BMI PRIVACY
NOTICE
Black Moon Investments is a multi-faceted commercial
information bureau that offers innovative information solutions
in a range of spheres within the Republic of South Africa
Black Moon Investments is a multi-faceted commercial
information bureau that offers innovative information solutions
in a range of spheres within the Republic of South Africa
Black Moon Investments is a multi-faceted commercial information bureau that offers innovative information solutions in a range of spheres within the Republic of South Africa
Black Moon Investments 7 (Pty) Ltd PRIVACY NOTICE
1. OVERVIEW of the BMI GROUP
Black Moon Investments 7 (Pty) Ltd hereinafter referred to as (BMI) is a multi-faceted commercial information bureau that offers innovative information solutions in a range of spheres within the Republic of South Africa. BMI prides itself in offering customers the latest technology solutions in, data management, call center solutions, and an OMNI channel approach to all marketing and prospecting requirements. BMI’s legal entity structure can be found on its website at: www.bminvestments.co.za
2. DEFINITIONS
In this document, references to BMI are to Black Moon Investments 7 (Pty) Ltd, its subsidiary companies, Strategic Alliance Partners (SAP’s), divisions, segments and business units. Confirmation as to whether this privacy notice applies to a specific company associated with BMI can be sought through the contact details provided in this privacy notice. Any product or service offered to a customer by any company in BMI is referred to as a solution in this document.
In this notice “process” means how BMI collects, uses, stores, makes available, destroys, updates, discloses, or otherwise deals with customers’ personal information. As a general rule, BMI will only process customers’ personal information if this is required to deliver or offer a solution to a customer. BMI respects customers’ privacy and will treat their personal information confidentially. BMI may combine customers’ personal information and use the combined personal information for any of the purposes stated in this notice.
3. PURPOSE OF THIS NOTICE
Protecting customers’ personal information is important to BMI. To do so, BMI adheres to general principles in accordance with applicable privacy laws. This privacy notice aims, among other things, to enable its customers to understand how the various companies within BMI undertake to collect, use and store their personal information. This notice also outlines customers’ privacy rights and how the law protects customers.
BMI collects personal information about its customers. This includes information customers share with us, information that BMI gathers during the course of the relationship with the customer, as well as information about your marketing preferences.
In terms of applicable privacy laws, this notice may also apply on behalf of other third parties (such as authorised agents and contractors), acting on the BMI’s behalf when providing customers with solutions. If BMI processes personal information for another party under a contract or a mandate, however, the other party’s privacy policy or notice will apply.
The BMI may change this notice from time to time if required by law or its business practices. Where the change is material, the BMI will notify customers and will allow a reasonable period for customers to raise any objections before the change is made. Please note that the BMI may not be able to continue a relationship with a customer or provide customers with certain solutions if they do not agree to the changes.
The latest version of the notice displayed on BMI’s website will apply to customers’ interactions with the BMI and is available at: www.bminvestments.co.za
4. RESPONSIBLE PARTY AND OPERATOR
BMI is the responsible party together with its subsidiary companies, including Strategic Alliance Partners (SAP’s). These parties or companies are responsible for determining why and how the BMI will use customers’ personal information. When a customer uses any BMI solution, the responsible party will be the company which the customer engages to take up the solution, acting jointly with the other companies within BMI. It will be clear to customers from the documentation and/or electronic notifications they receive when using or taking up a solution who the responsible party is who should be contacted in the first instance. Where BMI is the responsible party, its subsidiary companies, including Strategic Alliance Partners (SAP’s) will be the operator who processes personal information for BMI in terms of a contract or mandate, without coming under the direct authority of that party.
5. WHAT IS PERSONAL INFORMATION?
Personal information refers to any information that identifies a customer (including juristic entity) or specifically relates to a customer. Personal information includes, but is not limited to, the following information about a customer: marital status (married, single, divorced); national origin; age; language; birth; education; financial history (e.g. income, expenses, obligations, assets and liabilities or buying, investing, lending, insurance, and money management behavior or goals and needs based on, amongst others, account transactions);employment history and your current employment status (for example when a customer applies for a financial product); gender or sex (for statistical purposes as required by the law); identifying number (e.g. an account number, identity number or passport number); e-mail address; physical address (e.g. residential address, work address or physical location); telephone number; information about your location (e.g. geolocation or GPS location); online identifiers; social media profiles; biometric information (e.g. fingerprints, signature or voice); race (for statistical purposes as required by the law); physical health; mental health; wellbeing; disability; religion; belief; conscience; culture; medical history (e.g. HIV/AIDS status); criminal history; employment history; personal views, preferences and opinions; confidential correspondence; or another’s views or opinions about a customer and a customer’s name also constitute personal information
6. WHAT IS SPECIAL PERSONAL INFORMATION?
Special personal information, includes the following personal information about a customer: religious and philosophical beliefs (for example where a customer enters a competition and is requested to express a philosophical view); race (e.g. where a customer applies for a solution where the statistical information must be recorded); ethnic origin; trade union membership; political beliefs; health including physical or mental health, disability and medical history (e.g. where a customer applies for an insurance policy); biometric information (e.g. to verify a customer’s identity); or criminal behavior where it relates to the alleged commission of any offence or the proceedings relating to that offence.
7. PROCESSING CUSTOMERS’ PERSONAL INFORMATION
BMI may process customers’ personal information for the reasons outlined below.
