SAIY ASSET MANAGEMENT PRIVACY POLICY

Effective as of: 21 May 2024

Your privacy is extremely important to us. SAIY has prepared this Privacy Policy in accordance with the Protection of Personal Information Act No.4 of 2013 (“POPIA”). The purpose of this Privacy and Policy is to outline how we collect, use, store, share, and otherwise process personal information outlines your rights in relation to that information.

This Privacy Policy relates to information collected by SAIY Asset Management (referred to in this Privacy Policy as "SAIY" "we" or "us" or "our") through your use of our website (www.saiy.co.za), social media and our through our dealings with you (which are collectively referred to in this Privacy Policy as the "SAIY Services").

If you do not agree to our use of your personal data in line with this policy, please do not use the SAIY Services. Please see our PAIA Manual for a description of the types of information we process, your rights, and guidelines on how to access, update or remove data we hold about you.

SCOPE OF THIS PRIVACY POLICY

This Policy governs information that SAIY may process that is personal to our clients, potential clients, members of the public, service providers and employees.  Our primary sources of information are our website, our social media presence, and our personal interactions and correspondence.

Our website (www.saiy.co.za) provides information about our business and our services. The website also provides information about our Corporate Social Responsibility Initiative (SAIY Foundation). What we publish on the website is regulated by the FSCA and we are committed to ensuring that all our communication with you complies with the FAIS Act. Our Blog page allows us to share newsletters, research articles thought leadership pieces with you – these Blogs are the opinion of SAIY and are presented for insight purposes only, and neither the Blogs nor Portfolio information provided on our website constitute advice or an offer to purchase any financial product(s).

Additional disclosures and policies are made available under LEGAL and you are welcome to contact us via the contact details provided or via the “contact us” or “book a consultation” webforms.

Our website also contains links to our social media presence (Facebook, X/Twitter, Instagram and LinkedIn). This Privacy Policy relates to any information we collect about you via these platforms and by using any of these platforms to engage with us you are acknowledging the contents of this Policy

In all instances we are committed to transparency with our customers and employees, and to protecting your data privacy.

WHAT INFORMATION DO WE COLLECT?

Depending on your use of the SAIY Service, we may collect three types of information: personally identifiable information, special personal information and non-personally identifiable information.

PERSONALLY IDENTIFIABLE INFORMATION

Personally identifiable information identifies you or can be used to identify or contact you. Examples of personally identifiable information may include your name, IP address, company name, job title, address, e-mail address, telephone number, and billing and credit card information.

SPECIAL PERSONAL INFORMATION

Special Personal Information is particularly sensitive information. It includes religious/philosophical beliefs, race/ethnic origin, trade union membership, political persuasion, health or sex life or biometric information. It also includes criminal behaviour to the extent that it relates to the alleged commission of an offence or related proceedings. We will only process Special Personal Information as permitted in accordance with POPIA.

NON-PERSONALLY IDENTIFIABLE INFORMATION

Non-personally identifiable information is information, any single item of which, by itself, cannot be used to identify or contact you, which may include demographic information (such as age, profession, company industry, gender, current location, or postal code), IP addresses, browser types, domain names, and statistical data involving the use of the SAIY Services. Certain non-personally identifiable information may be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your postal code with your street address) in a way that enables you to be identified. But the same pieces of information may be considered non-personally identifiable information when they are taken alone or combined only with other non-personally identifiable information (for example, your account preferences).

WHY DO WE NEED YOUR PERSONAL INFORMATION?

We use your personal information to enable us and our service providers to deliver the product or service you have requested from us, and/or ancillary service, and to fulfil our contractual and legal obligations. This may include, but is not limited to:

Onboarding you if you are a new client, processing your instructions, enabling payments to be made, investigating complaints, sharing your information internally and with our service providers that we rely on to deliver the product/service,  process your instructions or otherwise provide an ancillary service to you, and generally for the purposes of meeting our responsibilities to you and the administration of any agreement that we have concluded with you or any investment that you have made with us;

Helping us identify you when you contact us and for communicating with you (including for the purposes of sending required reports and other information, and responding to your requests);

Ensuring you meet the requirements for investment into a particular product;

Enabling us to trace you (or your beneficiaries’ whereabouts) when necessary;

Helping us to detect and prevent fraud, money laundering and financial crimes. This includes the recording of calls for regulatory purposes and providing personal information to third parties who assist with the verification of your information or the obtaining of additional information as is needed for us to meet regulatory obligations;

Meeting our contractual, legal, and regulatory obligations, including providing personal information to third parties, such as local and/or international governmental, regulatory and non-regulatory bodies, law enforcement agencies and any other person with whom we are required, by law, to share the information;

Conduct research for our internal purposes or to service products, or to help us improve the quality of our products and services;

For any other purpose related to us conducting our business, including:

Keeping and maintaining financial, client and operational records. Including sharing personal information with third parties that provide us with professional or record keeping services;

General administration, financial and tax purposes, and to enable us to transact with third party service providers;

Management and audit of our business systems and operations;

Reviewing the safety, usability, use and availability our website;

Business continuity and disaster recovery purposes;

Adhering to best practice guidelines, where appropriate.

