. Your privacy is just as important to us and we are committed to safeguarding and processing your information in a lawful manner.

We also want to make sure that you understand how and for what purpose we process your information. If for any reason you think that your information is not processed in a correct manner, or that your information is being used for a purpose other than that for what it was originally intended, you can contact our Information Officer.

You can request access to the information we hold about you at any time and if you think that we have outdated information, please request us to update or correct it.

The Privacy Policy and the User Policy contained herein are policies for Geddes Capital (Pty) Ltd and all affiliated entities or subsidiaries of this entity and any reference to one entity shall be deemed to be a reference to other entities within the group, to the extent the context required (“Geddes”).

Geddes may amend the provisions of this Privacy Policy and User Policy to comply with any changes in the law, and/or pursuant to any changes to its information processing activities or privacy practices. Such amendments will be published on the website and will become operable from the date of such publication.

1. Website terms of use

1.1. Agreement between user and Geddes:

The Geddes website is offered to you on condition of your acceptance without modification of the terms, conditions, and notices contained herein. Your use of the Geddes website constitutes your agreement to all such terms, conditions, and notices.

1.2. Modification of these terms of use:

Geddes reserves the right to change the terms, conditions, and notices under which the Geddes website is offered, including but not limited to the charges associated with the use of the Geddes website.

1.3. Links to third party sites:

The Geddes website may contain links to other websites (“Linked Sites”). The Linked Sites are not under the control of Geddes and Geddes is not responsible for the contents of any Linked Site, including without limitation any link contained in a Linked Site, or any changes or updates to a Linked Site. Geddes is not responsible for webcasting or any other form of transmission received from any Linked Site. Geddes is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Geddes of the site or any association with its operators.

1.4. No unlawful or prohibited use:

As a condition of your use of the Geddes website, you warrant to Geddes that you will not use the website for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the website in any manner which could damage, disable, overburden, or impair the website or interfere with any other party’s use and enjoyment of the website. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available or provided for through the website.

1.5. Materials provided to Geddes:

Materials or information uploaded to on the Geddes website may be subject to posted limitations on usage, reproduction and/or dissemination.

Geddes does not claim ownership of the materials you provide to Geddes (including credit applications) or post, upload, input or submit to any Geddes website or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Geddes, its affiliated companies and necessary sub-licensees permission to use your Submission in connection with the operation of their internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

No compensation will be paid with respect to the use of your Submission, as provided herein. Geddes is under no obligation to post or use any Submission you may provide and may remove any Submission at any time in Geddes’ sole discretion.

By posting, uploading, inputting, providing or submitting your Submission you warrant and represent that you own or otherwise control all of the rights to your Submission as described in this section including, without limitation, all the rights necessary for you to provide, post, upload, input or submit the Submissions.

1.6. Liability disclaimer:

The information, software, products, and services included in or available through the Geddes website may include inaccuracies or typographical errors. Changes are periodically added to the information herein. Geddes and/or its suppliers may make improvements and/or changes in the Geddes website at any time. Any advice received via the Geddes website should not be relied upon for personal, legal or financial decisions and you should consult an appropriate professional for specific advice tailored to your situation.

Geddes and/or its suppliers make no representations about the suitability, reliability, availability, timeliness, and accuracy of the information, software, products, services and related graphics contained on the Geddes website for any purpose. To the maximum extent permitted by applicable law, all such information, software, products, services and related graphics are provided “as is” without warranty or condition of any kind. Geddes and/or its suppliers hereby disclaim all warranties and conditions with regard to this information, software, products, services and related graphics, including all implied warranties or conditions of merchantability, fitness for a particular purpose, title and non-infringement.

To the maximum extent permitted by applicable law, in no event shall Geddes and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use or performance of the Geddes website, with the delay or inability to use the Geddes website or related services, the provision of or failure to provide services, or for any information, software, products, services and related graphics obtained through the Geddes website, or otherwise arising out of the use of the Geddes website, whether based on contract, delict, negligence, strict liability or otherwise, even if Geddes or any of its suppliers has been advised of the possibility of damages. Because some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. If you are dissatisfied with any portion of the website, or with any of these terms of use, your sole and exclusive remedy is to discontinue using the website.

1.7. Termination or restriction to access:

Geddes reserves the right, in its sole discretion, to terminate your access to the website and/or the related services or any portion thereof at any time, without notice.

1.8. Interception and monitoring:

You agree that your communications on this website may be intercepted, as defined in the Regulation of Interception of Communications Act, No. 70 of 2002 (as amended), by Geddes or any other competent authority.