7.1. If it is necessary to conclude or perform under a contract the BMI has with a customer or to provide a solution to a customer. This includes: assess and process applications for solutions; to conduct affordability assessments, credit assessments and credit scoring; to provide a customer with solutions they have requested; to enable the BMI to deliver goods, documents or notices to customers; to communicate with customers and carry out customer instructions and requests; to respond to customer enquiries and complaints; to enforce and collect on any agreement when a customer is in default or breach of the terms and conditions of the agreement, such as tracing a customer, or to institute legal proceedings against a customer; to disclose and obtain personal information from credit bureaus regarding a customer’s credit history; to meet record-keeping obligations; to conduct market and behavioral research, including scoring and analysis to determine if a customer qualifies for solutions, or to determine a customer’s credit or insurance risk; to enable customers to participate in and make use of value-added solutions; for customer satisfaction surveys, promotional and other competitions; for security and identity verification, and to check the accuracy of customer personal information; or for any other related purposes.
7.2 Law – BMI may process customers’ personal information if the law requires or permits it. This includes: to comply with legislative, regulatory, risk and compliance requirements (including directives, sanctions and rules); to comply with voluntary and involuntary codes of conduct and industry agreements; to fulfill reporting requirements and information requests; to process payment instruments and payment instructions (such as a debit order); to meet record-keeping obligations; to detect, prevent and report theft, fraud, money laundering, corruption and other crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when concluding a transaction with BMI, or avoiding liability by way of deception, to the extent allowable under applicable privacy laws. This may also include the monitoring of our buildings including CCTV cameras and access control.
7.3 Legitimate interest – BMI may process customers’ personal information in the daily management of its business and finances and to protect it’s customers, employees, service providers and assets. It is to BMI’s benefit to ensure that its procedures, policies and systems operate efficiently and effectively. The BMI may process customers’ personal information to provide them with the most appropriate solutions and to develop and improve solutions and BMI’s business. BMI may process a customer’s personal information if it is required to protect or pursue their, BMI’s or a third party’s legitimate interest. If a customer is a juristic person, such as a company or close corporation, BMI may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons.
If customers provide the personal information of a related person to BMI, they warrant that the related person is aware that they are sharing their personal information with BMI, and that the related person has consented thereto.
BMI will process the personal information of related persons asstated in this notice, thus references to “customer/s” in this notice will include related persons with the necessary amendments
8. PROCESSING CUSTOMERS’ SPECIAL PERSONAL INFORMATION
BMI may process customers’ special personal information in the following circumstances, among others: if the processing is needed to create, use or protect a right or obligation in law; if the processing is for statistical or research purposes, and all legal conditions are met; if the special personal information was made public by the customer; if the processing is required by law; if racial information is processed and the processing is required to identify the customer; if health information is processed, and the processing is to determine a customer’s insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation; or if the customer has consented to the said processing.
9. PROCESSING THE PERSONAL INFORMATION OF CHILDREN?
A child is a person who is defined as a child by the country’s law, and who has not been recognised as an adult by the courts.
BMI may process the personal information of children if any one or more of the following applies: a person with the ability to sign legal agreements has consented to the processing, being the parent or guardian of the child; the processing is needed to create, use or protect a right or obligation in law, such as where the child is an heir in a will, a beneficiary of a trust, a beneficiary of an insurance policy or an insured person in terms of an insurance policy; the child’s personal information was made public by the child, with the consent of a person who can sign legal agreements; the processing is for statistical or research purposes and all legal conditions are met; where the child is legally old enough to transact with the BMI without assistance from their parent or guardian; where the child is legally old enough to sign a document as a witness without assistance from their parent or guardian; or where the child benefits from a BMI transaction and a person with the ability to sign legal agreements has consented to the processing.
10. WHEN, AND FROM WHERE, DOES BMI OBTAIN PERSONAL INFORMATION ABOUT CUSTOMERS?
We collect information about customers: directly from customers; based on customers’ use of BMI solutions or service channels (such as the BMI website, applications, including both assisted and unassisted customer interactions) as applicable; based on how customers engage or interact with BMI, such as on social media, and through emails, letters, telephone calls and surveys; based on a customer’s relationship with BMI; from public sources (such as newspapers, company registers, online search engines, deed registries, public posts on social media); from technology, such as a customer’s access and use including both assisted and unassisted interactions (e.g. on the BMI website and mobile applications) in order to access and engage with BMI’s platforms; customers’ engagement with BMI advertising, marketing and public messaging; and from third parties that the BMI interacts with for the purposes of conducting its business (such as partners, reward partners, list providers, BMI, credit bureaus, regulators and government departments or service providers)
BMI collects and processes customers’ personal information at the start of, and for the duration of their relationship with BMI. BMI may also process customers’ personal information when their relationship with the BMI has ended, as required by law. BMI may also collect customers’ personal information from third parties (which may include parties the BMI engages with as independent responsible parties, joint responsible parties or operators), these third parties may include, but are not limited to, the following: any connected companies, subsidiary companies, its associates, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; the customer’s spouse, dependents, partners, employer, joint applicant or account holder and other similar sources; people the customer has authorised to share their personal information, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, BMI’s and other persons that assist with the processing of customers’ payment instructions, such as bank card scheme providers (including VISA or MasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; the BMI’s service providers, agents and subcontractors, such as couriers and other persons the BMI uses to offer and provide solutions to customers; courts of law or tribunals; participating partners, whether retail or online; the BMI’s joint venture partners; marketing list providers; social media platforms; or online search engine providers.
