Privacy Notice

Introduction

Sygnia cares about the privacy, security and online safety of your personal information. This notice explains how we collect, use, share and protect that personal information.

In this notice, “Sygnia”, “we” or “our” refers to Sygnia Limited and all its subsidiaries in the Sygnia group in South Africa.

This Privacy Notice must be read together with our PAIA Manual, which is also available on our website: www.sygnia.co.za.

What is personal information?

Personal information is any information relating to an identifiable living or juristic person. Some examples are: race, gender, marital status, nationality, age, physical or mental health, disability, language, education, identity number, telephone number, email, postal or street address, biometric information and financial, criminal or employment history.

If you have questions

If you have any questions about how your personal information is treated, by us please contact our Deputy Information Officer using these details:

Information Officer: Magda Wierzycka
Deputy Information Officer: Mr Victor Ndlhovu
Physical address: 7th Floor, The Foundry, Cardiff Street, Green Point, Cape Town, 8001
Website:www.sygnia.co.za
Email: InformationOfficer@sygnia.co.za


Our Information Officer is Ms Magda Wierzycka, who can be contacted using the same details above.

Who we collect your personal information from

We collect and process your personal information (or the personal information of persons you provide to us) primarily to provide you with access to our services and products. We may collect information directly from you and any other person you have appointed to act on your behalf, whose details you provide to us in accordance with the relevant laws when you provide us with these personal details. For example, when you purchase a product or service from or complete a product or service application form, electronically, telephonically or by way of a hard copy, are members of a fund we administer, submit
enquiries or contact us for any other reason.

We may collect personal information indirectly from you when you interact with us electronically by way of our website, apps, or social media channels, which may include the collection of metadata (data about data).

We may also collect personal information about you, where required to fulfil legal and regulatory obligations, from other persons (not you) and third party sources, for example from other entities within the Sygnia group, your employer, from retirement funds, employers other contracted entities in the context of medical schemes and group insurance policies, from administration companies, financial intermediaries and institutions, data aggregators, your representative or agent, our operators (e.g. tracing agents, credit bureaus, fraud prevention agencies and death benefit investigation providers) or from public databases and official public sources (Financial Sector Conduct Authority’s website).

We will also collect your information where you have only partially completed or abandoned any personal information which you started to apply in our website or other online forms. We may use this information to contact you about your outstanding information.

Where we require personal information to provide you with our products and services, if you do not provide us with the necessary information, we cannot provide you with our products and services. Where our services include financial advice, the appropriateness of the advice may be compromised if you do not provide complete and accurate information. You are responsible to tell us if your personal information changes.

We also use certain social networking services such as Facebook, WhatsApp, Instagram and Twitter/X to communicate with the public and our clients. When you communicate with us through these services, that social networking service may collect your personal information for its own purposes. These services may track your use of our digital channels on those pages where the links are displayed. If you are logged into those services (including any Google service) while using our digital channels, their tracking will be associated with your profile with those service providers. These services have their own privacy policies which are independent of our privacy policies, notice and practices. Please ensure that you fully acquaint yourself with the terms of any such third-party privacy policies and practices.

We rely on the following justifications to not collect personal information directly from you:

  • It is necessary to carry out actions for a contract with your retirement fund or with another service provider;
  • It is necessary to comply with an obligation imposed by law on us
  • It protects clients’ legitimate interest; or
  • It is necessary to pursue our legitimate interests or those of a third party to whom the information is supplied.

For queries about specific activities where we collect personal information from persons other than you and the justifications we rely on to do so, please contact our Deputy Information Office.

How we use your information and what we use it for (purpose)

For us to provide clients with the financial products and services they have requested and to notify them of important changes to such products and services, we need to collect, use and disclose the personal information of clients, their representatives, controlling persons of entities, business contacts, staff of clients, service providers and others. Some of the purposes for which we use your personal information are set out below. Please also refer to our PAIA manual on our website.

