MOMENTUM’S PRIVACY NOTICE
We respect your privacy
Our Privacy Notice governs the way we treat your personal information. At Momentum, we comply with the Protection of Personal Information Act 4 of 2013 (POPIA) when processing your personal information. This means that keeping your information confidential and safe, is our top priority.
Momentum is part of Momentum Metropolitan Holdings Limited. This privacy notice applies to South African entities within Momentum Metropolitan Holdings Limited’s companies, its subsidiaries, operating divisions, business units, licensed entities, management-controlled entities and activities.
The purpose of this
The purpose of this notice is to inform you, our client, about the types and uses of personal information (PI) that we collect, the ways in which we collect it and the sharing, protection and storage of said information.
The term ‘personal information’, as used in this notice, applies to information that may be used to identify an individual or a juristic person for example, a registered company.
POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The person to whom personal information relates is referred to as the “data subject”.
Examples of personal information include contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth.
Personal information collected by Momentum can include a data subject’s name, contact information, birth date, identity number, gender, employment details, marital, family, policy, location information, online identifier, bank account, medical or health information.
When personal information is collected, we will indicate the purpose for the collection and whether the information required is compulsory or voluntary.
We collect information either directly from you, the data subject, your employer or through financial services intermediaries. In certain instances, we may appoint third parties to collect information on our behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.
If we are legally permitted to do so, Momentum Metropolitan may use your personal or other information to tell you about products, services and special offers from the company or other subsidiaries of Momentum Metropolitan. You can opt out from receiving such information.
- Providing quotations, for underwriting and processing insurance applications.
- Processing insurance claims.
- Providing on-going administration services for the duration of the contract.
- Fulfilling a transaction on request of a data subject.
- If permission is given, Momentum may use your personal or other information to tell you about products, services and special offers from the company or other subsidiaries of Momentum Metropolitan.
- Momentum Metropolitan may use this data anonymously or internal statistical, marketing or operational purposes, including generating sales reports and measuring and understanding demographics, user interests, purchasing and other trends among our users.
- Your data will be shared within Momentum Metropolitan where you have any Momentum Metropolitan products. None of this new information will negatively impact any of your existing benefits.
- This data will be kept for the period necessary to fulfil the purposes for which your Personal Information has been collected.
We may process your special personal information in the following circumstances:
- If you have consented to the processing thereto.
- If the processing is needed to create, use or protect a right or obligation in law.
- If the processing is for statistical or research purposes.
- If the special personal information was made public by you.
- If the processing is required by law.
- If racial information is processed and the processing is required to identify you; and/or
- If health information is processed, and the processing is to determine your insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation.
- If we do sanctions screening (against any sanctions list, we may in our sole discretion determine) and we may find reports of alleged criminal conduct or proceedings in this regard.
You can request to review your personal information contained in Momentum’s records at any time to correct or update the information. If the purpose for which your personal information was requested initially does not exist anymore, for example you no longer have a contract with it, you may request information held by the company to be removed. However, Momentum can decline your request to delete the information from its records if other legislation requires the continued retention thereof or if it has been de-identified.
Momentum may update this notice periodically and an updated version may be requested, for example through a postal request or through an email notification addressed to [email protected].
The Momentum Metropolitan Board Risk Capital and Compliance Committee (BRCC) is a sub-committee of the board that is accountable to address and manage the risk of data privacy and cyber security. The BRCC follows the board cycle and convenes on a quarterly basis. The Momentum Metropolitan Group Chief Risk Officer (CRO) is the business representative on BRCC for data privacy, data security and cyber security. The Momentum Metropolitan Chief Risk Officer provides guidance and input regarding appropriate risk management.
Employee training on cyber security and data privacy forms part of ongoing compliance training. Cyber security training is currently further required as a basic compliance training that all employees must complete. As part of the POPIA management programme, there is a specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff. The POPIA management programme is actively managed at Momentum Metropolitan Group level with participation of all business entities and subsidiaries of Momentum Metropolitan.
To deal with cyber security and data privacy, two separate centralised functions exist within Momentum Metropolitan. The information technology (IT) security environment includes managing cyber security as a capability and the data management environment deals with the aspects of data privacy and extended data security and privacy which is enabled through IT security. These two functions report into the group exco and work closely together to ensure coordinated efforts to best deliver on the relevant requirements.
What happens if you disable your cookie functionality?
Clearing or disabling cookies may limit your website functionality, and your functionality once you’ve logged in. You can limit the collection of your information by disabling cookies on your browser. You may also be able to modify your browser settings to require your permission each time a site attempts to set a cookie.
However, our website(s) (and many other websites) rely on cookies to enable certain functionality. If you choose to disable cookies, some of the services available on our website may not work properly
What are cookies?
A cookie is a small text file stored on your device by the website you are visiting. It helps the website to remember information about your device and how you use the website. We use this information to make your visit to our site as easy and useful as possible.
Types of cookies we use
There are two main types of cookies: session cookies and persistent cookies.
When you close your browser, some cookies are deleted. These are called session cookies. Other cookies are stored on your device until they expire, or you choose to delete them. They are called persistent cookies. These cookies are sent back to us each time you visit our site.
Is your personal information at risk?
No, we will never save any personal information, including login details or other personal information on your computer.