11. REASONS WHY BMI MAY FURTHER USE OR PROCESS CUSTOMERS’ PERSONAL INFORMATION
At the time that BMI collects personal information from a customer, it will have a reason or purpose to collect that personal information. In certain circumstances, however, the BMI may use that same personal information for other purposes. The BMI will only do this where the law allows it to, and the other purposes are compatible with the original purpose/s applicable when the BMI collected the customer’s personal information. The BMI may also need to request a customer’s specific consent for the further processing in limited circumstances. Examples of these other purposes are included in the list of purposes set out in section 7 above.
The BMI may also further use or process a customer’s personal information if: the personal information about the customer was obtained from a public record, like the deed’s registry; the customer made the personal information public, like on social media; the personal information is used for historical, statistical or research purposes, the results of which will not identify the customer; proceedings have started or are contemplated in a court or tribunal; it is in the interest of national security; if the BMI must adhere to the law, specifically tax legislation; or the Information Regulator has exempted the processing. The BMI may also further use or process a customer’s personal information if the customer has consented to it or in the instance of a child; a competent person has consented to it.
Any enquiries about the further processing of customer personal information can be made through BMI’s Information Officer, contact details as set out in this document below.
12. THE USE OF CUSTOMERS’ PERSONAL INFORMATION FOR MARKETING
BMI will use customers’ personal information to market products, services and other related BMI financial and technology based products, services and solutions to them. (e.g. BMI Lead Generation, Data Management, Construction services, Online/ Digital Marketing/Sales (FSP & non FSP regulated products and services) as well as bespoke Web and Mobile Application Development). BMI will do this in person, by post, telephone, or electronic channels such as SMS, Automated Voice Messages, email and fax. If a person is not a BMI customer, or in any other instances where the law requires, BMI will only market to them by electronic communications with their consent. In all cases, a person can request BMI to stop sending marketing communications to them at any time.
13. WHEN WILL BMI PROCESS CUSTOMERS’ PERSONAL INFORMATION IN A MANUAL, AND/OR MECHANICAL AND/OR ELECTRONIC AND/OR AUTOMATED MANNER IN ORDER TO MAKE DECISIONS ABOUT THEM?
BMI may process a customer’s personal information in a manual, mechanical, electronic and/or automated manner in order to make decisions pertaining to them; as allowed by the law. This will apply in circumstances where the BMI has lawful access to a customer’s personal information due to previous interactions or previous behaviour from said customer or from any circumstances and/or scenarios as set out above. Such interactions, behaviour and/or scenarios will have the result that the customer has expressly or by tacit implication allowed BMI to analyze and process the customer’s personal information and to make contact with said customer when certain circumstances arise, such as: life event scenarios, new to market scenarios or any circumstances that are directly related to the customer’s previous concluded transactions. An example of such analysis and processing is the offering of any product or service to the customer or the offering to a customer of a comparative insurance related product or service, or the offering of any product or service to said customer based on processing of said customer’s personal information. Customers have the right to query any such processing decisions, and BMI will provide reasons for the processing decisions as far as reasonably possible.
14. WHEN, HOW, AND WITH WHOM DOES BMI SHARE CUSTOMERS’ PERSONAL INFORMATION?
In general, BMI will only share customers’ personal information if any one or more of the following apply: if the customer has consented to this; if it is necessary to conclude or perform under a contract we have with the customer; if the law requires it; or if it is necessary to protect or pursue the customer’s, BMI’s or a third party’s legitimate interest.
Where required, each member of BMI may share a customer’s personal information with the following persons, which may include parties that BMI engages with as independent responsible parties, joint responsible parties or operators. These persons have an obligation to keep customers’ personal information secure and confidential: members of BMI, any connected companies, subsidiary companies, associates, cessionaries, delegates, assignees, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; BMI’s employees, as required by their employment conditions; the customer’s spouse, dependents, partners, employer, joint applicant or transaction related party other similar sources; people the customer has authorised to obtain their personal information, such as a person that makes a booking on the customer’s behalf, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, and other persons that assist with the processing of customer payment instructions, such as card scheme providers (including VISA orMasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities and other persons the law requires BMI to share customer personal information with; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; our service providers, agents and subcontractors, BMI uses to offer and provide solutions to customers; courts of law or tribunals that require the personal information to adjudicate referrals, actions or applications; or BMI’s joint venture partners with which it has concluded business agreements.
15. WHEN AND HOW BMI OBTAINS AND SHARES CUSTOMERS’ PERSONAL INFORMATION FROM/WITH CREDIT BUREAUS?
BMI may obtain customers’ personal information from credit bureaus for any one or more of the following reasons: if the customer requested BMI to do so, or agreed that it may do so; to verify a customer’s identity; to obtain or verify a customer’s employment details; to obtain and verify a customer’s marital status; to obtain, verify, or update a customer’s contact or address details; to obtain a credit report about a customer, which includes their credit history and credit score, when the customer applies for a credit agreement to prevent reckless lending or over-indebtedness; to determine a customer’s credit risk; for debt recovery; to trace a customer’s whereabouts; to update a customer’s contact details; to conduct research, statistical analysis or system testing; to determine the source(s) of a customer’s income; to build credit scorecards which are used to evaluate financial applications; or to determine which solutions to promote or to offer to a customer.
BMI will share a customer’s personal information with the credit bureaus for, among others, any one or more of the following reasons: to report the application for a credit agreement; to report the opening of a credit agreement; to report the termination of a credit agreement; to report payment behaviour on a credit agreement;/or to report non-compliance with a credit agreement, such as not paying in full or on time. Customers should refer to their specific credit agreement with BMI for further information.