To the extent permissible under applicable laws, we may use your information:

  • To provide you with our financial products and services, and maintain our relationship with you;
  • To conclude and administer your application;
  • To execute a transaction in accordance with your request;
  • To assess, check, and process claims and benefit payments;
  • General client care, including communicating with clients and their representatives and reporting to clients and their representatives.
  • To provide newsletters and information about our products and services to interested persons.
  • To inform clients about changes to our services, products or business;
  • To manage complaints, queries, requests and feedback;
  • To meet our contractual obligations with you or take steps necessary for the conclusion of a contract with you.
  • In relation to administering any securities you may hold in respect of a Sygnia company (where relevant);
  • To comply with legislative and regulatory requirements, including codes of conduct and requirements of our Regulators (including the Financial Sector Conduct Authority and Prudential Authority);
  • To undertake credit reference searches or verification;
  • To undertake tracing of you or your potential beneficiaries;
  • For the detection and prevention of unlawful activity, fraud, money-laundering, sanctions checks, adverse media checks, beneficial owner information and other FICA related information, loss, due diligence information required under
    applicable laws and in terms of Sygnia Group policies;
  • Set-up or on-boarding of clients and service providers, including fraud, due diligence, credit, Financial lntelligence Centre Act (including anti-money laundering and sanctions checks) (if applicable).
  • Verifying your identity or the identity of your beneficial owner or controlling persons.
  • In accordance with law, to maintain a record of our dealings with clients;
  • To comply, assess compliance, provide assurance and report on compliance in accordance with our legal, regulatory and policy, obligations, including disclosure, information and reporting requirements to Regulators, boards and others;
  • For debt recovery or debt tracing;
  • For purposes of online login and authorisation;
  • For business development, statistical analysis and research purposes to execute the Sygnia Group’s strategic initiatives;
  • To perform any risk analysis or for purposes of risk management to you or our business in general;
  • To record, monitor and have access to your telephone calls (i.e. voice recordings), correspondence and electronic communications to/with us (or any of our employees, agents or contractors) in order to accurately carry out your instructions and requests, to use as evidence and in the interests of crime prevention;
  • To maintain the security of our digital channels and systems. To manage, monitor and maintain IT systems (including back-up, storage, website, applications and file server) to ensure they operate efficiently, uphold standards of service
    and internal requirements and to protect against cyber threats or malicious activity including abuse and misuse;
  • For audit and record-keeping purposes;
  • To share information with service providers with whom Sygnia has a business agreement;
  • For purposes of proof, legal proceedings, defending or prosecuting legal claims or obtaining legal opinion or advice;
  • To enhance your experience when interacting with the Sygnia Group and to help us improve our offerings to you;
  • To share with other entities in the Sygnia Group, so that we can market our financial products and services which we deem similar, with the aim of offering you the opportunity to take up some of the financial products to fulfil your needs, provided that you have not objected to receiving such marketing;
  • To provide you with information about our products and services from time to time via email, telephone or other means (for example, invite you to events), to aid in the improvement of our processes, products and services or to assist our pricing strategies;
  • To process your marketing preferences (where you have unsubscribed from certain direct marketing communications, keeping a record of your information and request to ensure that we do not send such direct marketing to you again);
  • To do risk modelling, evaluation, monitoring and reporting; and
  • For any purpose related to and compatible with the above.

We may collect and process your personal information on more than one lawful basis, but we will only use your personal information for the purposes for which we have collected it – unless we reasonably consider that we need to use it for another purpose that is compatible with its original collection.

Cookies

We use cookies on our website. A cookie is a small piece of data that a website stores on the visitor’s computer or mobile device. These data files do not contain personal information, but they do contain a personal identifier that allows us to associate your personal information with a certain device.

We do not store any personal information in our cookies that could be read or understood by other web users. Please note that by deleting or disabling cookies, you may not be able to access certain areas or features of our website.

We use different types of cookies on our website. These cookies may be deleted from your device at different times, such as at the end of your browsing session or after a pre-set amount of time, or they may persist on your device until you delete them. The different type of cookies we use are:

  • Essential cookies: these cookies are required for the operation of our website. Some parts of our website may not work
    without them.
  • Analytical/performance cookies: these cookies allow us to understand how visitors move around our website so that
    we can improve the way our website works. For example, we use Google Analytics cookies, which report website trends
    anonymously (i.e. without identifying individual users).
  • Social media cookies: these are cookies that integrate with social media platforms. We use them so that content can be
    shared from our website to your chosen social media platform.
  • If you would like to delete or disable cookies, please activate the setting on your browser to refuse some or all cookies. Please note, however, that blocking all cookies will block essential cookies and may affect your ability to access some parts of our website.

Voice recordings

You may be recorded when you call our offices. These recordings are required for regulatory purposes, staff training, improvement of our business, record of advice and our own evidential purposes. These recordings are not provided to clients or customers. You will always be advised that your call may be recorded, so that you have the option of discontinuing the call

What personal information do we collect?

