Contact Us
  1. Home
  2. /
  3. Privacy statement of the...

Privacy statement of the Tongaat Hulett Sugar retirement benefit provident fund

  1. PRIVACY NOTICE
    1. We, the Tongaat Hulett Sugar Retirement Benefit Provident Fund (Fund, we or us) process personal information in terms of this policy when we act as a responsible party (we decide why and how to process the personal information). Privacy is very important to us.   
    2. This policy (read with other notices given to individual data subjects) is our notice in terms of section 18 of the Protection of Personal Information Act, 2013 (POPIA).
    3. This policy describes what personal information we process, where we collect it, why we process it and the legal basis on which we do so and generally, how we do so. 
  2. THE INFORMATION WE COLLECT AND PROCESS
    We don’t have our own website, email system, electronic messaging, voice recordings, post or other hard copy reception facilities or other infrastructure.  If you send us personal information, you do so through your employer or our administrator, Momentum Retirement Administrators (Administrator) email system, call centre, or other infrastructure (Infrastructure).  We process personal information using our Administrator’s infrastructure.
    1. INFORMATION OF MEMBERS, BENEFICIARIES AND DEPENDANTS
      1. We process personal information in relation to our active, paid up and former members (that is members who no longer contribute to the Fund but retain a retirement fund interest in it), our deferred members and members’ beneficiaries and dependants (Member Information).  The Member Information we process includes names, identity or passport numbers, employee numbers, citizenship, date of birth and age, gender, normal retirement date, Fund joining date, tax number, contact information (phone numbers, email and other addresses), information in communications relating to our Fund, bank account details, salary information, financial information (including contributions), previous membership of other retirement funds, employment information (including salary, employment duration and work address), health information, information about marital status and dependants including children.
      2. We source the Member Information from our active, paid up and former members, deferred members and members’ beneficiaries and dependants (Members, Beneficiaries and Dependants), participating employers, retirement funds, Financial Sector Conduct Authority (FSCA), the South African Revenue Service (SARS), courts and tribunals and other regulators (Stakeholders). 
      3. We process Member Information to register members of the Fund, members’ beneficiary nominations, receive and allocate member contributions and transfers from other retirement funds, make transfers to other retirement funds, invest and manage funds and allocate returns, issue benefit statements, record security undertakings for housing loans against member benefits, prepare annual financial statements, for annual audits, statutory actuarial valuations and calculating actuarial projections, to verify member identity and contact details, to receive and process claims and deductions and pay benefits, resolve questions and complaints, to ensure the security of our business and systems including information processed using the Infrastructure, to comply with the law including the Pension Funds Act, 1956, tax laws, any applicable collective agreement and the requirements of FSCA, SARS and other regulators (Applicable Laws), to keep records including backups of our databases, communicating and managing our contracts and relationships with the Administrator, other service providers and Stakeholders and securely and properly managing the Fund.
      4. The legal bases on which we process Member Information are consent or compliance with the law including the Applicable Laws or our legitimate interests in properly and securely managing the Fund and the legitimate interests of the Members, Beneficiaries and Dependants in having the Fund verify the identity of the person in all dealings and ensuring that their rights and interests under the Applicable Laws are considered.
    2. INFORMATION RELATING TO PARTICIPATING EMPLOYERS
      1. We process personal information relating to participating employers (Employer Information) including names, registration numbers, contact information (including phone numbers, email and other addresses) and financial and other information in respect of contributions and contribution returns.
      2. We usually source the Employer Information directly from the participating employers and from public records.
      3. We process Employer Information in relation to registering members of the Fund, receiving, reconciling and allocating contributions, managing the Fund and reporting to the FSCA, SARS and any other regulatory authority. The legal bases on which we process Employer Information include consent, complying with the law including the Applicable Laws, our legitimate interests in managing relationships and communicating with the employers, our members’ legitimate interests in the receipt, processing, allocation and reconciliation of contributions, the legitimate interests of Members, Beneficiaries and Dependants in ensuring that their rights and interests under the Applicable Laws are considered, dealing with disputes and claims by or against the Fund relating to any of the employers, including legal proceedings in any forum.