16. CUSTOMERS’ DUTIES AND RIGHTS REGARDING THE PERSONAL INFORMATION BMI HAS ABOUT THEM
Customers must provide BMI with proof of identity when enforcing the rights below. Customers must inform BMI when their personal information changes, as soon as possible after the change. Customers warrant that when they provide BMI with personal information of their spouse, dependents or any other person, they have permission from them to share their personal information with BMI. BMI will process the personal information of the customer’s spouse, dependent or any other person which the customer has shared with us as stated in this notice.
16.1 Right to access: Customers have the right to request access to the personal information BMI has about them by contacting BMI. This includes requesting: confirmation that BMI holds the customer’s personal information; a copy or description of the record containing the customer’s personal information; and the identity or categories of third parties who have had access to the customer’s personal information. BMI will attend to requests for access to personal information within a reasonable time. Customers may be required to pay a reasonable fee to receive copies or descriptions of records, or information about, third parties. BMI will inform customers of the fee before attending to their request. Customers should note that the law may limit their right to access information. Please refer to Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 for further information on how customers can give effect to this right. Further information is available on the BMI website at: www.bminvestments.co.za
16.2 Right to correction, deletion or destruction: Customers have the right to request BMI to correct, delete or destroy the personal information it has about them if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if BMI is no longer authorised to keep it. BMI will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on BMI’s platform/systems. BMI may request documents from the customer to verify the change in personal information. A specific agreement that a customer has entered into with BMI may determine how the customer must change their personal information provided at the time when they entered into the specific agreement. Customers must adhere to these requirements.
If the law requires BMI to keep the personal information, it will not be deleted or destroyed upon the customer’s request. The deletion or destruction of certain personal information may lead to the termination of a customer’s business relationship with BMI. In certain instances, a customer can give effect to this right by making use of BMI’s unassisted interfaces, e.g. using a BMI app or website to correct their contact details.
16.3 Right to objection: Customers may object on reasonable grounds to the processing of their personal information where the processing is in their legitimate interest, BMI’s legitimate interest or in the legitimate interest of another party.
Customers must inform BMI of their objection. BMI will not be able to give effect to the customer’s objection if the processing of their personal information was and is permitted by law, the customer has provided consent to the processing and BMI’s processing was conducted in line with their consent; or the processing is necessary to conclude or perform under a contract with the customer. BMI will also not be able to give effect to a customer’s objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence. BMI will provide customers with feedback regarding their objections.
16.4 Right to withdraw consent: Where a customer has provided their consent for the processing of their personal information, the customer may withdraw their consent. If they withdraw their consent, BMI will explain the consequences to the customer. If a customer withdraws their consent, BMI may not be able to provide certain solutions to the customer. BMI will inform the customer if this is the case. BMI may proceed to process customers’ personal information, even if they have withdrawn their consent, if the law permits or requires it. It may a reasonable time for the change to reflect on BMI s’ systems. During this time, BMI may still process the customer’s personal information.
16.5 Right to complain: Customers have a right to file a complaint with BMI or any regulator with jurisdiction (in South Africa customers can contact the Information Regulator) about an alleged contravention of the protection of their personal information. BMI will address customer complaints as far as possible.
The contact details of the Information Regulator are provided below.
Physical Address: Information Regulator
33 Hoofd Street Forum III,
3rd Floor Braampark
P.O Box 31533
Braamfontein
Johannesburg
2017
Website: www.justice.gov.za/inforeg
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za
17. HOW BMI SECURES CUSTOMERS’ PERSONAL INFORMATION
BMI will take appropriate and reasonable technical and organisational steps to protect customers’ personal information in line with industry best practices. BMI’s security measures, including physical, technological and procedural safeguards, will be appropriate and reasonable. This includes the following: keeping BMI systems secure (such as monitoring access and usage); storing BMI records securely; controlling the access to BMI premises, systems and/or records; and safely destroying or deleting records. Customers can also protect their own personal information and can obtain more information in this regard by contacting BMI directly.
18. HOW LONG DOES BMI KEEP CUSTOMERS’ PERSONAL INFORMATION?
BMI will keep customers’ personal information for as long as: the law requires BMI to keep it; a contract between the customer and BMI requires BMI to keep it; the customer has consented to BMI to keeping it; BMI is required to keep it to achieve the purposes listed in this privacy compliance notice; BMI requires it for statistical or research purposes; a code of conduct requires BMI to keep it; and/or BMI requires it for lawful business purposes.
Furthermore to the above; BMI may keep customers’ personal information even if they no longer have a relationship with BMI or even if they request BMI to delete or destroy it, if the law permits or requires such information to be kept by BMI.
19. COOKIES
A cookie is a small piece of data that is sent (usually in the form of a text file) from a website, mobile application to the user’s device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” user behaviour (keeping track of previous actions), e.g. remembering the contents of an online user’s query, and actions that the user performed whilst accessing or browsing when not signed up or logged into any online account platform owned by BMI.
BMI does not necessarily know the identity of the user of the device but does see the behaviour recorded on the device. Cookies could, however, be used to identify the device and, if the device is linked to a specific user, the user would also be identifiable. For example, a device or cellular MSISDN number registered to an app.
