Privacy Policy
June 2021
Introduction
Medu Capital (Pty) Ltd (the Company) is a professional investment manager. In this regard, the Company successfully manages several investment funds.
The Company processes the personal information of any persons who invest with the Company and any prospective investors (Investors), including the participants, or affiliates of Investors, as well as any other persons who may transact with the Company. Any person whose personal information is processed by the Company is referred to as a Subject herein.
The Company collects personal information for the purposes of identifying investors, evaluating potential investment opportunities, growing and safeguarding its business and the investments under its management, to comply with the requirements of the law, to provide high quality professional services and to improve the excellence of the services it offers. These are the Company’s essential purposes (collectively, the Business Purpose).
In compliance with the Protection of Personal Information Act 4 of 2013, the Company commits to processing the personal information of Subjects lawfully and in a reasonable manner which does not infringe the privacy of any such person.
How does the Company collect personal information?
Personal information is usually collected directly from a Subject or its representative. This information may include (but is not limited to) names, identity/passport/registration numbers, address details, telephone numbers, tax numbers, financial information and banking details.
The Company will collect personal information through electronic correspondence, personal meetings, telephone calls and in general dealings with a Subject or its representative.
The Company may refer to a Subject’s website, social media profiles and other publicly available sources, to better understand its activities and ethos and collect certain personal information.
The Company may collect certain personal information about Subjects from third parties, including the South African Revenue Service (SARS) and the Companies and Intellectual Property Commission (CIPC). The Company may run background checks on, inter alia, identity and financial history, in accordance with lawful practice.
The Company may monitor activity on its own IT network and website and gather information about who is visiting and using its website and how, in order to fulfil the Business Purpose.
To the extent an Investor provides the Company with the personal information of a third person (including a participant or affiliate of such Investor), that Investor warrants and undertakes that such personal information is provided to the Company pursuant to lawful basis and a lawful purpose. In this regard, such Investor indemnifies and holds the Company harmless against any claims, loss, or damages whatsoever that may be suffered by the Company arising from a breach by the Investor of its obligations herein or in any law.
By transacting with the Company or attempting or proposing to transact with the Company in any way, you consent to the collection of personal information described in this Privacy Policy and any further collection necessary to fulfil the Business Purpose.
Is providing personal information voluntary or compulsory?
To fulfil the Business Purpose, the Company is required to collect the personal information of Subjects, as set out above.
Providing personal information where specifically required by law is compulsory. The Company will decline to transact with any person who refuses to comply with the requirements of any such law.
Laws which may require the Company to process personal information of a Subject include, amongst others, the Financial Intelligence Centre Act 38 of 2001 (FICA) and the Financial Advisory and Intermediary Services Act 37 of 2002 (FAIS).
Providing information not specifically required by law is voluntary. However, the Company reserves the right to decline to transact with any person who fails to provide any information which it has requested from that person and which the Company deems necessary, in its sole discretion.
How does the Company store and manage personal information?
The Company may store personal information electronically and/or physically.
Information stored electronically is stored by the following means: access is restricted by the use of password protection and unique user identification, server encryption, firewalls and anti-virus software. Access to information is restricted only to individuals requiring access to that information in order to fulfil their duties.
Information stored physically is stored by the following means: physical information is stored in lockable locations (including lockable filing cabinets and offices, or secure archiving facilities) and access to this information is restricted only to individuals requiring access to that information in order to fulfil their duties.
The Company’s Microsoft Office software is continuously updated as per the terms of the Microsoft platform, this includes security settings appropriate for business applications. The Company maintains anti-virus and anti malware software which is also updated regularly as recommended by the software provider.
Information distributed to Investors is done so in line with our obligations in terms of the relevant Management Agreements and/or Partnership Agreements. Information is shared only with individuals and/or email lists as nominated by and communicated to us by the Investor in writing.
The Company will endeavour to take reasonable and appropriate measures to keep personal information secure. However, the Company cannot guarantee the absolute security of personal information.