1.9. Copyright and trademarks:

Geddes reserves the right, in its sole discretion, to terminate your access to the website and/or the related services or any portion thereof at any time, without notice.

1.10. Cookies:

“Cookies” are small text files transferred by a webserver to your hard drive and thereafter stored on their computer. The types of information a Cookie collects includes your username, the date and time of your visits to the website, your browsing history and preferences. Geddes may use Cookies on this website to: distinguish one user from another on the website ;remember your last session when you return to the website; estimate the website’s audience size and usage patterns; store information about your preferences (which allows Geddes to customize the website and content according to your individual preferences); and speed up searches on the website.

The provisions of this clause are only applicable to Cookies used by Geddes. In some instances, third-party service providers may use Cookies on the website. Geddes cannot and does not control or access Cookies used by third party service providers and takes no responsibility therefor.

You have the right and ability to either accept or decline the use of Cookies on your computer’s web browser, whether you are logged in as a user, or simply casually visiting the website. However, declining the use of Cookies may limit your access to certain features on the website.

1.11. Miscellaneous:

These terms and conditions will be governed and construed in accordance with the law of the Republic of South Africa without reference to any conflict of law provisions and you agree that the South African courts shall have exclusive jurisdiction to determine any matter or dispute in connection with or arising out of this website and these terms of use.

You agree that no joint venture, partnership, employment, or agency relationship exists between you and Geddes as a result of these terms of use or use of the Geddes website.

Geddes performance under these terms of use is subject to existing laws and legal process, and nothing contained in these terms is in derogation of Geddes right to comply with governmental, court and law enforcement requests or requirements relating to your use of the Geddes website or information provided to or gathered by Geddes with respect to such use.

If any part of these terms are determined to be invalid or unenforceable pursuant to applicable law including, but not limited to, the warranty disclaimers and liability limitations set forth above, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the terms shall continue in effect.

Unless otherwise specified herein, these terms constitute the entire agreement between the user and Geddes with respect to the Geddes website and it supersedes all prior or contemporaneous communications and proposals, whether electronic, oral or written, between the user and Geddes with respect to the Geddes website.

A printed version of these terms and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these terms to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form.

It is the express wish to the parties that these terms and all related documents are drawn up in English.

2. Privacy and protection of information

2.1. Protection of Personal Information Act, 2013 (POPIA)

You acknowledge that by using the Geddes website and by transacting with Geddes you will be providing Geddes with personal data, which may be protected by data protection legislation, including inter alia, the Protection of Personal Information Act, 2013 (POPIA). You authorise us to process all such personal data and to transmit any such personal data to any Affiliate (which Affiliate may also process such personal data) for the purposes of performing the contract and in furtherance of Geddes’ legitimate interests including statistical analysis, marketing of our services and credit control. You also authorise us to process and transmit your personal data in the manner contemplated below in this Privacy Policy.

For purposes of this Privacy Policy, “Affiliate” means any member of the Geddes Capital group of companies, including without limitation, any subsidiary, sub-subsidiary, holding company, fellow subsidiary of any holding company of Geddes Capital (Pty) Ltd. You authorise Geddes to furnish information, which may be protected by data protection legislation, including inter alia, POPIA, regarding your account and trading history to any person we reasonably determine to be seeking a credit reference (including other Geddes trading companies) in good faith for any lawful purpose. For purposes of this Privacy Policy, “you” or “your” shall mean the natural person using this website and/or transacting with Geddes but shall also include any natural/juristic person or business on whose behalf the natural person is acting in relation to any transactions with Geddes.

2.2. Collection of your personal information:

As far as possible, we shall always collect personal information about you or your business directly from you. Personal information may be collected in any of the following ways –

• during the process of registering as a user/applicant on our website;
• provided by you as part of your profile pages on the website;
• when requesting further services or information from Geddes;
• provided by you when affixing the necessary supporting documents to any credit application; and/or
• when completing any forms (including application forms) whether in hard copy or on our website.

In certain circumstances, we may also collect information about you from other sources. These circumstances include instances where personal
information about you or your business is provided to Geddes by brokers or other external third parties. Where Geddes collects personal
information from a source other than you, it shall record in writing the details of that source, including the full names and contact details of that
source where applicable.

By using this website or transacting with Geddes, you consent to Geddes requesting and obtaining credit information pertaining to you and/or
your business from any reputable credit reporting agency or institution for the purpose of concluding any transaction offered by Geddes.