By using BMI websites or applications, customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable BMI to know that a customer has visited a website or application before and will identify the customer. BMI may also use the cookie to prevent fraud.Privacy Compliance and Policy Document Dated June 2021
By authority: BMI
Registration Number: 2011/131560/07
Office 1, First Floor, Block J Sable Square
Cnr Bosmansdam and Ratanga Road
Milnerton 7441 Cape Town
For the attention of: Sandro Florentino authorised by the Directorship and Shareholders of Black Moon Investments 7 (Pty) Ltd
Black Moon Investments 7 (Pty) Ltd PRIVACY NOTICE
1. OVERVIEW of the BMI GROUP
Black Moon Investments 7 (Pty) Ltd hereinafter referred to as (BMI) is a multi-faceted commercial information bureau that offers innovative information solutions in a range of spheres within the Republic of South Africa. BMI prides itself in offering customers the latest technology solutions in, data management, call center solutions, and an OMNI channel approach to all marketing and prospecting requirements. BMI’s legal entity structure can be found on its website at: www.bminvestments.co.za
2. DEFINITIONS
In this document, references to BMI are to Black Moon Investments 7 (Pty) Ltd, its subsidiary companies, Strategic Alliance Partners (SAP’s), divisions, segments and business units. Confirmation as to whether this privacy notice applies to a specific company associated with BMI can be sought through the contact details provided in this privacy notice. Any product or service offered to a customer by any company in BMI is referred to as a solution in this document.
In this notice “process” means how BMI collects, uses, stores, makes available, destroys, updates, discloses, or otherwise deals with customers’ personal information. As a general rule, BMI will only process customers’ personal information if this is required to deliver or offer a solution to a customer. BMI respects customers’ privacy and will treat their personal information confidentially. BMI may combine customers’ personal information and use the combined personal information for any of the purposes stated in this notice.
3. PURPOSE OF THIS NOTICE
Protecting customers’ personal information is important to BMI. To do so, BMI adheres to general principles in accordance with applicable privacy laws. This privacy notice aims, among other things, to enable its customers to understand how the various companies within BMI undertake to collect, use and store their personal information. This notice also outlines customers’ privacy rights and how the law protects customers.
BMI collects personal information about its customers. This includes information customers share with us, information that BMI gathers during the course of the relationship with the customer, as well as information about your marketing preferences.
In terms of applicable privacy laws, this notice may also apply on behalf of other third parties (such as authorised agents and contractors), acting on the BMI’s behalf when providing customers with solutions. If BMI processes personal information for another party under a contract or a mandate, however, the other party’s privacy policy or notice will apply.
The BMI may change this notice from time to time if required by law or its business practices. Where the change is material, the BMI will notify customers and will allow a reasonable period for customers to raise any objections before the change is made. Please note that the BMI may not be able to continue a relationship with a customer or provide customers with certain solutions if they do not agree to the changes.
The latest version of the notice displayed on BMI’s website will apply to customers’ interactions with the BMI and is available at: www.bminvestments.co.za
4. RESPONSIBLE PARTY AND OPERATOR
BMI is the responsible party together with its subsidiary companies, including Strategic Alliance Partners (SAP’s). These parties or companies are responsible for determining why and how the BMI will use customers’ personal information. When a customer uses any BMI solution, the responsible party will be the company which the customer engages to take up the solution, acting jointly with the other companies within BMI. It will be clear to customers from the documentation and/or electronic notifications they receive when using or taking up a solution who the responsible party is who should be contacted in the first instance. Where BMI is the responsible party, its subsidiary companies, including Strategic Alliance Partners (SAP’s) will be the operator who processes personal information for BMI in terms of a contract or mandate, without coming under the direct authority of that party.
5. WHAT IS PERSONAL INFORMATION?
Personal information refers to any information that identifies a customer (including juristic entity) or specifically relates to a customer. Personal information includes, but is not limited to, the following information about a customer: marital status (married, single, divorced); national origin; age; language; birth; education; financial history (e.g. income, expenses, obligations, assets and liabilities or buying, investing, lending, insurance, and money management behavior or goals and needs based on, amongst others, account transactions);employment history and your current employment status (for example when a customer applies for a financial product); gender or sex (for statistical purposes as required by the law); identifying number (e.g. an account number, identity number or passport number); e-mail address; physical address (e.g. residential address, work address or physical location); telephone number; information about your location (e.g. geolocation or GPS location); online identifiers; social media profiles; biometric information (e.g. fingerprints, signature or voice); race (for statistical purposes as required by the law); physical health; mental health; wellbeing; disability; religion; belief; conscience; culture; medical history (e.g. HIV/AIDS status); criminal history; employment history; personal views, preferences and opinions; confidential correspondence; or another’s views or opinions about a customer and a customer’s name also constitute personal information
6. WHAT IS SPECIAL PERSONAL INFORMATION?
Special personal information, includes the following personal information about a customer: religious and philosophical beliefs (for example where a customer enters a competition and is requested to express a philosophical view); race (e.g. where a customer applies for a solution where the statistical information must be recorded); ethnic origin; trade union membership; political beliefs; health including physical or mental health, disability and medical history (e.g. where a customer applies for an insurance policy); biometric information (e.g. to verify a customer’s identity); or criminal behavior where it relates to the alleged commission of any offence or the proceedings relating to that offence.
7. PROCESSING CUSTOMERS’ PERSONAL INFORMATION
BMI may process customers’ personal information for the reasons outlined below.