By transacting with the Company or attempting or proposing to transact with the Company in any way, you consent to the storage and management of personal information described in this Privacy Policy and any storage and management necessary to fulfil the Business Purpose.
What does the Company do with the personal information?
The Company uses the personal information which it collects to fulfil the Business Purpose.
To carry out the Business Purpose, the Company’s owners, directors, managers, employees, agents and contractors may need to review, consider, verify and discuss the personal information collected by it.
Where required by law, some or all of the personal information collected by the Company may be disclosed to SARS or any other governmental authority or regulatory body.
The Company will also use the personal information collected by it for reporting, payment and billing purposes.
In certain circumstances, including where it is necessary for the performance of a contract or pursuant to a lawful purpose, the Company may transfer the personal information of Subjects to third parties in foreign countries.
By transacting with the Company or attempting or proposing to transact with the Company in any way, you consent to the use of personal information described in this Privacy Policy and any further use necessary to fulfil the Business Purpose.
How long does the Company keep the personal information for?
The Company stores and processes personal information for so long as the Company maintains a business relationship or contact with such Subject, and for at least 5 (five) years thereafter. This is to:
-
- ensure that it maintains personal information of all Subjects who could benefit from the Company’s services;
- comply with the laws appliable to the Company’s industry; and
- carry out good record-keeping practices, in case the details of any transaction are queried by a Subject, governmental authority or regulatory body.
By transacting with the Company or attempting or proposing to transact with the Company in any way, you consent to the length of time for which the Company keeps the personal information.
Subjects’ rights to deal with their personal information
Each Subject has the right to:
-
-
- withdraw any of the consents given to the Company in relation to the processing of their personal information (however, the Company may continue to process the personal information to the extent necessary to implement a contract with the Subject, or to protect the legitimate interests of the Subject, or to protect the legitimate interests of the Company, or to comply with any legal obligation);
- ask the Company to reveal what personal information the Company has relating to the Subject and who has had access to that information (in which case the Company will respond as soon as reasonably practicable);
- ask the Company to correct or delete any of their personal information, which is inaccurate, irrelevant, out of date, incomplete or misleading (in which case the Company will respond by altering its records, or substantiating its records, as appropriate, as soon as reasonably practicable), provided that the Subject will, on request, provide all such correct and accurate personal information as may be required;
- ask the Company to destroy or delete any of their personal information if it is no longer lawful for the Company to retain it (in which case the Company will respond as soon as reasonably practicable, allowing time for the Company to seek legal advice if necessary);
- object to the Company processing any of their personal information where the processing is:
a. not covered by consent; or
b. not necessary for carrying out a contract between the Company and the Subject; or c. not necessary to discharge a legal obligation of the Company,
and the Subject has reasonable grounds for objection (in which case the Company must cease processing the personal information); - object to the Company processing any of their personal information to prevent any direct marketing by the Company to the Subject (in which case the Company must cease processing the personal information for this purpose);
- lodge a complaint to the Information Regulator at:
JD House, 27 Stiemens Street
Braamfontein
Johannesburg, 2001
PO Box 31533
Braamfontein, Johannesburg, 2017
Tel: 010 023 5207
-
Email: complaints.IR@justice.gov.za / inforeg@justice.gov.za.
The Company is a private company registered with CIPC as Medu Capital Proprietary Limited, registration number 2003/000273/07. The Company’s registered address is 4th Floor, 35 Ferguson Road, Illovo, Gauteng, South Africa, 2196.
Within the Company’s structure, Nhlanganiso Mkwanazi is the Company’s Information Officer. For all requests relating to the processing of personal information, the Information Officer may be contacted at nmkwanazi@meducapital.co.za or on +27 11 268 9140. Should the Information Officer be unavailable, the Deputy Information Officer, Leone Boshoff, may be contacted at Lboshoff@meducapital.co.za or on +27 11 268 9140.