Peresec South Africa Privacy Statement

This privacy statement explains how Peresec South Africa Proprietary Limited, its subsidiaries and associates, (“Peresec” or “us” or “we”) processes Personal Information, and the purpose for which we process it.

“Client” or “you” or “your” means a client of Peresec who establishes a business relationship or enters into a single transaction with Peresec and where applicable, a Client includes a prospective client. A Client includes all authorised persons representing or acting on behalf of the Client.

“System” means all the equipment and network infrastructure, including without limitation, our internet interfaces, websites, network, servers, peripherals, routers, switches, software, applications, hardware, databases, cables, generators and uninterruptible power supplies which are operating together as a system, and used by Peresec to provide services to the Client.

1. What is Personal Information?

“Personal Information” has the meaning given to it in applicable Data Protection Laws, and includes but is not limited to Personal Information controlled by the Client including that of its authorised persons and its customers, and any information that is processed by Peresec, which is subject to protection in terms of any statute in South Africa or other Data Protection Laws which impose data protection requirements from time to time.

“Regulated Personal Information” is that Personal Information in respect of which, the use, processing or transfer is regulated by law or regulation as “Personal Information”, where Peresec comes into possession of such information.

Personal Information is defined in the Protection of Personal Information Act No. 4 of 2013 as follows – “Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –

• information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
• information relating to the education or the medical, financial, criminal, or the employment history of the person;
• any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
• the biometric information of the person;
• the personal opinions, views or preferences of the person;
• correspondence sent by the person, that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
• the views or opinions of another individual about the person; and
• the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.”

2. What Personal Information do we collect?

To allow you to access and use our System we will need to collect Personal Information from you which may include (but is not limited to) the following, depending on the services and features you access and use and your location:

• Name and contact data includes full legal name, identity number, registration number and/or passport number, certified copy of identity document, contact number, email address, certified proof of physical address and employment status;
• KYC information is data specifically relating to the Client (whether it be a natural or juristic person) as well other related entities or persons to enable the performance of verification and checks required in terms of the Financial Intelligence Centre Act, No. 38 of 2001 (as amended) and “Know Your Customer” verifications and checks;
• Client data is data (including the originating and destination numbers and IP addresses, time and duration of voice or data transmissions, and other data necessary for the establishment, billing or maintenance of the transmission), transaction files, documents, digital works, information, company details, data containing Personal Information and/or private information of the Client, its related bodies, its authorised persons and its respective agents, its employees, as well as the customers of the Client, that a Client and/or any authorised person of a Client upload or store on our System, material received from others on their behalf, as well as other data provided to or obtained by Peresec) in connection with the relationship between Peresec and the Client. Client data includes KYC Information referred to above.
• Credentials is passwords and security information to permit access to and use of our website and System;
• Demographic data is age, gender, country, preferred language data;
• Payment data is data used to process payments and payment instrument numbers including credit card details and security codes associated with those;
• Subscription and licensing data is subscription, license and entitlement information;
• Device and usage data is payment history, device, connectivity and configuration data, error reports and performance data, troubleshooting and help data;
• Text, inking and typing data is data we collect for example to assist us in autofill fields or make suggestions;
• Images includes information such as picture metadata;
• Contacts and relationships is data about contacts and relationships if you use our website, System or services to share information with others or communicate with others;
• Location data is data about your device’s location which could be the exact location or a location close by
• Interactions data is information and data about your interactions with us and about your use of our website, System and services and includes data which you provide such as search queries, and data we provide, such as error reports;
• Content is the content of the files and communications that you input, upload, download, receive, create and control. Other content that we may collect includes communications which may be video, audio, video, text contained in a message, email, call, meeting request or chat, photo’s, images, software and other media or documents that you store, retrieve or otherwise process using our System;
• Videos and recordings are recordings of events and activities held at our premises;
• Feedback and ratings is information that you provide as feedback, survey data and System and services reviews; and/or
• Other inputs provided by you when you use our website, System and/or services.