7.1. If it is necessary to conclude or perform under a contract the BMI has with a customer or to provide a solution to a customer. This includes: assess and process applications for solutions; to conduct affordability assessments, credit assessments and credit scoring; to provide a customer with solutions they have requested; to enable the BMI to deliver goods, documents or notices to customers; to communicate with customers and carry out customer instructions and requests; to respond to customer enquiries and complaints; to enforce and collect on any agreement when a customer is in default or breach of the terms and conditions of the agreement, such as tracing a customer, or to institute legal proceedings against a customer; to disclose and obtain personal information from credit bureaus regarding a customer’s credit history; to meet record-keeping obligations; to conduct market and behavioral research, including scoring and analysis to determine if a customer qualifies for solutions, or to determine a customer’s credit or insurance risk; to enable customers to participate in and make use of value-added solutions; for customer satisfaction surveys, promotional and other competitions; for security and identity verification, and to check the accuracy of customer personal information; or for any other related purposes.
7.2 Law – BMI may process customers’ personal information if the law requires or permits it. This includes: to comply with legislative, regulatory, risk and compliance requirements (including directives, sanctions and rules); to comply with voluntary and involuntary codes of conduct and industry agreements; to fulfill reporting requirements and information requests; to process payment instruments and payment instructions (such as a debit order); to meet record-keeping obligations; to detect, prevent and report theft, fraud, money laundering, corruption and other crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when concluding a transaction with BMI, or avoiding liability by way of deception, to the extent allowable under applicable privacy laws. This may also include the monitoring of our buildings including CCTV cameras and access control.
7.3 Legitimate interest – BMI may process customers’ personal information in the daily management of its business and finances and to protect it’s customers, employees, service providers and assets. It is to BMI’s benefit to ensure that its procedures, policies and systems operate efficiently and effectively. The BMI may process customers’ personal information to provide them with the most appropriate solutions and to develop and improve solutions and BMI’s business. BMI may process a customer’s personal information if it is required to protect or pursue their, BMI’s or a third party’s legitimate interest. If a customer is a juristic person, such as a company or close corporation, BMI may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons.
If customers provide the personal information of a related person to BMI, they warrant that the related person is aware that they are sharing their personal information with BMI, and that the related person has consented thereto.
BMI will process the personal information of related persons asstated in this notice, thus references to “customer/s” in this notice will include related persons with the necessary amendments
8. PROCESSING CUSTOMERS’ SPECIAL PERSONAL INFORMATION
BMI may process customers’ special personal information in the following circumstances, among others: if the processing is needed to create, use or protect a right or obligation in law; if the processing is for statistical or research purposes, and all legal conditions are met; if the special personal information was made public by the customer; if the processing is required by law; if racial information is processed and the processing is required to identify the customer; if health information is processed, and the processing is to determine a customer’s insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation; or if the customer has consented to the said processing.
9. PROCESSING THE PERSONAL INFORMATION OF CHILDREN?
A child is a person who is defined as a child by the country’s law, and who has not been recognised as an adult by the courts.
BMI may process the personal information of children if any one or more of the following applies: a person with the ability to sign legal agreements has consented to the processing, being the parent or guardian of the child; the processing is needed to create, use or protect a right or obligation in law, such as where the child is an heir in a will, a beneficiary of a trust, a beneficiary of an insurance policy or an insured person in terms of an insurance policy; the child’s personal information was made public by the child, with the consent of a person who can sign legal agreements; the processing is for statistical or research purposes and all legal conditions are met; where the child is legally old enough to transact with the BMI without assistance from their parent or guardian; where the child is legally old enough to sign a document as a witness without assistance from their parent or guardian; or where the child benefits from a BMI transaction and a person with the ability to sign legal agreements has consented to the processing.
10. WHEN, AND FROM WHERE, DOES BMI OBTAIN PERSONAL INFORMATION ABOUT CUSTOMERS?
We collect information about customers: directly from customers; based on customers’ use of BMI solutions or service channels (such as the BMI website, applications, including both assisted and unassisted customer interactions) as applicable; based on how customers engage or interact with BMI, such as on social media, and through emails, letters, telephone calls and surveys; based on a customer’s relationship with BMI; from public sources (such as newspapers, company registers, online search engines, deed registries, public posts on social media); from technology, such as a customer’s access and use including both assisted and unassisted interactions (e.g. on the BMI website and mobile applications) in order to access and engage with BMI’s platforms; customers’ engagement with BMI advertising, marketing and public messaging; and from third parties that the BMI interacts with for the purposes of conducting its business (such as partners, reward partners, list providers, BMI, credit bureaus, regulators and government departments or service providers)
BMI collects and processes customers’ personal information at the start of, and for the duration of their relationship with BMI. BMI may also process customers’ personal information when their relationship with the BMI has ended, as required by law. BMI may also collect customers’ personal information from third parties (which may include parties the BMI engages with as independent responsible parties, joint responsible parties or operators), these third parties may include, but are not limited to, the following: any connected companies, subsidiary companies, its associates, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; the customer’s spouse, dependents, partners, employer, joint applicant or account holder and other similar sources; people the customer has authorised to share their personal information, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, BMI’s and other persons that assist with the processing of customers’ payment instructions, such as bank card scheme providers (including VISA or MasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; the BMI’s service providers, agents and subcontractors, such as couriers and other persons the BMI uses to offer and provide solutions to customers; courts of law or tribunals; participating partners, whether retail or online; the BMI’s joint venture partners; marketing list providers; social media platforms; or online search engine providers.
11. REASONS WHY BMI MAY FURTHER USE OR PROCESS CUSTOMERS’ PERSONAL INFORMATION
At the time that BMI collects personal information from a customer, it will have a reason or purpose to collect that personal information. In certain circumstances, however, the BMI may use that same personal information for other purposes. The BMI will only do this where the law allows it to, and the other purposes are compatible with the original purpose/s applicable when the BMI collected the customer’s personal information. The BMI may also need to request a customer’s specific consent for the further processing in limited circumstances. Examples of these other purposes are included in the list of purposes set out in section 7 above.