    3. INFORMATION YOU SEND US VIA THE INFRASTRUCTURE

      OUR ADMINISTRATOR’S EMAIL

      1. Any email enquiries you send us via our Administrator are held on our Administrator’s email server, by the addressee and by anyone to whom the addressee refers your email for response, including our Administrator. Your contribution returns are held by our Administrator’s contributions, benefits administration, investment administration and accounting personnel. Benefit statements are held by our Administrator’s benefits administration personnel.
      2. We use the personal information that you provide to us through our Administrator’s email:
        1. for the purposes for which you provided it; and
        2. to communicate with you.
        VOICE RECORDINGS
      3. We may make voice recordings using the Infrastructure when you communicate with us via our Administrator’s call centre.  You don’t have to provide us with any personal information on a telephone call but if you do so, we may use and store and process that information on the Infrastructure (Call Information). If you provide us with Call Information, we source that information from you, with your consent and we only use it for the purpose for which you provide it.  The legal bases on which we process Call Information are consent or complying with the law including the Applicable Laws or protecting our legitimate interests, those of the Fund and of participating employers, active, paid up and former members, beneficiaries, dependants and pensioners by in verifying the identities of callers, communicating with them in relation to the Fund, dealing with questions and complaints or our legitimate interests in properly and securely managing the Fund. 

        4. HARD COPIES
      4. If you send us personal information by post or by hand delivery, that information will be processed by our Administrator’s Infrastructure for receiving and handling post and hand deliveries.
    4. TRUSTEE/BOARD MEMBER INFORMATION
      1. We process personal information relating to our trustees or board members (Trustee Information) including names, identity or passport numbers, contact information (including phone numbers, email and other addresses), information in communications, education and employment information, training attended, race and gender, criminal record checks, business or financial information relating to conflicts of interest.
      2. We usually source the Trustee Information directly from our potential or actual trustees or board members but we may source it from criminal record checks and references.
      3. We process Trustee Information in relation to their appointment, in communication with the FSCA and other regulators, their management of the Fund including arranging, attending and recording board meetings and their decisions and we process Trustee Information in compliance with the law including Applicable Laws. The legal bases on which we process Trustee Information include consent or compliance with the law including Applicable Laws or our legitimate interests in managing relationships and communicating with our trustees or board members, dealing with disputes and claims relating to trustees or board members, including legal proceedings in any forum.
    5. PRINCIPAL OFFICER INFORMATION
      1. We process personal information relating to the Fund’s principal officer (Principal Officer Information) including names, identity and passport numbers, citizenship, contact information (including phone numbers, email and other addresses), education and employment information, training attended, race and gender.
      2. We usually source the Principal Officer Information directly from our potential or actual principal officers but we may source it from our Administrator, other service providers or references.
      3. We process Principal Officer Information in relation to the appointment, conclusion and management of the Fund’s contract with the principal officer, registration of the principal officer with the FSCA and in managing the Fund. The legal bases on which we process Principal Officer Information include consent or concluding, managing and performing contracts with the principal officer or our legitimate interests in managing our relationship and communicating with the principal officer, complying with the law including Applicable Laws, dealing with disputes and claims by or against us relating to any of our principal officers, including legal proceedings in any forum.
    6. SERVICE PROVIDER INFORMATION
      1. We process personal information relating to the Fund’s potential and actual service  providers such as the Administrator, the Fund’s auditor, actuary, consultants, insurers, investment managers or asset managers  (Service Provider Information). The Service Provider Information includes names, identity, passport or registration numbers, contact information (including phone numbers, email and other addresses), tax and VAT numbers, Broad-Based Black Economic Empowerment verification certificates and other licences, authorisations and accreditation relevant to their services and bank account details.
      2. We usually source the Service Provider Information directly from our potential or actual service providers but we may source it from our Administrator or from quotations or proposals or references or public records.
      3. We process Service Provider Information in relation to the appointment of service providers, concluding and managing contracts with them, compliance with laws including the Applicable Laws and our legitimate interest and that of the members in the proper management of the Fund. The legal bases on which we process Supplier Information include consent or concluding and performing contracts with the service providers or our legitimate interests in managing the Fund, the Fund and our service providers’ legitimate interests in properly managing our relationship and communicating with them and receiving, processing and paying service provider invoices, complying with the law including Applicable Laws, dealing with disputes and claims by or against the Fund relating to any of our service providers, including legal proceedings in any forum.