Data from third parties

We also obtain data from third parties. We protect the data that we obtain from third parties in accordance with this privacy statement as well as any requirements arising from the source of the third-party data. The third parties that we may collect data from may include:

• Market data providers;
• Publicly available sources;
• Developers who create, upgrade or maintain our website and System;
• Communication services, including email providers, social networks, business reviews, public social media posts;
• Our service providers;
• Other subscribed sources used in the fulfilment of the services required by you;
• Data provided by a person, or representative of a person who has your permission to provide this information to us, in order for us to provide you with access to and use of our website, System and services.

Content

We collect the content of the files and communications that you upload, create, control, and those files and communications that you receive from us.

3. How do we collect Personal Information?

We collect Personal Information directly from you through our interactions with you when providing services, or otherwise and through our website and System. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our System. Where lawful and reasonable, we might collect Personal Information about you from third parties and publicly available sources, such as credit reporting and government agencies.

To the extent permissible under applicable law, we collect Personal Information when you provide it to us. We collect and process Personal Information when you –

• use our website and System, or services via your browser’s cookies;
• register on our System for our services;
• submit a form to, or receive one from our website or System;
• interact with our website or System via a browser and on a specific device such as a desktop or mobile device;
• interact with us via a medium or channel that requires Personal Information, such as interactions on our System, social media, email communications, or the manual submission of data; and/or
• contact us via an offline channel such as fax, email, telephone or post.

4. How will we use Personal Information?

We collect your Personal Information so that we can –

• meet our responsibilities and obligations to you;
• follow your instructions;
• use it for ordinary business purposes, including opening and maintaining your account (s), providing services to you, processing and giving effect to transactions, administer claims where applicable, managing risks and maintaining our relationship with you;
• process your registrations, service requests and to manage your account(s) with us;
• maintain electronic communication with you;
• monitor, measure, improve and protect our content, website, System and services and provide an enhanced, personal user experience for you;
• undertake internal testing of our website, System and services to test and improve their security and performance. In these circumstances, we would anonymise or pseudonymise any information used for such testing purposes;
• provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
• detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights, including liaison with competent regulatory authorities and law enforcement agencies for these purposes, where required in terms of applicable law;
• provide access to your information to competent regulatory authorities or their agents or auditors, where required in terms of applicable law; and/or
• advise you about the Systems, products and services available within the Peresec group.

We use Personal Information, to provide you with access to and use of our website, System and services, to improve our website, System and devices, to provide personalised features to our website, System and services, to activate our System and services where they require activation, for product development, to provide support to you, to maintain and enhance security, safety and troubleshooting, to provide updates, for purposes of carrying out your transactions with us, for reporting and business operations, to protect your and our rights and property, to comply with applicable law, and for research purposes.

When processing your Personal Information, we do so with your consent and as is necessary to provide you with the System and services that you use, to operate our business, meet our contractual obligations, comply with applicable law, protect the security of our website, System and services, review your “Know Your Customer” documentation (KYC) and to fulfil other legitimate interests of Peresec as detailed in this privacy statement.

Without your Personal Information, we may not be able to provide you with, or continue to provide our System and services that you require.

5. Sharing of your Personal Information.

You hereby provide us with your consent to retain, access, transfer, disclose, and preserve your Personal Information in accordance with applicable Data Protection Laws, and you specifically provide us with your consent to share your Personal Information –

• where this is necessary to complete any transaction or provide any service that you have requested or authorised;
• where this is necessary in our good faith belief to operate and maintain the security of our System and services;
• where we have a public duty to disclose the information;
• where we are obliged to disclose your Personal Information as required by applicable law; and/or
• our or your legitimate interests require disclosure.

Third Parties:

We also share Personal Information with vendors or our service provider’s working on our behalf for the purposes described in this privacy statement, our auditors, and where required in terms of applicable law, with competent regulatory authorities and the agents and auditors appointed by them. When we do so, these third parties have to agree to our privacy principles and associated policies and practices, save where they are exempted from doing so in terms of applicable law.

We will share payment data with banks and other entities that process transactions, process payment transactions or provide other financial services.

We do not disclose your Personal Information to other external organisations unless we have your consent to do so, or we are required to do so in terms of applicable laws, or it is necessary for us to do so, to perform in terms of our relationship with you.