2.3. Consent

To the extent you have not already signed a separate consent form, by using this website or transacting with Geddes you hereby consent to
the processing of your personal information in terms of the provisions of this Privacy Policy.
You acknowledge and agree that such consent has been given voluntarily after you have read and understood the provisions of this Privacy
Notice, in particular, regarding the following:

• the types of personal information to be processed;
• the specific processing activities to be undertaken;
• the specific purpose/s for such processing; and
• the possible consequences for you that may arise from such processing.

Should you wish to withdraw any consent previously given by you, you must notify Geddes’ information officer in writing. You have the right to withdraw any consent at any time, demand that the processing of the personal data be terminated and the gathered personal data be deleted or closed, provided that you do not have any valid finance agreements in place with Geddes or any open or failed credit/loan application(s) in with Geddes.

2.4. Purpose for Processing your Information:

We collect, hold, use and disclose your personal information to operate the Geddes website, to provide you with access to the services and products that we provide and to transact with you.

Geddes may also use your personally identifiable information to inform you of other products or services available from Geddes and its affiliates. Geddes may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

Geddes shall only collect your (or your business’s) personal information for a specific, explicitly defined and lawful purpose relating to a function or activity of the Geddes business. We will only process your information for a purpose you would reasonably expect, including –

• to make the decision whether or not to enter into a contract with you;
• to perform any obligations under a contract with you;
• to comply with a legal obligation;
• to protect a legitimate interest of yours (unless you have specifically objected in writing to all or some of the processing activities on
  reasonable grounds);
• to pursue its own legitimate interests or the legitimate interests of a third party who it is sharing the information with (unless you have specifically objected in writing to all or some of the processing activities on reasonable grounds);
• to process personal information for credit reporting purposes;
• to process personal information for direct marketing purposes (unless you have opted out of receiving any direct marketing material);
• to present content to you in the most effective way for you and your viewing device and browser;
• to customise and display content including, but not limited to products, articles, listings and advertisement to you in a way that Geddes feels may interest you or be most beneficial to you;
• to send content including, but not limited to products, articles, listings and advertisement content to you via email or other electronic media, where you have consented to be contacted by Geddes with such content;
• to enable you to voluntarily participate in interactive features on the website;
• to notify You about changes to the website;
• providing you with products and services that suit your needs as requested;
• to verify your identity and to conduct credit reference searches;
• to issue, administer and manage your insurance policies where these are provided as collateral/security;
• to notify you of new products or developments that may be of interest to you; and/or
• to confirm, verify and update your details.

Some of your personal information that we hold may include the following –

• initials, first name, surname or registered full name;
• identity or registration number and/or date of birth;
• physical and postal address;
• email address, telephone and cell-phone numbers;
• gender, nationality (residency status), ethnic and social origin, age, language preference;
• financial information about you (your investments, assets, liabilities, insurance, income, expenditure and your banking details).
• your personal opinions, views or preferences;
• correspondence sent by you which is of a private or confidential nature;
• the views or opinions of others about you or your business;
• your credit information and history; and
• any other personal information that may be provided by you to Geddes or obtained by Geddes or required by Geddes in relation to the
  provision of the services of Geddes to you or your business.

Save as detailed below, the supply of personal information by you to Geddes is voluntary and not mandatory. However, if you refuse to supply any personal information, certain consequences may naturally flow from such a refusal, such as preventing Geddes from concluding or performing any contract with you, or preventing Geddes from complying with one or more of its obligations in law.

Some of the aforementioned personal information may be mandatory to provide within the context of transacting with Geddes as requirements and disclosures. Failing to provide compulsory information may lead to our organisation’s inability to carry out the functions necessary to perform as an authorised financial services provider.

2.5. Third parties and your personal information

We may need to share your information to third parties provide the products or services that you have requested or for purposes of concluded or performing any transaction with you. Where we share your information, we will take all precautions to ensure that the third party will treat your information with the same level of protection as required by us.

These third parties who perform certain processing activities on behalf of Geddes may include:

• banks or other financial institutions where you maintain or have maintained bank accounts, loan accounts or other financial or investment
  accounts and insurers or insurance brokers;
• credit bureau service providers;
• service providers who provide Geddes with legal assistance, accounting or auditing services, payroll services and/or other utilised to effectively operate the Geddes business;
• delivery and courier service providers;
• Payment Gateway Providers;
• Bulk email delivery providers (where applicable);
• your employer (where applicable);
• the Compliance Officer of the organisation (where applicable);
• analytics and search engine providers assisting in the enhancement of our websites;
• information technology specialists assisting us with data storage, security, processing, analytics, etc;
• auditors of Geddes; and/or
• regulatory or governmental authorities such as the Financial Sector Conduct Authority and the Prudential Authority.

