HIRODIUM DATA PRIVACY POLICY

Your data privacy is important to us

The following policies have been established to protect users and participants of the Hirodium platform:

Privacy Policy

It is our policy to respect data privacy regarding any information we may collect while operating our website, portal or platform. Accordingly, we have developed this privacy policy for you to understand how we collect, use, communicate, disclose, and otherwise make use of personal information. We have outlined our privacy policy below. 

We will collect personal and business data using secure and encrypted technologies through our platform, and only use this data for the purposes of processing finance and insurance applications. We cannot guarantee the accuracy or completeness of the data captured, as this is dependent on the individual and/or business capturing the data in our platform.

We will only use insights generated from the data captured, or processes orchestrated within our platform for the purposes of maintaining or improving service levels of our employees and partners.

We will collect personal and business information by lawful and fair means and with the explicit knowledge and consent of the individual and business concerned.

We guarantee that no data; personal, user, business or otherwise; will ever be passed to external agencies or third parties for any reason unless required by law.

We will protect personal and business information by using reasonable security safeguards against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification.

We will only retain personal and business information for as long as necessary for the fulfilment of those purposes. Refer to our retention policy and guidance terms below.

We sometimes include links to other websites on our platform and in email communication. When we use a link it does not imply that we endorse the website or its content. We do not have any control over other websites, so you use them at your own risk and should review their privacy policy before giving them any personal information.

Legal Age and Capacity

We do not accept any users, or representatives of users, under 18 (eighteen) years of age or who otherwise do not have the relevant capacity to be bound by this Privacy Policy. 

No one may access our platform, and/or accept our Privacy Policy if they lack the necessary legal capacity to enter into a valid and binding contract with our related Financiers and Insurers. It they are so lacking and continue to use our platform, such use is at own risk and Hirodium FNI accepts no responsibility for such use.

By accessing our platform and/or using our online facilities, users warrant that they have attained majority status (18 years of age or older), are emancipated or have their parents/legal guardian's consent to be bound by this Privacy Policy. Users further warrant that their legal capacity is not diminished due to mental incapacity.

Protection of Personal Information

We respect your right to privacy, as contained in section 14 of the Constitution of the Republic of South Africa 108 of 1996, and which forms the cornerstone of the Protection of Personal Information Act 4 of 2013 (“POPIA”). 

In order for us to assist you, it may be necessary for you to share some of your personal information with us from time to time.

We will take all reasonable steps to protect the personal information of users on our website. For the purposes of this section, “Personal Information” will be understood in accordance with the definition provided in POPIA. Any such Personal Information that you may share with us, and the reasons why such information is required, will depend on the nature and scope of your relationship with us.

We subscribe to the principles for electronically collecting Personal Information outlined in POPIA, and the further legislation referred to therein, and are committed to maintaining the integrity and confidentiality of Personal Information in our possession.

We use suppliers and service providers who we trust to provide services to us and sometimes that may involve sharing your information with them. They operate under strict requirements aimed at keeping your Personal Information secure and confidential and they will only use such information for the purpose for which we have sent it to them.

While we may transfer and outsource your Personal Information for operational reasons and to execute our instructions, all Personal Information submitted or provided by you will be treated confidentially and we will not sell, rent, lease or disclose your Personal Information to unauthorised third parties.

In the event that we are or become legally obliged to do so, we may of course also have to provide your Personal information to appropriate authorities or regulatory bodies.

Privacy Statement

Your information will not be used for any other purpose than that which is stated in this Privacy Policy, as well as our Terms and Conditions. None of your information held by us will be sold or made available to any third parties not stated herein without your prior written consent, and which shall be in line with the provisions related to the protection of Personal Information as set out in POPIA.

By using our platform, you are agreeing to the terms and conditions contained in this Privacy Policy, and consent to the use of your Personal Information in relation to:
- The provision and performance of any services obtained from us.
- Informing you of changes made to our services offered.
- Responding to any queries or requests you may have.
- Developing a more direct and substantial relationship with users for the purposes described in this clause.
- Understanding general user trends and patterns so that we can develop and support existing and ongoing operational strategies.
- For security, administrative and/or legal purposes.

