MOMENTUM’S PRIVACY NOTICE

The term ‘personal information’, as used in this notice, applies to information that may be used to identify an individual or a juristic person for example, a registered company.

POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The person to whom personal information relates is referred to as the “data subject”.

Examples of personal information include contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth.

Personal information collected can include your name, contact details, birth date, identity number, gender, employment details, voice recordings, email correspondence, marital status, family information, policy information, location information, online identifiers, bank account information, medical or health information

When personal information is collected, we will indicate the purpose for the collection and whether the information required is compulsory or voluntary.

We collect information either directly from you, the data subject, your employer or through financial services intermediaries, medical professional(s) and service providers. In certain instances, we may appoint third parties to collect information on our behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.

If we are legally permitted to do so, Momentum Group may use your personal or other information to tell you about products, services and special offers from the company or other subsidiaries of Momentum Group. You can opt out from receiving such information.

• Providing quotations, for underwriting and processing insurance applications.
• Processing insurance claims.
• Providing on-going administration services for the duration of the contract.
• Fulfilling a transaction on request of a data subject.
• If permission is given, Momentum may use your personal or other information to tell you about products, services and special offers from the company or other subsidiaries of Momentum Metropolitan.

When you participate in health or wellness management programs, your health information may be used to assist you in your health coaching.

• Momentum Group may use this data anonymously or internal statistical, marketing or operational purposes, including generating sales reports and measuring and understanding demographics, user interests, purchasing and other trends among our users.
• Your data will be shared within Momentum Group where you have any Momentum Group products.
• This data will be kept for the period necessary to fulfil the purposes for which your Personal Information has been collected.

Note: A full list can be obtained in the Privacy Policyopen_in_new.

Momentum will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all personal information in secured environments, for example on secured servers in a protected data centre.

We may process your special personal information in the following circumstances:

• If you have consented to the processing thereto.
• If the processing is needed to create, use or protect a right or obligation in law.
• If the processing is for statistical or research purposes.
• If the special personal information was made public by you.
• If the processing is required by law.
• If racial information is processed and the processing is required to identify you; and/or
• If health information is processed, and the processing is to determine your insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation.
• If we do sanctions screening (against any sanctions list, we may in our sole discretion determine) and we may find reports of alleged criminal conduct or proceedings in this regard.

Your privacy is important to us. We will not sell, rent, or provide your personal information to unauthorised entities or other third parties whom we do not have a binding legal agreement with. Your information will only be shared with third-parties if it is required to fulfil our duties in terms of our contractual agreement with you or if we have obtained consent.

We will only transfer your personal information to third parties in another country if it is adequately protected under the other country’s laws or an agreement with the third-party recipient

You have certain rights in terms of POPIA, including the right to review, request access or copies of your personal information, request correction or rectification, stop processing, request deletion or erasure, withdraw consent, restrict processing, data portability, object to automated decision-making, and lodge a complaint with the relevant data protection regulator.

You can exercise those rights by clicking here or complete the formal forms by clicking here.

Momentum Group uses Automated Decision Making (ADM) technologies, including profiling, to provide products and services. ADM refers to decisions made solely based on automated processing of personal information using software, algorithms, artificial intelligence, or machine learning without human intervention. You have rights to request human intervention, contest decisions made by ADM, and express your point of view.

Momentum may update this notice periodically and an updated version may be requested, for example through an email notification addressed our contact information in the privacy policy.

The Momentum Group Board Risk Capital and Compliance Committee (BRCC) is a sub-committee of the Board that is accountable to address and manage the risk of data privacy and cyber security. The BRCC follows the board cycle and convenes on a quarterly basis. The Momentum Group Chief Digital and Transformation Officer (CDTO) is the business representative on BRCC for data privacy, data security and cyber security through the support of the Momentum Group Chief Privacy Officer. The Momentum Group Chief Risk Officer provides guidance and input regarding appropriate Risk Management.

Employee training on cyber security and data privacy forms part of ongoing mandatory compliance training. As part of the data privacy management, there is specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff.

To deal with cyber security and data privacy, two separate centralised functions exist within the Momentum Group. The information technology (IT) security environment includes managing cyber security as a capability and the data privacy environment deals with the aspects of data privacy and extended data security and privacy which is enabled through IT security. These two functions report into the group exco and work closely together to ensure coordinated efforts to best deliver on the relevant requirements.

What are cookies?
A cookie is a small text file stored on your device by the website you are visiting. It helps the website remember information about your device and how you use the website.

What happens if you disable your cookie functionality?
Disabling cookies may limit website functionality and your functionality once you’ve logged in.

Types of cookies we use?
There are two main types of cookies: session cookies (deleted when you close your browser) and persistent cookies (stored on your device until they expire or you delete them).

What we use cookies for?
Cookies are used for session management, user device identification and classification, traffic routing, and analytics.

Manage your cookie preference
By using our website, you consent to the placement of cookies on your device. You can adjust your browser settings to manage your cookie preferences.

Why do we use cookies?
Our website uses Google Analytics to track and analyze visitor behaviour and interactions with our digital properties. This helps us improve content and build better features.

Is your personal information at risk?
No, we will never save any personal information, including login details or other personal information, on your computer.

Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and access cookies. Web beacons do not collect, gather, monitor, or share any of your personal information.

We automatically receive and record Internet usage information on our server logs from your browser, such as your IP address, browsing habits, click patterns, version of software installed, system type, screen resolution, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website.