6. Transfer of your Personal Information across borders

You hereby agree that Peresec may, for ordinary business purposes or to carry-out your instructions, process your Personal Information in other countries. Where necessary we will ask the party to whom we transfer your Personal Information to agree to our privacy statement, associated policies and practices.

7. Accessing and controlling your Personal Information

You can access and control your Personal Information by contacting us. You can also object to or restrict the use of your Personal Information at any time if we use your Personal Information for direct marketing purposes or where we perform a task in the public interest or pursue our legitimate interests or the legitimate interests of a third party.

8. How do we secure Personal Information?

We are committed to the protection and security of your Personal Information. To protect your Personal Information, our System and security policies and procedures are designed to prevent loss, unauthorised destruction, damage and/or access to your Personal Information from unauthorised third parties. We take reasonable precautions and follow industry best practices to make sure that it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

We will keep your Personal Information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage. We will do our best to protect your Personal Information, but we cannot guarantee the security of your Personal Information which is transmitted by you or a third party to our website, System or services or to other websites, Systems and services via an internet or similar connection, which is not within our reasonable control.

When we transmit confidential information, such as credit card numbers or passwords, over the internet, we protect this information using encryption.

If you provide us with your Personal Information, the information is encrypted. Although no method of transmission over the internet or electronic storage is 100% secure, we follow and implement additional generally accepted industry standards.

9. How long do we keep your Personal Information?

Under South African law, we are required to keep your Personal Information for a five (5) year period following the date of termination of the business relationship according to our Personal Information Retention Policy. After this period, your Personal Information will be irreversibly destroyed. For more information on our Personal Information retention schedule, please refer to our Personal Information Retention Policy which can be requested by emailing popi@peresec.com.

10. Where is your personal information processed?

Your personal information is being processed at: Katherine Towers 1 Park Lane Wierda Valley Sandton South Africa

11. Marketing

We would like to send you additional information about our System, services and solutions that we believe can create value for you and your organisation.

You hereby agree to receive marketing information and messaging from us, however you may choose to opt-out now or later, by contacting us using the contact details referred to at the end of this document.

You have the right to stop us from contacting you for marketing purposes or giving Personal Information to our related bodies or to others in terms of this Privacy Statement, at any time.

12. What are your protection rights?

We are fully aware and mindful of all your data protection rights. As such, you are entitled to the following:

• The right to access – You have the right to ask us to provide you with a description of your Personal Information or request copies of all your Personal Information. You may be charged a small fee in the processing of this request, if allowed by applicable law.
• The right to rectification – You have the right to request that we correct any information you believe to be incorrect or information that is incomplete.
• The right to erase – Under certain conditions and where permissible by applicable law and other legal restrictions, you may request that we delete all your Personal Information.
• The right to restrict processing – You have the right to request that we restrict the processing of Personal Information under certain conditions where the restriction does not affect the provision of services or is not prohibited by applicable law.
• The right to object to processing – You have the right to object to the processing of your Personal Information under certain conditions and on reasonable grounds.
• The right to portability – You have the right to request that we transfer the Personal Information that we have collected about you to you or another organisation under certain circumstances.

13. Cookies

By using our website and System without changing the settings, you are agreeing to our use of cookies.

We use cookies to give you a great experience when engaging with our website and System. If you continue to use our website and/or System, you are agreeing to the use of cookies for the purposes outlined in this document.

13.1. What are cookies?

Cookies are small text files which are transferred from our website and System and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our website, System and services better for you.

Our cookies may be session cookies (temporary cookies that identify and track users within our website and System which are deleted when you close your browser or leave your session) or persistent cookies (cookies which enable our website and/or System to “remember” who you are and to remember your preferences and which will stay on your computer or device after you close your browser or leave your session on the website or System).

13.2. What types of cookies might we use?

13.2.1. Strictly necessary cookies

These are cookies which are needed for our website and/or System to function properly. Without these, you will not be able to access and use the functions available.