    7. OTHER TYPES OF INFORMATION
      1. We also share personal information as necessary to open accounts and receive and process payments through banks (Bank Information).  We share Bank Information with banks where necessary to comply with money laundering and terrorist financing laws including the Financial Intelligence Centre Act, 2001, to receive and make payments, pay refunds and communicate with you and the bank in relation to such payments or refunds.  The source of the Bank Information is usually the account holder but sometimes we source Bank Information from the banks themselves and from people (not the account holder) for whom, to whom or from whom the payment is made or received.  The legal basis on which we process Bank Information is consent or compliance with the law or performance of a contract such as paying a supplier or members or their beneficiaries or dependants or our legitimate interest in paying our service providers.  Every bank has a privacy policy which you can find on its website.
      2. If you send an enquiry to the Fund, we may process your personal information (Enquiry Information). We process Enquiry Information for the purposes of responding to your enquiry. Consent is the legal basis on which we process your Enquiry Information.
      3. We process information when you communicate with us or when we communicate with Stakeholders in relation to the Fund (Communication Information). The Communication Information may include your name and contact details, and the content of the communication. We process Communication Information to communicate with you, to comply with the law including Applicable Laws and to keep records. The legal bases on which we process Communication Information are compliance with the law including the Applicable Laws, our legitimate interest in properly managing the Fund and our Stakeholders’ legitimate interests in communicating with the Fund and receiving responses.
      4. We process any of the personal information identified in this policy to investigate, assess, establish, exercise or defend legal claims in any forum (Claims Information). The legal basis on which we process Claims Information is our legitimate interests in protecting and enforcing our rights or the rights of others and the proper administration and protection of the Fund.
      5. We process any of the personal information identified in this policy when necessary for audits, for asset valuations including statutory valuations, to prepare annual financial statements, to obtain expert advice, to identify, mitigate and manage risks and to obtain, maintain and claim under insurance cover (Audit and Risk Information). The legal basis on which we process Audit and Risk Information is compliance with the law, including Applicable Laws or in our legitimate interest in properly managing the Fund, identifying, managing and protecting the Fund against risk and dealing with any related disputes or claims by or against us, including legal proceedings in any forum.
      6. We process any of the personal information described in this policy when required to do so by law and as necessary to cooperate with any regulatory authority or law enforcement agency.
      7. We process any of the personal information described in this policy when necessary to protect your life or other vital interests or those of any other person.
  3. SHARING YOUR PERSONAL INFORMATION WITH OTHERS
    1. We won’t sell personal information to anyone. 
    2. When necessary, our trusted third party operators, including our Administrator, process personal information for us.  We contract with our operators binding them to comply with applicable data privacy laws including POPIA.  Our contracts oblige our operators to process information only for the purposes, and using means of processing, we determine. 
    3. We disclose personal information to our service providers (including our Administrator and principal officer) as necessary to manage the Fund.  We also disclose personal information to regulators and law enforcement agencies where required by law and where we reasonably believe disclosure is necessary to identify, contact or stop someone who may breach our privacy policy or who may cause harm to, or interfere with, the Fund’s rights, property, safety or interests or those of anyone else.
    4. We disclose personal information to underwriters, auditors, actuaries, investment managers and other professional advisors when necessary so that we can obtain or maintain insurance cover, manage risk, manage the Fund’s assets, get their advice or to establish, exercise or defend our rights including in relation to claims by or against us in any legal proceedings in any forum and in any negotiation.
    5. We share Member Information with banks when paying benefits and with other retirement and benefit funds when transferring member benefits.
    6. We share Member Information with SARS as necessary in relation to the payment of benefits.
    7. We share Member Information with participating employers as necessary to verify a member’s employment status or as necessary to provide members with benefit and surplus statements.
    8. We share Member Information with the FSCA as required by it, including in relation to unclaimed member benefits. 
  4. OFFSHORE TRANSFERS
    1. We may send Trustee Information and Principal Officer Information to service providers situate outside South Africa including asset/investment managers as necessary to facilitate offshore investments.
    2. Where you require us to use an online platform when communicating with you and that online platform transfers personal information offshore, you consent to the transfer of your personal information to third parties in foreign countries and you acknowledge that that personal information may be available through the Internet around the world. We cannot prevent unauthorized access to, misuse of, damage to, or destruction of, that personal information. 