The BMI may also further use or process a customer’s personal information if: the personal information about the customer was obtained from a public record, like the deed’s registry; the customer made the personal information public, like on social media; the personal information is used for historical, statistical or research purposes, the results of which will not identify the customer; proceedings have started or are contemplated in a court or tribunal; it is in the interest of national security; if the BMI must adhere to the law, specifically tax legislation; or the Information Regulator has exempted the processing. The BMI may also further use or process a customer’s personal information if the customer has consented to it or in the instance of a child; a competent person has consented to it.
Any enquiries about the further processing of customer personal information can be made through BMI’s Information Officer, contact details as set out in this document below.
12. THE USE OF CUSTOMERS’ PERSONAL INFORMATION FOR MARKETING
BMI will use customers’ personal information to market products, services and other related BMI financial and technology based products, services and solutions to them. (e.g. BMI Lead Generation, Data Management, Construction services, Online/ Digital Marketing/Sales (FSP & non FSP regulated products and services) as well as bespoke Web and Mobile Application Development). BMI will do this in person, by post, telephone, or electronic channels such as SMS, Automated Voice Messages, email and fax. If a person is not a BMI customer, or in any other instances where the law requires, BMI will only market to them by electronic communications with their consent. In all cases, a person can request BMI to stop sending marketing communications to them at any time.
13. WHEN WILL BMI PROCESS CUSTOMERS’ PERSONAL INFORMATION IN A MANUAL, AND/OR MECHANICAL AND/OR ELECTRONIC AND/OR AUTOMATED MANNER IN ORDER TO MAKE DECISIONS ABOUT THEM?
BMI may process a customer’s personal information in a manual, mechanical, electronic and/or automated manner in order to make decisions pertaining to them; as allowed by the law. This will apply in circumstances where the BMI has lawful access to a customer’s personal information due to previous interactions or previous behaviour from said customer or from any circumstances and/or scenarios as set out above. Such interactions, behaviour and/or scenarios will have the result that the customer has expressly or by tacit implication allowed BMI to analyze and process the customer’s personal information and to make contact with said customer when certain circumstances arise, such as: life event scenarios, new to market scenarios or any circumstances that are directly related to the customer’s previous concluded transactions. An example of such analysis and processing is the offering of any product or service to the customer or the offering to a customer of a comparative insurance related product or service, or the offering of any product or service to said customer based on processing of said customer’s personal information. Customers have the right to query any such processing decisions, and BMI will provide reasons for the processing decisions as far as reasonably possible.
14. WHEN, HOW, AND WITH WHOM DOES BMI SHARE CUSTOMERS’ PERSONAL INFORMATION?
In general, BMI will only share customers’ personal information if any one or more of the following apply: if the customer has consented to this; if it is necessary to conclude or perform under a contract we have with the customer; if the law requires it; or if it is necessary to protect or pursue the customer’s, BMI’s or a third party’s legitimate interest.
Where required, each member of BMI may share a customer’s personal information with the following persons, which may include parties that BMI engages with as independent responsible parties, joint responsible parties or operators. These persons have an obligation to keep customers’ personal information secure and confidential: members of BMI, any connected companies, subsidiary companies, associates, cessionaries, delegates, assignees, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; BMI’s employees, as required by their employment conditions; the customer’s spouse, dependents, partners, employer, joint applicant or transaction related party other similar sources; people the customer has authorised to obtain their personal information, such as a person that makes a booking on the customer’s behalf, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, and other persons that assist with the processing of customer payment instructions, such as card scheme providers (including VISA orMasterCard); law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities and other persons the law requires BMI to share customer personal information with; credit bureaus; financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; our service providers, agents and subcontractors, BMI uses to offer and provide solutions to customers; courts of law or tribunals that require the personal information to adjudicate referrals, actions or applications; or BMI’s joint venture partners with which it has concluded business agreements.
15. WHEN AND HOW BMI OBTAINS AND SHARES CUSTOMERS’ PERSONAL INFORMATION FROM/WITH CREDIT BUREAUS?
BMI may obtain customers’ personal information from credit bureaus for any one or more of the following reasons: if the customer requested BMI to do so, or agreed that it may do so; to verify a customer’s identity; to obtain or verify a customer’s employment details; to obtain and verify a customer’s marital status; to obtain, verify, or update a customer’s contact or address details; to obtain a credit report about a customer, which includes their credit history and credit score, when the customer applies for a credit agreement to prevent reckless lending or over-indebtedness; to determine a customer’s credit risk; for debt recovery; to trace a customer’s whereabouts; to update a customer’s contact details; to conduct research, statistical analysis or system testing; to determine the source(s) of a customer’s income; to build credit scorecards which are used to evaluate financial applications; or to determine which solutions to promote or to offer to a customer.
BMI will share a customer’s personal information with the credit bureaus for, among others, any one or more of the following reasons: to report the application for a credit agreement; to report the opening of a credit agreement; to report the termination of a credit agreement; to report payment behaviour on a credit agreement;/or to report non-compliance with a credit agreement, such as not paying in full or on time. Customers should refer to their specific credit agreement with BMI for further information.