13.2.2. Session cookies

Session cookies are temporary cookies and only exist while you use our website. When you close your browser or move to a different website the cookies are removed. These cookies allow our website and/or System to link to your actions during your browser session.

13.2.3. First party cookies

These are cookies that are owned and created by us.

13.2.4. Third party cookies

These are cookies that are owned and created by another company that provides a service to us, this includes website analytics.

13.2.5. Performance cookies and analytics technologies

These cookies collect information about how visitors and users use our website, System and services, for instance which functionality visitors use most often, and if they get error messages from areas of the website or System. These cookies do not collect information that identify a visitor or user. All information that these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, System and services work.

13.2.6. Functionality

These cookies allow our website and/or System to remember choices you make (such as your registered username, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information that these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

13.2.7. Targeting or advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

13.2.8. Web beacons and parameter tracking

We also use cookies and similar software known as web beacons to count persons who have visited our website after clicking through from one of our advertisements on another website or in emails. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.

13.2.9. IP Address and traffic data

We keep a record of traffic data which is logged automatically by our servers, such as your internet protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our website. We also collect some website, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.

13.3. Managing cookies

You can set your browser to not accept cookies. However, in certain cases, some website, System or application features may not function as a result.

14. Other Sites and Privacy Statements

Our website and System may include links to other websites and Systems. Our Privacy Statement only applies to our website, System and we are not responsible for the security of other websites, systems and applications. If you have navigated to another website, system or application, you will need to read their privacy policy.

The third-party service providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

15. Monitoring of Electronic Communications

We communicate with our Clients and their authorised persons via different methods and channels. Where allowed by applicable law, we may monitor and record electronic communications to ensure that these interactions comply with our internal policies and legal and regulatory responsibilities.

16. Social Media

We may operate on social media sites to inform, assist or engage with Clients and their authorised persons and monitor and record posts or comments about us on these channels, so we can improve our website, System and services. We are only responsible for information posted on those sites by our designated officials and are not responsible for information posted on those sites by anyone else or the general public. We do not endorse those sites or any information posted on them by third parties or any other users.

If you engage with us on social media, your Personal Information could be processed by the owner of the site. Please do not share your personal, account or security information on social media sites as these are not appropriate channels to discuss the contractual or financial arrangements between us. We do welcome feedback and ideas sent to us on these channels but cannot guarantee that we will act on or reply to these messages or posts.

17. Changes to our Privacy Statement

We keep our Privacy Statement under regular review and place any updates on our website at https://peresec.com/privacy/. The version on the website will be the most recent unless otherwise stated.

18. How to get in touch?

If you have questions about our Privacy Statement, the Personal Information we hold relating to you or you would like to exercise one of your Personal Information protection rights, please complete the form to exercise your data protection rights at the end of this page or contact us at popi@peresec.com.

Peresec International Limited Privacy Statement

This statement serves to inform you of the changes to data protection law under the Data Protection (Bailiwick of Guernsey) Law, 2017 (“DP Law”), as amended to incorporate legislation equivalent to EU Regulation 2016/679 (the “GDPR”).

Peresec International Limited (“Peresec Int” or the “Company”) would like to advise you that we are handling and will continue to handle your data professionally, securely and in accordance with GDPR.

Information privacy is an ongoing responsibility, and Peresec Int will from time to time update this Privacy Statement as we undertake new personal data practices or adopt new privacy policies. Where we do so, we will take appropriate steps to bring the amendment to your attention.

The Company takes the protection of your personal information seriously, and has appropriate technical and organisational measures and policies in place to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will only do so in an authorised manner and are subject to a duty of confidentiality. All staff of the Company are made aware of their information security responsibilities.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

1. What we need

Peresec Int is a Data Controller of the personal data you (the data subject) provide us. We collect the following types of personal data from you:

• names, title, email addresses, physical addresses, phone numbers, date of birth etc.;
• personal identifiers such as your social security number, national insurance number, tax number;
• information that we will need to conduct ‘know your client’ checks and principles such as details relating to your passport etc.;
• Structure Details; and
• additional information you provide to us in the course of your dealings with us or which we require to provide you with the Company’s product and services.