    3. If we are obliged by law to use an online platform which may transfer personal information offshore, we do not control that online platform and we cannot prevent unauthorized access to, misuse of, damage to, or destruction of, that personal information.
    4. Where we transfer personal information to countries which don’t have an adequate level of data protection similar to POPIA’s conditions for lawful processing and the transfer is not covered by section 72 (1) (b) (consent to transfer), (c) (transfer needed to perform a contract with the data subject or take pre-contract steps), (d) (transfer needed to conclude or perform a contract in the data subject’s interests) or (e) (the transfer is for the data subject’s benefit and it’s not reasonably practicable to obtain the data subject’s consent) of POPIA, we will conclude contracts with the third parties to whom the information is transferred binding them to process your information to the standards required by POPIA and not transfer your information to any other country without similar protection.
  5. MANDATORY AND VOLUNTARY DISCLOSURE
    1. Where we have to collect and process personal information to comply with the law, we may not be able to enable you to participate in the Fund or appoint you or retain you as a trustee/board member or principal officer or service provider unless you provide that information. 
    2. Except where providing personal information to us is required by law, our Stakeholders are free to volunteer personal information to us. We may ask you for personal information to verify your identity when communicating with you.  If you don’t provide us with that personal information, we will not be able to assist or further communicate with you.  Please don’t send us personal information unless we ask you for it or you need to provide it to us.  If a Stakeholder chooses not to provide personal information which we request so that we can properly manage the affairs of the Fund, this may restrict or prevent the proper management of the Fund including preventing or restricting participation in, or benefit or exit from, the Fund.
  6. PROTECTING PERSONAL INFORMATION
    1. We take appropriate and reasonable technical and organisational steps to protect your personal information against unauthorised access or disclosure. 
    2. The steps we take include ensuring that the Infrastructure (and our other operators’ infrastructure on which your personal information is processed) is protected by physical and electronic access control, encryption, appropriate firewalls and malware and virus protection. 
  7. SUMMARY OF DATA SUBJECT RIGHTS OF ACCESS, RECTIFICATION, OBJECTION AND COMPLAINT
    1. Every data subject has the rights of access, correction, objection and complaint which are summarised in this paragraph. This is just a summary of those rights and to get a proper understanding of them, please read the relevant provisions in POPIA.
    2. Subject to POPIA and other laws, by completing and sending us the request form available on request from davidson@wylie.co.za and faye.lock@tongaat.com you may:
      1. ask us to confirm, free of charge, if we hold personal information about you;
      2. for the prescribed fee, obtain a record or description of the personal information we hold and a list of third parties or the categories of third parties who hold it;
      3. where the legal basis on which we process your personal information is consent, you may withdraw your consent but this will not affect the lawfulness of our processing before your withdrawal and even if you do withdraw your consent, we can continue processing your personal information where there is another legal basis for that processing such as compliance with applicable laws;
      4. if any of your personal information that we have processed is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or if we are no longer authorised to retain that personal information, you may ask us to correct, destroy or delete the personal information but we emphasize that, despite your request, we may not destroy or delete personal information where we are entitled to continue processing it;
      5. at any time, on reasonable grounds and except where legislation provides for such processing, object to the processing of your personal information for the proper performance of a public law duty by a public body or to pursue your legitimate interests or to pursue our legitimate interests or those of a third party to whom the personal information is supplied;
      6. at any time, object to the processing of personal information for direct marketing (other than direct marketing by means of unsolicited electronic communications);
      7. if you feel that we have processed your personal information unlawfully, complain to the Information Regulator who can be contacted at:
        1. JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001;
        2. P.O Box 31533, Braamfontein, Johannesburg, 2017; or
        3. Complaints email: complaints.IR@justice.gov.za.
  8. AMENDING THIS STATEMENT
    1. We may update this statement from time to time.
    2. We may email you to tell you tell you about important changes to this policy. 
    3. You can also obtain the current version of this policy at any time by emailing a request to davidson@wylie.co.za and faye.lock@tongaat.com
  9. OUR ADDRESS AND OUR INFORMATION OFFICER’S DETAILS
    1. You can contact us at our registered address at Amanzimnyama, Tongaat, KwaZulu Natal, 4401, South Africa. 
    2. Our Information Officer can be contacted on davidson@wylie.co.za and faye.lock@tongaat.com