What personal information we collect and use about you depends on the type of relationship you have with us and the purpose for which the personal information is collected and used. Please see our PAIA manual available on our website for a more detailed description of the personal information we may process about you and other persons. As examples, the personal information we may process includes the following (amongst other types):

Information about you and your beneficiaries

For example, name, identity number, age, gender, date of birth, nationality, occupation, lifestyle, financial affairs, bank account, current status of health, medical history and information. If you make a claim, we may also collect personal information from you about the claim and any relevant third parties. We acknowledge that information about your health is special (sensitive) personal information. Note that we will use that information in accordance with applicable laws and for business purposes (including assessing the terms of a contract, dealing with changes to a product/service or dealing with claims and benefit payments).

Contact information

In some cases, for example, we may receive your or your beneficiaries’ email, address, phone number and postal address.

Financial information

We may process personal information related to payments you make or receive in the context of an insurance policy, claim or benefit payment. We may process information regarding your income, expenses, assets, liabilities, investments, retirement and other inancial provisions in the context of providing financial services and paying benefits or claims.

Contractual information

For example, details about the policies and benefits you hold and with whom you hold them.

Criminal, misconduct or similar information

For example related to retirement fund claims, deductions or FICA, as well as health information relevant to a policy, claim or benefit payment. We recognise this is special personal information.

In certain instances, we may need consent to process your personal information. If you give us your consent for a specific context, you are free to withdraw this consent at any time. Please note that where you have withdrawn your consent, this will not affect the processing that took place prior to such withdrawal and it will not affect the processing of your personal information where consent is not required.

You may refuse to provide us with your personal information in which case we may not be able to provide you with a relevant service or would have to terminate our business relationship.

Sharing of your information with third parties

We will only share your personal information with third parties where there is a legitimate reason to do so. We prioritise the privacy and security of your personal information and are careful about who we give your personal information to. To achieve our purposes, we may provide certain personal information to the following persons, amongst others:

  • Within the Sygnia Group and with service providers who are involved in the delivery or administration of products or services to you or us. We will ensure that we put agreements in place so that our service providers comply with privacy
    requirements. We may share your FICA related information within the Sygnia Group;
  • With other third parties in relation to the purposes set out under the section above headed: ‘How we use your informationn and what we use it for (purpose)’;
  • With insurers, public bodies and law enforcement (either directly or through shared databases) for fraud detection and prevention;
  • Where we have a legal obligation or duty to disclose your information, or it is necessary to protect our legal rights orwhere it is in your or our legitimate interests;
  • With reinsurers who provide reinsurance services to Sygnia;
  • To comply with any relevant legislation or regulation;
  • To comply with any legal process;
  • Your financial intermediary, representative or agent;
  • To a regulator, authority or government entity (for example, the South African Revenue Service, Financial Intelligence Centre, Information Regulator, Financial Services Tribunal, CIPC, JSE, Strate, Financial Sector Conduct Authority or Prudential Authority);
  • Your employer (where relevant);
  • Our retirement funds and their auditors, consultants and actuaries;
  • Banks and brokers that we trade with on behalf of our clients;
  • Our auditors and B-BBEE rating agency;
  • Our insurers and insurance broker;
  • Our legal representatives and consultants;
  • Our employees, agents, other service providers and directors;
  • Our shareholders (where relevant);
  • Ombuds, including the Pension Funds Adjudicator; and
  • Other persons lawfully entitled to receive your personal information

Sometimes we may – for legitimate purposes – share aggregated information with our stakeholders and business partners (for example, demographic data) in a manner that does not identify the persons to whom the information applies. However, we will not disclose your personal information to third parties unless there is valid processing ground as set out in section 11 of POPIA.

We will never sell, rent, or trade your personal information to any third party.

Special (sensitive) personal information

We process special personal information for legitimate and lawful business reasons. This may include, depending on the context, information about your:

  • Racial or ethnic origin: Information about a person’s background and heritage.
  • Criminal behaviour: Information about past or alleged criminal offenses.
  • Religious or philosophical beliefs: Information related to a person’s faith or worldview.
  • Trade union membership: Information about whether a person belongs to a labor union.
  • Political opinions: Information about a person’s political affiliations or views.
  • Health: Information about a person’s physical or mental well-being.
  • Sex life: Information about a person’s sexual orientation or activities.
  • Biometric information: Information derived from unique physical characteristics like fingerprints or facial recognition.