16. CUSTOMERS’ DUTIES AND RIGHTS REGARDING THE PERSONAL INFORMATION BMI HAS ABOUT THEM
Customers must provide BMI with proof of identity when enforcing the rights below. Customers must inform BMI when their personal information changes, as soon as possible after the change. Customers warrant that when they provide BMI with personal information of their spouse, dependents or any other person, they have permission from them to share their personal information with BMI. BMI will process the personal information of the customer’s spouse, dependent or any other person which the customer has shared with us as stated in this notice.
16.1 Right to access: Customers have the right to request access to the personal information BMI has about them by contacting BMI. This includes requesting: confirmation that BMI holds the customer’s personal information; a copy or description of the record containing the customer’s personal information; and the identity or categories of third parties who have had access to the customer’s personal information. BMI will attend to requests for access to personal information within a reasonable time. Customers may be required to pay a reasonable fee to receive copies or descriptions of records, or information about, third parties. BMI will inform customers of the fee before attending to their request. Customers should note that the law may limit their right to access information. Please refer to Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 for further information on how customers can give effect to this right. Further information is available on the BMI website at: www.bminvestments.co.za
16.2 Right to correction, deletion or destruction: Customers have the right to request BMI to correct, delete or destroy the personal information it has about them if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if BMI is no longer authorised to keep it. BMI will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on BMI’s platform/systems. BMI may request documents from the customer to verify the change in personal information. A specific agreement that a customer has entered into with BMI may determine how the customer must change their personal information provided at the time when they entered into the specific agreement. Customers must adhere to these requirements.
If the law requires BMI to keep the personal information, it will not be deleted or destroyed upon the customer’s request. The deletion or destruction of certain personal information may lead to the termination of a customer’s business relationship with BMI. In certain instances, a customer can give effect to this right by making use of BMI’s unassisted interfaces, e.g. using a BMI app or website to correct their contact details.
16.3 Right to objection: Customers may object on reasonable grounds to the processing of their personal information where the processing is in their legitimate interest, BMI’s legitimate interest or in the legitimate interest of another party.
Customers must inform BMI of their objection. BMI will not be able to give effect to the customer’s objection if the processing of their personal information was and is permitted by law, the customer has provided consent to the processing and BMI’s processing was conducted in line with their consent; or the processing is necessary to conclude or perform under a contract with the customer. BMI will also not be able to give effect to a customer’s objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence. BMI will provide customers with feedback regarding their objections.
16.4 Right to withdraw consent: Where a customer has provided their consent for the processing of their personal information, the customer may withdraw their consent. If they withdraw their consent, BMI will explain the consequences to the customer. If a customer withdraws their consent, BMI may not be able to provide certain solutions to the customer. BMI will inform the customer if this is the case. BMI may proceed to process customers’ personal information, even if they have withdrawn their consent, if the law permits or requires it. It may a reasonable time for the change to reflect on BMI s’ systems. During this time, BMI may still process the customer’s personal information.
16.5 Right to complain: Customers have a right to file a complaint with BMI or any regulator with jurisdiction (in South Africa customers can contact the Information Regulator) about an alleged contravention of the protection of their personal information. BMI will address customer complaints as far as possible.
The contact details of the Information Regulator are provided below.
Physical Address: Information Regulator
33 Hoofd Street Forum III,
3rd Floor Braampark
P.O Box 31533
Braamfontein
Johannesburg
2017
Website: www.justice.gov.za/inforeg
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za
17. HOW BMI SECURES CUSTOMERS’ PERSONAL INFORMATION
BMI will take appropriate and reasonable technical and organisational steps to protect customers’ personal information in line with industry best practices. BMI’s security measures, including physical, technological and procedural safeguards, will be appropriate and reasonable. This includes the following: keeping BMI systems secure (such as monitoring access and usage); storing BMI records securely; controlling the access to BMI premises, systems and/or records; and safely destroying or deleting records. Customers can also protect their own personal information and can obtain more information in this regard by contacting BMI directly.
18. HOW LONG DOES BMI KEEP CUSTOMERS’ PERSONAL INFORMATION?
BMI will keep customers’ personal information for as long as: the law requires BMI to keep it; a contract between the customer and BMI requires BMI to keep it; the customer has consented to BMI to keeping it; BMI is required to keep it to achieve the purposes listed in this privacy compliance notice; BMI requires it for statistical or research purposes; a code of conduct requires BMI to keep it; and/or BMI requires it for lawful business purposes.
Furthermore to the above; BMI may keep customers’ personal information even if they no longer have a relationship with BMI or even if they request BMI to delete or destroy it, if the law permits or requires such information to be kept by BMI.
19. COOKIES
A cookie is a small piece of data that is sent (usually in the form of a text file) from a website, mobile application to the user’s device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” user behaviour (keeping track of previous actions), e.g. remembering the contents of an online user’s query, and actions that the user performed whilst accessing or browsing when not signed up or logged into any online account platform owned by BMI.
BMI does not necessarily know the identity of the user of the device but does see the behaviour recorded on the device. Cookies could, however, be used to identify the device and, if the device is linked to a specific user, the user would also be identifiable. For example, a device or cellular MSISDN number registered to an app.
By using BMI websites or applications, customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable BMI to know that a customer has visited a website or application before and will identify the customer. BMI may also use the cookie to prevent fraud.Privacy Compliance and Policy Document Dated June 2021
By authority: BMI
Registration Number: 2011/131560/07
Office 1, First Floor, Block J Sable Square
Cnr Bosmansdam and Ratanga Road
Milnerton 7441 Cape Town
For the attention of: Sandro Florentino duly authorised by the Directorship and Shareholders of Black Moon Investments 7 (Pty) Ltd