The data that is collected that personally identifies you (your directors, officers, employees, settlors, beneficial owners and/or beneficiaries) comes from:

• the mandates or other materials you submit to us during the course of your relationship with Peresec Int;
• your business dealings with Peresec Int, including via email, telephone or as stated in our mandates with you;
• third parties (including for anti-money laundering checks, among other things); and
• recording and monitoring tools that we may use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).

In limited cases, we also collect what is known as “special categories” of information. Our money laundering, sanctions, financial crime and fraud prevention checks sometimes results in us obtaining information about political opinion, actual or alleged criminal convictions and offences.

Where we process “special categories” of information about you, we do so either because you have given us your explicit consent, we are required by law to do so or the processing is necessary for the establishment, exercise or defence of a legal claim.

2. Why we need it

We need your personal data in order to provide you with the following services:

• services stipulated in the Mandate signed with Peresec Int;
• adhere to Money Laundering Regulations and to proceed with AML checks and related actions which the Company considers appropriate to meet any legal obligations imposed on the Company relating to, or the processing in the public interest, or to pursue the legitimate interests of the Company in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on- going basis, in accordance with the Company’s AML procedures;
• internal management and reporting;
• to facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;
• to monitor electronic communications for (i) processing verification of instructions; (ii) investigation and fraud prevention purposes; (iii) for crime detection, prevention, investigation and prosecution; (iv) to enforce or defend the Company’s, or their affiliates’ rights, themselves or through third parties to whom they delegate such responsibilities or rights in order to comply with any legal obligation imposed on the Company; (v) to pursue the legitimate interests of the Company in relation to such matters; or (vi) where the processing is in the public interest;
• to disclose information to other third parties such as service providers of the Company, auditors, regulatory authorities and technology providers in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company;
• to update and maintain records and carry out fee calculations;
• to retain AML and other records of individuals to assist with subsequent;
• the performance of our contract with you or a contract between us and another service provider to us the performance of which is in your interest;
• to comply with the Company’s legal obligations; and
• are necessary for the Company’s legitimate interests indicated above.

3. What we do with it

Your personal data is processed in Guernsey. Hosting and storage of your data takes place in Europe with duplicate storage and back up at an affiliate Company established in South Africa.

Where we transfer your information outside of Guernsey and the EEA, we will ensure that the transfer is subject to appropriate safeguards in accordance with data protection laws. Often, these safeguards include contractual safeguards. Please do contact us if you would like more information about these safeguards.

The Company may disclose your personal information as follows:

• to the Company’s service providers and other third party vendors in order to store or process the data for the above mentioned purposes; and
• to competent authorities (including tax authorities), courts and bodies as required by law or requested or to affiliates for internal investigations and reporting.

4. How long we keep it

Peresec Int will retain your personal information for as long as required for the Company to perform the Services and/or carry out the purposes for which the data was collected, or perform investigations in relation to the data depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that the Company retains your personal information.

5. What are your rights?

You may have the following rights under data protection laws:

• Right of subject access: the right to make a written request for details of information about you held by the Company and a copy of that information.
• Right to rectification: the right to have inaccurate information about you rectified. You must provide any relevant updates to your personal data held by the Company promptly to ensure its accuracy.
• Right to erasure (‘right to be forgotten’): the right to have certain information about you erased.
• Right to restriction of processing: the right to request that your information is only used for restricted purposes.
• Right to object: the right to object to the use of your information, including the right to object to marketing.
• Right to data portability: the right, in certain circumstances, to ask for information you have made available to us to be transferred to you or a third party in machine-readable formats.
• Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your information. If you withdraw your consent, this will not affect the lawfulness of the Company’s use of your information prior to the withdrawal of your consent.

These rights are not absolute: they do not always apply and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at ops@peresec.com.

In the event that you wish to complain about how we have handled your personal data, please contact Data Privacy Manager at clareg@peresec.com. We hope that our Data Privacy Manager can resolve any query or concern you raise about our use of your information. If not, you have a right to complain to the data protection regulator where you live or work, or where you think a breach of your personal information has taken place.

In Guernsey, your local regulator is the Data Protection Authority.