Overview
When we mention “processing,” it refers to how we gather, utilize, store, share, delete, update, disclose, or otherwise handle personal data. Generally, we will only process personal data if it is necessary to provide a service, deliver a product, execute a transaction, or fulfill a contractual obligation. We may aggregate this personal data and use the combined data for the purposes outlined in this Privacy Policy. By engaging with our services, products, or channels, you acknowledge that we may process your personal data as described in this Privacy Policy. In some cases, you may explicitly consent to such processing. Great X Cape, a registered South African entity, applies this Privacy Policy to all personal data processed by any part of its organization. If Great X Cape processes personal data on behalf of another party under a contract or mandate, that party’s privacy policy will govern such processing. Great X Cape may revise this Privacy Policy periodically to comply with legal requirements or changes in business practices. This policy sets a standard for safeguarding personal data within the Great X Cape environment and outlines principles to protect individuals’ rights to privacy and ensure reasonable security measures for their data.
Scope
This policy applies to all employees, contractors, consultants, temporary staff, and third-party affiliates of Great X Cape. It covers information assets owned or leased by Great X Cape, as well as devices connected to Great X Cape’s network or located at its facilities.
Policy Statement
1. What is personal information?
Personal information is any data that can identify you or relates specifically to you or your employees, as stored or processed through our product(s). This includes, but is not limited to:
– Marital status
– National origin
– Age
– Language
– Place of birth
– Educational background
– Financial history
– Unique identifiers (e.g., employee number, ID number, or passport number)
– Contact details (e.g., email, physical address, or phone number)
– Biometric data (e.g., fingerprints, signature, or voice)
– Race, gender, sex, pregnancy status, ethnic or social origin, color, or sexual orientation
– Health (physical or mental), well-being, disability, religion, beliefs, or culture
– Medical, criminal, or employment history
– Personal opinions, preferences, or views
– Opinions or views about you held by others
– Full name and initials
This also encompasses special personal information, as detailed below.
2. When do we process your personal information?
We will process your personal information for legitimate business purposes only if:
– You have given consent
– Consent is provided by someone legally authorized by you, the law, or a court
– It is necessary to enter into or perform a contract with you
– It is required or permitted by law
– It is needed to protect or pursue your, our, or a third party’s legitimate interests
3. What is special personal information?
Special personal information includes data concerning:
– Race (e.g., for reports submitted to the Department of Labour)
– Ethnic origin
– Trade union membership
– Health (e.g., for insurance policy applications)
– Biometric data (e.g., for identity verification)
– Criminal behavior or alleged offenses
4. When do we process your special personal information?
We may process special personal information if:
– You have consented to the processing
– It is required for human resources or payroll purposes
– It is necessary to establish, exercise, or defend a legal right or obligation
– It is used for statistical or research purposes, provided all legal conditions are met
– You have made the information public
– It is required by law
5. How and from where do we collect your personal information?
We obtain personal information:
– Directly from you
– From public records or information you have intentionally made public
– From third parties integrated with our software platform
– Based on your interactions with our products, services, or channels
– Through your communications with us, such as emails, letters, phone calls, or surveys
– From completed forms, including contact and billing details
If required by law, we will seek your consent before collecting personal information. Third parties from whom we may collect your information include, but are not limited to:
– Our partners, your employer, or employees
– Affiliated companies, subsidiaries, associates, or appointed third parties (e.g., agents, contractors, or suppliers) for purposes outlined in this Privacy Policy
– Your spouse, dependents, or others authorized to share your information (e.g., travel agents or medical practitioners for insurance purposes)
– Attorneys, tracing agents, debt collectors, or others assisting with agreement enforcement
– Payment processors, merchants, banks, or EFT service providers
– Insurers, brokers, or financial institutions assisting with underwriting, claims, or related purposes
– Law enforcement or fraud prevention agencies
– Regulatory authorities, industry ombudsmen, government departments, or tax authorities
– Trustees, executors, or curators appointed by a court
– Service providers, agents, or subcontractors (e.g., couriers) used to deliver products or services