Geddes shall ensure that in any contracts entered into with third party operators who process personal information on Geddes’ behalf, include the following obligations:

• the operator shall not process any personal information without Geddes’ knowledge and authority;
• the operator shall treat all personal information given to it as confidential and shall not disclose it to any unauthorised third parties;
• the operator shall establish and maintain adequate security measures which are the same or offer similar protection over the personal information as that employed by Geddes;
• the operator shall notify Geddes immediately where there are reasonable grounds to believe that any personal information has been leaked to or accessed by any unauthorised person;
• if the operator is situated in another country, it must comply with the data protection laws in that country and be able to provide verification that it is so compliant;
• if an operator is legally obliged to disclose any personal information processed by them on Geddes’ behalf to other parties, it must notify Geddes beforehand to enable Geddes and/or you to protect your rights if necessary.

2.6. The transfer of your personal information outside of the Republic of South Africa

Subject to the clause below, Geddes does not intend sharing your personal information with a third party in another country.

Geddes may transfer personal information to another country in the following circumstances, to which you consent:

• the transfer is necessary for the performance of a contract that Geddes has with you or the performance of services offered by Geddes to you;
• the transfer is necessary for the implementation of pre-contractual measures taken in response to your request;
• the transfer is necessary for the conclusion or performance of a contract with a third party which is for the benefit of or in the interest of you;
• the transfer is otherwise for the benefit of you;
• you have consented to the transfer of your information; or
• to store your personal information electronically in a secure database, which shall be done by electronically transmitting your personal information via a secure connection to, and storing your personal information electronically in, a secure database hosted in an ISO27001 certified environment.

The service providers to which Geddes discloses your personal information in terms of the above clause and/or the User Policy above have the right to electronically transmit your personal information via a secure connection to, and store your personal information electronically in, a secure database hosted outside the Republic of South Africa, provided they have security and privacy policies and procedures providing at least the same level of protection as Geddes does.

2.7. Further processing

Geddes shall not process your personal information for any purpose not previously specified except in the following circumstances –

• where you have consented to such further processing;
• where the further processing is necessary for the exercise of any contractual rights or the fulfilment of any obligations between Geddes and you;
• where the further processing activities are linked to or compatible with the original purpose;
• where the further processing is necessary for the prevention, detection, investigation, prosecution and punishment of an offence;
• where the further processing is necessary to enforce any law;
• where the further processing is necessary for the conduct of legal proceedings in any court or tribunal that have commenced or are reasonably contemplated;
• where the further processing is necessary to prevent or mitigate a serious and imminent threat to the life or health of you or another individual; or
• where the further processing is necessary for historical, statistical or research purposes.

Geddes shall ensure that if it intends processing personal information for other purposes not previously specified, it shall notify you of such further purposes and the possible consequences of the intended further processing for you.

2.8. Storage and security of your personal information

Geddes secures your personal information from unauthorized access, use or disclosure. Geddes secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. These servers are always kept up to date with the latest security updates and are contained in industry recognised standard environments, keeping the data they store secure.

Any software written by, or on behalf of Geddes, is written using the most recent technologies available and implementing the most modern design patterns to ensure that deprecation and security prone features are not in the software stack.

When personal information (such as a bank account details) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Geddes shall ensure that all personal information on its systems is properly backed-up and that back-up copies are stored separately from the live files.

Geddes shall ensure that, regardless of the stated purpose/s for processing personal information, the rights and interests of users such as you will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.

Geddes takes steps to continually identify and document any risks to the personal information it has in its possession or under its control and that appropriate security safeguards are in place against those risks.

As the internet is not a secure medium of communication, Geddes cannot guarantee the security of any information you input on the Geddes website or otherwise send to Geddes via the internet. Geddes is not, and will not be, responsible for any damages you or others may suffer as a result of the loss of confidentiality of any such information.

Once Geddes has achieved the purpose for the collection of your personal information, it will destroy or delete such information, unless you have directed otherwise in writing, Geddes needs to keep a record of such information for another lawful purpose, or Geddes is required by law to retain the information for a longer period of time. If Geddes no longer needs to process personal information to achieve the purpose originally specified, it will stop using that information. Where Geddes is no longer authorised to retain a record of any personal information, it shall either: ensure that the information is permanently destroyed or deleted as soon as reasonably practicable; or return the information to you or transfer it to a third party, if requested by you in writing to do so.