This type of information is considered sensitive because it can be used to discriminate against or harm you if misused.

We will collect and use your special personal information on the following grounds:

  • The person provide consent for the processing of their special personal information;
  • To establish, exercise, or defend a legal right or obligation;
  • To comply with an international public law obligation;
  • For historical, statistical, or research purposes and serves a public interest;
  • For historical, statistical, or research purposes and consent is difficult or impossible;
  • If the data subject has deliberately made the information public;
  • If POPIA permits us to process the special personal information specifically; or
  • With the prior authorisation of the Information Regulator.

Children’s personal information

Sygnia is committed to complying with all applicable laws aimed at the protection of children, as children are vulnerable and require special protection, and specifically, in terms of this privacy notice, the protection of their personal information. Sygnia, where necessary, processes the personal information of children as part of its normal business activities, for example where a child is a client or beneficiary of a benefit payment.

However, Sygnia will only processes the personal information of children, where one of the following grounds exists:

  • A responsible party may rely on certain grounds to process the personal information of children (section 35).
  • With the prior consent of a competent person (for example, a parent);
  • For the establishment, exercise or defence of a right or obligation in law;
  • It is necessary to comply with international public law;
  • For historical, statistical, or research purposes where:
    — It is in the public interest and is necessary for a specific purpose
    — processing does not adversely affect the individual privacy of the child
  • The child deliberately publicised their personal information with a competent person’s consent; or
  • With the Information Regulator’s prior consent.

For more specific information about how we collect and use special personal information or children’s personal information as well as the justifications we rely on to do so, please contact our Deputy Information Officer.

How long do we keep your personal information for?

We keep your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. After that, we will restrict it or destroy it if we are no longer authorised or required to keep it in terms of law, agreements or consent.

Where we destroy or delete personal information about you, we will do so in a manner that ensures your personal information remains secure.

If we use personal information to make a decision about you, we will retain that personal information for a period that is reasonable in order to allow you to ask about the personal information.

In some circumstances, you can ask us to delete your personal information. We will delete the information from our operational environment and make sure that it is put beyond use with regards to any backups

Your rights

You can request access to personal information we hold about you and ask us to update, correct or delete it. Please note that we may decline your request to delete the information if we are required to keep it in terms of other legislation or if it has been de-identified. You can find more information in the PAIA Manual on our website, or you can email InformationOfficer@sygnia.co.za.

You may object to the processing of your personal information if you think that, in your situation, it will affect your fundamental rights and freedoms. Even if you object, however, we may be compelled by legislation to continue processing your information. In such an instance, we will demonstrate our obligation before continuing to process your information. You may also request that we suspend the processing of your personal information in the following situations:

  • If you want us to establish the information’s accuracy;
  • If our use of the information is unlawful, but you do not want us to delete it; or
  • You have objected to the use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Under certain circumstances, you can also request a transfer of your personal data to you or a third party. We will provide yournpersonal information in a structured, commonly used, machine-readable format.

You have the right to unsubscribe from any direct marketing communication we send you.

International transfers of personal information

Some of the persons to whom we disclose your personal information may be situated outside of the South Africa in jurisdictions that may not have similar data protection laws o South Africa. We may send your personal information to service providers outside of the RSA for storage or processing on Sygnia’s behalf. However, we will not send your information to a country that does not have information protection legislation similar to that of South Africa, unless we have ensured that the recipient agrees to adhere to the principles for processing of information in accordance with POPIA.

Complaints

If you are unhappy with how we have used your personal information, please get in touch with us, by contacting our Deputy Information Officer.

If you are not satisfied with the outcome, you can lodge a complaint with the Information Regulator using the contact details listed below.

Information Regulator contact details:

Telephone: 08000 17 160 | 010 023 5200
Address: Woodmead North Office Park,54 Maxwell Dr, Woodmead, Johannesburg, 2191
Complaints email (POPIA): POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint
Complaints email (PAIA): PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from a public or private body for access to records you may use this email
address to lodge a complaint.
General enquiries email: enquiries@inforegulator.org.za

Changes to this privacy notice

We regularly review this Privacy Notice and may change it from time to time; the Privacy Notice is updated regularly on our website.

This Privacy Notice was last updated in February 2026.

We review this Privacy Notice from time-to-time and thus it may change from time to time. You will need to access the Privacy Notice on our website in order to view changes or updates.

You may download the notice here.