INFORMATION WE COLLECT AUTOMATICALLY WHEN YOU USE THE SERVICES:

We collect information about you when you use our Services, such as browsing our websites, and interacting with us on social media, via email and in person.

YOUR USE OF THE SERVICES:

We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you download from or upload to the Services; frequently used search terms; and how you interact with others on the Services.

DEVICE AND CONNECTION INFORMATION:

We may collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We may also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We may use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.

COOKIES AND OTHER TRACKING TECHNOLOGIES:

SAIY and our third-party partners, such as our advertising and analytics partners, may use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies and Tracking Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

LOG FILES

We collect non-personally identifiable information through our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the SAIY Service. This information may be used to analyse trends, to administer the SAIY Service, to monitor the use of the SAIY Service, and to gather general demographic information. We may link this information to personally identifiable information for these and other purposes, such as personalizing your experience on the SAIY Service, and evaluating the SAIY Service in general.

INFORMATION WE RECEIVE FROM YOU

The main source of the personal information we have about you, is you. We collect this information as part of our client/supplier on-boarding process and when you correspond with us (via our website, social media, email or over the phone). We rely on you to let us know when your personal information changes.

INFORMATION WE RECEIVE FROM OTHER SOURCES

We receive information about you from other Service users, from third party services, and from our business and channel partners.

We may obtain your personal information from third parties. These include, but are not limited to, parties that:

Supply information to assist us to monitor and prevent money laundering and financial crime

Obtain background, criminal and/or credit checks where applicable

You have appointed to manage investments/business on your behalf or are entitled by law to do so.

We may also source information on you that is available in a public record to assist us in complying with our regulatory, legal, and contractual obligations.

SAIY's use of information received, and SAIY's transfer of information to any other app, from Google APIs or other API will adhere to the API Services User Data Policy, including the Limited Use Requirements.

NON-PUBLIC AREAS OF THE WEBSITE

Users of the non-public areas of our website (if applicable) will be required to identify and authenticate themselves prior to accessing our services. Generally, identification and authentication take place using your username, password, and One-time PIN (OTP). Your use of the non-public areas of the website is due to your being a client of ours and our Privacy Policy applies to the processing of your personal information that we obtain in the course of your using these non-public areas.

SUBSCRIPTIONS TO PUBLICATONS

When you subscribe, on our website or through any other platform, to receive a publication, we collect your personal information you provide for the purposes of sending you the publication(s). We may also use your information to provide you with other publications (including without limitation articles, bulletins, podcasts, visual or audio recordings of webinars) and/or invitations to attend and/or participate in any SAIY events (such as thought leadership events and webinars). You will have the opportunity to unsubscribe at any time. We may share your personal information with third parties that enable us to provide you with this service, where the information may be sent cross-border. If your personal information is sent cross-border, this will be done in compliance with POPIA.

THE "CONTACT US" SECTION OF OUR WEBSITE

When you use the Contact Us section of our website, we collect the personal information you provide to us to respond to you and for further communications with you.

WHO MAY WE SHARE YOUR INFORMATION WITH?

We do not sell any data, including your personal data. We will only collect and process your personal data in accordance with applicable data protection and privacy laws (POPIA). We need to collect and process certain personal data in order to provide you with access to SAIY Services. If you registered with us, you will have been asked to check a tick box indicating your agreement to provide this data in order to access our services. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time.

We may share your personal information with the following categories of recipients:

Companies in the SAIY group

Foreign and local governmental and regulatory bodies, financial and non-financial regulators and ombudsmen, commissions of inquiry, law enforcement agencies, industry bodies, and any other person with whom we are required, by law, to share the personal information;

Your authorised representatives and agents;

Corporate social investment partners;

Contracted third party service providers that enable us to deliver a product or service to you or provide a product or service to us to enable and/or enhance the functioning of our business.

These include, but are not limited to, parties that provide the following types of services:

Fund Administration;

Capturing, organising, reporting, printing, and storing of data and/or records;

IT, information systems and security;

Professional services providers (for example auditing firms);

Communications;

Conducting AML and FICA related checks or otherwise assisting with establishing and / or obtaining additional information on you and your affiliated parties, or assisting with the prevention of fraud and / or financial crime;

Customer satisfaction, quality assurance and research services;

Health and safety;

Facilities management;

Event organisation;

Marketing and advertising;

Banking, trading, and transaction services;

Staff augmentation;

We are not able to control all processing of your personal information by third parties, particularly in cases where those parties are not our contracted service providers (like regulators for instance or where you instruct us to provide your personal information to another party on your behalf). We take all reasonable measures to ensure that the third parties that we contract with have appropriate security and privacy safeguards in place.