2.9. Law authorising or requiring collecting of the personal information:

As an authorised financial services provider, we are obligated in terms of the following legislation to collect your personal information insofar as it relates to the rendering of the relevant financial services to you:

• Financial Advisory and Intermediaries Services Act 37 of 2002;
• Financial Intelligence Centre Act 38 of 2001;
• Insurance Act 18 of 2017;
• Short-Term Insurance Act 53 of 1998;
• Long-Term Insurance Act 52 of 1998.

2.10. Accuracy of personal information

Geddes shall take reasonably practicable steps to ensure that the personal information kept by it about you is complete, accurate, not misleading and is updated when necessary.

However, if you are aware of any personal information in Geddes’s custody that is incorrect, inaccurate or which needs to be updated, you must make a written request to Geddes’s information officer to update or correct the relevant information.

If you have contested the accuracy of any personal information being used by Geddes, it shall immediately stop using that information until its accuracy has been verified.

Geddes reserves its right to only adhere to a request from you in terms hereof if the correction or updating of that information will result in the personal information being correct and accurate.

Where personal information that has been shared by Geddes with a third party is subsequently updated or corrected, Geddes shall ensure that all third parties, with whom that information was shared, receives the updated and/or corrected version of the information as soon as it has been updated and/or corrected.

2.11. Notifications of security breach

If personal information about you is inadvertently leaked or Geddes’ security has been unlawfully breached by any unauthorised party, Geddes shall immediately identify the relevant users who may be affected by the security breach, and shall contact them at their last known email address or contact details or by the quickest means possible.

Geddes shall provide sufficient information to you to allow you to take the necessary protective measures against the potential consequences of the compromise, or shall advise you of the steps to be taken by you and the possible consequences that may ensue from the breach for you.

2.12. Direct marketing

You hereby consent to the processing of your personal information for the purpose of direct marketing by means of electronic communications including automatic calling machines, facsimile machines, SMS’s or electronic mail.

Where you are a pre-existing customer of Geddes, Geddes shall be entitled, without your consent, to sending electronic communications to you for the purpose of marketing similar products or services offered by Geddes.

You may object, free of charge, and without unnecessary formality, to the use of their details either when the information was first collected from you or when each subsequent electronic communication is sent to you by Geddes and/or its subsidiaries.

You can opt out of receiving further marketing communications by un-checking certain boxes on the forms used on the website to collect their personal information, or by contacting Geddes.

2.13. Decisions based on personal information processed

If Geddes is required to make a decision about you using any personal information that has been obtained, it shall ensure that a record of such information and the decision made is kept for a reasonable period of time to give you an opportunity to request access to that record.

Geddes may allow you a reasonable opportunity to make representations before any decision is made solely on the basis of the personal information processed, if that decision will affect your legal position, or will otherwise adversely affect you in some manner or form.

Geddes shall always ensure that the underlying logic behind any decision made pursuant to the automated processing of personal information is sound and that this underlying logic may be able to be communicated to you to enable you to make representations.

If Geddes has made a decision based on incorrect personal information, it shall immediately revisit that decision as soon as it receives notice or becomes aware of the error or inaccuracy of that information

2.14. Changes to this Privacy Policy

The Geddes website is offered to you on condition of your acceptance without modification of the terms, conditions, and notices contained herein. Such changes, updates, additions, removals or amendments will become effective from the date of their publication on this website. It is Your obligation to periodically check the provisions of this Privacy Notice for any such changes, updates, additions, removals or amendments. Your continued use of this website following any changes, updates, additions, removals or amendments to this Privacy Policy will be considered notice of your acceptance to abide by and be bound by this Privacy Policy, as amended

2.15. Your rights in relation to the processing of personal information

As a data subject, you have the right to –

• access and correct any personal information held by Geddes about you (this can be done by following the process for making such request as detailed in Geddes’ PAIA Manual).
• request that we consider your objections to the processing of your personal information (please complete Annexure A);
• lodge a complaint with the Information Regulator (please complete Annexure A).

2.16. The Information Regulator

In the event that your personal information has not been processed in accordance with POPIA es set out above, you have the right to lodge a complaint with the Information Regulator.

For further information regarding the complaints process, please visit the website of the Information Regulator, as indicated below.

Alternatively, you may contact the Information Regulator for further assistance:

The Information Regulator: Adv Pansy Tlakula
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@justice.gov.za
Website: https://inforegulator.org.za