– Courts or tribunals
6. Why do we process your personal information?
We process your personal information to:
– Provide products, goods, or services
– Market our products or services to you
– Address your inquiries or complaints
– Comply with legal, regulatory, or risk management requirements, including codes of conduct or reporting obligations
– Conduct market or behavioral research, including scoring or analysis for product eligibility or risk assessment
– Develop, test, or improve our offerings
– Process payments or create payment advice
– Deliver goods, documents, or notices
– Verify identity, ensure security, or check data accuracy
– Communicate with you and fulfill your requests
– Conduct customer satisfaction surveys or promotional campaigns
– Enable participation in value-added products or services
– Assess lending or insurance risks
– Support other related purposes
7. How we use your personal information for marketing
We may use your personal information to promote our services or related products. We may also market non-banking or non-financial products or services. Marketing may occur in person, by mail, phone, or electronic channels (e.g., SMS, email, or fax). If you are not a customer or if required by law, we will only market electronically with your consent. You can opt out of marketing communications at any time.
8. When and with whom do we share your personal information?
We share your personal information only if:
– You have consented
– It is necessary to perform a contract with you
– It is required by law
– It is needed to protect your, our, or a third party’s legitimate interests
Where applicable, Great X Cape members may share your personal information with:
– Other Great X Cape entities, affiliates, or third parties (e.g., agents, contractors, or suppliers) for purposes in this Privacy Policy
– Employees, as required by their roles
– Attorneys, tracing agents, or debt collectors enforcing agreements
– Payment processors, merchants, or banks handling transactions
– Law enforcement or fraud prevention agencies
– Regulatory authorities, ombudsmen, or tax authorities
– Service providers or subcontractors (e.g., couriers)
– Parties to whom we cede or delegate rights or obligations
– Courts or tribunals
– Loyalty program partners or joint venture partners
All recipients are obligated to keep your personal information secure and confidential.
9. When do we transfer your personal information across borders?
We may transfer your personal information to third parties in another country if:
– The recipient country’s laws or an agreement ensure adequate protection
– The transfer is necessary for a contract with you or in your interest
– You have consented to the transfer
– Obtaining consent is impractical, but the transfer is in your interest
Such transfers will comply with legal requirements. Where possible, the recipient will apply equivalent or stronger protections as required by your country’s laws.
10. Your responsibilities and rights regarding your personal information
You must provide proof of identity to exercise the rights below and notify us of any changes to your personal information. Refer to our PAIA Manual for details on exercising these rights. You have the right to:
– Request confirmation of the personal information we hold
– Obtain a copy or description of records containing your personal information
– Know which third parties have accessed your information
We will respond to access requests within a reasonable time, though a fee may apply for copies or third-party information. Your access may be limited by law. You may also request corrections or deletion of inaccurate, irrelevant, outdated, or unlawfully obtained personal information. Such requests must be made in writing (see our PAIA Manual). Changes may take up to 15 business days to reflect, and verification documents may be required. If a specific agreement governs your data, follow its requirements. Legal obligations may prevent deletion, and deletion may end our relationship. You may object to processing on reasonable grounds, but we may continue if permitted by law, based on your consent, or required by a contract. Objections must be submitted in writing (see PAIA Manual). You may withdraw consent for processing, but we will explain the consequences, and processing may continue if legally permitted. Changes may take up to 15 business days. You can file a complaint with us or a regulator if we breach your personal information’s protection.
11. How we protect your personal information
We implement appropriate technical and organizational measures to safeguard your personal information, following industry best practices. These include:
– Securing systems through access and usage monitoring
– Storing records securely
– Controlling access to buildings, systems, or records
– Safely destroying or deleting records
– Adhering to international security standards
12. How long do we retain your personal information?
We retain your personal information for as long as:
– Required by law
– Stipulated by a contract
– You have consented
– Needed for purposes in this Privacy Policy
– Required for statistical or research purposes
– Mandated by a code of conduct
– Necessary for legitimate business purposes
We may retain your data after our relationship ends for historical purposes, as required by your employer or employee.
13. Children’s Privacy
Our services are not intended for individuals under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us. If we discover such data was collected without parental consent, we will remove it from our servers. If consent is required from a parent in your country, we will obtain it before processing such data.