The creation and development of performance data profiles which may provide insight into platform usage, practices and trends, help us improve our offering to you. Such information will be compiled and retained in aggregated form but shall not be used in any manner that may comprise the identity of a user.

For any other purpose relating to providing products and services, and when we have a legal duty to use or disclose your information:
- The Personal Information that we collect from our users will only be accessed by our employees, representatives, service providers and consultants on a need-to-know basis, and subject to reasonable confidentiality obligations binding such persons.
- We store your Personal Information directly, or alternatively, store your Personal Information on, and transfer your Personal Information to, a central database. If the location of the central database is located in a country that does not have substantially similar laws which provide for the protection of Personal Information, we will take the necessary steps to ensure that your Personal Information is adequately protected in that jurisdiction.
- Your information will not be stored for longer than is necessary for the purposes described in this Privacy Policy or as required by applicable law. 

Collection of Technical Information

Technical information refers to all information that does not by itself identify a specific individual user. 

As you navigate our platform, certain technical information may be passively collected by our web server through the use of ‘cookies’ and/or ‘server logs’ and by proceeding to use the platform you accordingly acknowledge and agree to this.

Security

We take your privacy and the security of your Personal Information and Business Information seriously. For this purpose, we:
- have implemented reasonable and up-to-date security safeguards;
- have in place reasonable technical (electronic) and organisational (non-electronic) security measures to protect your Personal Information and Business Information against accidental or intentional manipulation, loss, misuse, destruction or against unauthorised disclosure or access to the information we process; and
- regularly monitor our systems for possible vulnerabilities and attacks.

However, no data transmission over the internet can be guaranteed to be one hundred percent secure at all times. Thus, although we use reasonably endeavours to ensure the integrity, security and confidentiality of Personal Information and Business Information submitted and/or obtained from you, we cannot be held responsible for security breaches occurring in relation to the personal technology devices of users, such as, but not limited to, personal computers, tablets and mobile phones due to the lack of adequate virus protection software and/or spyware.

In addition to the above, subject to the provisions of POPIA and related legislation, Hirodium FNI will not be held liable under any circumstances if Personal Information or Business Information shared by yourself, in the manner as contemplated herein but which takes place at your own risk, is compromised, disseminated or otherwise disclosed through conduct outside our reasonable control, for example by means of hacking, infection by viruses, trojan horses or any other computer programming routines or software that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data, Personal Information or Business Information.

While we cannot prevent all security threats or ensure and/or warrant the security of any Personal Information or Business Information you provide us, we will continue to maintain and improve these security measures over time in line with legal and technological developments and will let you know of any breaches which affect your data.

Your Rights and Preferences

You have the right to know what Personal Information we have about you, to correct it, and to opt out of any direct marketing.

In addition to the above, you have the right to:
 - ask what Personal Information we hold about you;
 - ask what information was sent to our suppliers, service providers or any other third party;
 - ask us to update, correct or delete any out-of-date or incorrect Personal Information we hold about you;
 - unsubscribe from any direct marketing communications we may send you; and/or
 - object to the processing of your Personal Information.

Please take note that it can take us up to 21 days to respond to your request in terms of this clause. If you want us to delete all Personal Information we have about you, you will probably have to terminate all agreements you have with us. We cannot maintain our relationship with you without having some of your Personal Information. We can refuse to delete your information if we are required by law to retain it or if we need it to protect our rights.

Data Retention

Unless otherwise required by law, the following terms relate to the retention of your Personal and Business Information:
- Business and Personal Information to be retained by up to 5 (five) years from date of capture;
- Application information to be retained for up to 5 (five) years from date of capture;
- Business supporting documentation captured during application processes to be retained for up to 1 (one) year from date of capture;
- Performance data to be kept indefinitely;