DO WE TRANSFER PERSONAL INFORMATION OUTSIDE OF SOUTH AFRICA?

SAIY may transfer your personal information outside the borders of South Africa but will only do so in accordance with the requirements of POPIA. Steps are taken to ensure that the third parties we use are bound by laws, binding corporate rules or binding agreements that provide an adequate level of protection and uphold principles for reasonable and lawful processing of personal information referenced in POPIA.

Personal information transferred to another country may be subject to all the laws of that country, including laws related to money laundering, corruption and bribery, national security and anti-terrorism, which may permit local law enforcement or regulatory agencies to obtain access to information held by private businesses.

OTHER DISCLOSURES

If you use our website and follow a link from it to another website, different privacy notices/statements may apply. Before you submit any of your personal information to another website, you should read that website’s privacy notice/statement.

HOW LONG DO WE KEEP YOUR INFORMATION FOR?

We may hold your personal information after your relationship with us ends.

We will at your request, return to you or destroy, all your personal information and may, after receiving such a request, retain copies only to the extent required by applicable law or regulation or reasonably required for a lawful purpose related to our functions or activities, subject to us continuing to meet our obligations regarding the processing and safeguarding of such personal information. If you don’t submit such a request to us, we shall retain your personal information in accordance with our retention policies for as long as we consider appropriate in our discretion or, for so long as is reasonably required for any lawful purpose related to our functions or activities, provided that we then continue to comply with our obligations in relation to the processing and safeguarding of your personal information.

Regarding our back-up procedures, please note that the integrity of our back-ups is essential to our operations and to our clients, suppliers, and other stakeholders. Deleting single data entries from compressed back-up files may jeopardise the integrity of the entire back-up file and may negatively affect our ability to recover data for business continuity and disaster recovery purposes. Should the personal information you want deleted be stored in back-up files, we will let you know if it is possible to delete this data. Access to our back-up files is restricted and is not used in any of our production (live) systems, unless required for business continuity or disaster recovery purpose

SECURITY

We take the management of privacy risk seriously and aim to mitigate the risks associated with processing personal information as far as possible. We take all reasonable technical and operational precautions to prevent the loss and/or misuse of personal information. We can, however, not guarantee the security of any information you transmit to us electronically and you do so at your own risk.

We employ various measures to protect the confidentiality, integrity and availability of personal information and review the adequacy of these measures on an ongoing basis. These measures cover:

Network and device security;

Physical security;

Encyption;

Access and password controls and monitoring;

Acceptable Use policies;

Data Breach Response Procedures;

Adherence to best practices and standards;

Third party contracts contain appropriate security and confidentiality obligations.

YOUR RIGHTS AS A DATA SUBJECT

You have certain rights regarding your personal information that are afforded to you by law. These rights are not without limitation and there may be circumstances where you won’t be able to exercise these rights. Where applicable you have the right to:

Request confirmation on which of your personal information is / has been collected and information on the identity of all third parties or categories of third parties who have / have had access to it (subject to any legal or regulatory obligations preventing us from providing the information to you).

Request the correction of your personal information held by us at any time.

Object to the processing of your personal information or withdraw consent once given to SAIY. SAIY will advise you of the consequences of that objection/withdrawal. SAIY might not be able to give effect to an objection/withdrawal if the processing of the personal information was and is permitted by law, you provided consent to the processing, and our processing was already conducted in line with your consent or the processing is necessary to perform contractual/legal obligations.

You may want to discontinue receiving communications from SAIY. While this may mean that you will not receive product or service information that may be of interest to you, we will respect your wishes not to receive these communications. If this is the case, please e-mail us at informationofficer@saiy.co.za and specify that you would like to be removed from the SAIY e-mail database. You will also be provided with an "unsubscribe" link in communications we may send you.

Although we would appreciate the opportunity to first deal with any complaints you have about our processing of your personal information, you have the right to lodge a complaint with the Information Regulator if you think that we have infringed any of your rights. You may contact the Information Regulator at:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email Address (general enquiries): inforeg@justice.gov.za
Email Address (complaints): complaints.IR@justice.gov.za

Note: Whilst every reasonable care has been taken to ensure the accuracy of the information contained in this Privacy and Security Statement (“Statement”), SAIY does not guarantee its accuracy nor that it will remain accurate. SAIY shall not be liable for any losses or damage suffered arising from reliance being placed upon any of the contents of this Statement. We reserve the right to amend this Statement at any time, and all such amendments will be posted on the Site. Unless otherwise stated, the current version shall supersede and replace all previous versions of this Statement. Please check the Statement regularly to see if any updates or changes have been made. By continuing to use our website and interact with us, you are confirming that you have read and understood the latest version of this Statement.