1.1. Crawford Dougall recognises the importance of protecting your personal information and your right to having your personal information kept private. Crawford Dougall ensures that it adheres to all data protection laws and has the implemented safeguards to ensure that your personal information is kept safe from unauthorised access.
2. Personal Information
2.1. Crawford Dougall aligns its definition of “personal information” with that as set out in the Protection of Personal Information Act, 2013 (POPIA). All information specific to yourself that is provided to us via our website or any other channel will be classified as personal information. This includes but is not limited to personal information that is provided to us in the course of our business, while obtaining a quotation, using our mobile device app, enquiries via e-mail, during requests to amend or view your policy data or for the purpose of recruitment or potential employment.
2.2. This includes but is not limited to the following personal information that you may provide to us:
- General identification and contact information
This includes but is not limited to your name; address; e-mail and telephone details; gender; marital status; family status; date of birth; passwords; educational background; physical attributes; activity records, such as driving records; photos; employment history, skills and experience; professional licenses and affiliations; relationship to the policyholder, insured or claimant; and date and cause of death, injury or disability.
- Medical and health information
This includes but is not limited to your current or former physical or mental or medical condition; health status; injury or disability information; medical procedures performed; personal habits (for example, smoking or consumption of alcohol); prescription information; and medical history.
- Financial information and account details
This includes but is not limited to your payment card number; bank account number and account details; credit history and credit score; assets; income; and other financial information.
- Identification numbers issued by government bodies or agencies
This includes but is not limited to Identity number; passport number; tax number; or driver’s or another license number.
- Telephone recordings
This includes but is not limited to recordings of telephone calls to our representatives and call centres.
- Information to investigate crime, including fraud and money laundering
- Financial Service Providers may share information about their previous dealings with clients and claimants for this purpose.
- Information enabling us to provide financial products and services
This includes but is not limited to location and identification of property insured (for example, property address, vehicle license plate or identification number); travel plans; age categories of individuals you wish to insure; policy and claim numbers; coverage/peril details; cause of loss; prior accident or loss history; your status as director or partner, or other ownership or management interest in an organisation; and other insurance you hold.
- Other sensitive information
In certain cases, we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information. In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud. We may also obtain sensitive information if you voluntarily provide it to us.
- Marketing preferences and customer feedback
You may let us know of your marketing preferences, enter a contest or prize draw or other sales promotion or respond to a voluntary customer satisfaction survey.
3. How do we collect personal information and when will we process it?
- We will only process your personal information for lawful purposes relating to our business if the following circumstances apply:
- You have consented thereto;
- A person legally authorised by you, the law or a court, has consented thereto;
- It is necessary to conclude or perform under a contract we have with you;
- The law requires or permits it;
- It is required to protect or pursue your, our or a third party’s legitimate interest; and/or
- You are a child, and a competent person (such as a parent or guardian) has consented thereto on your behalf.
4. How we process information about persons related to a juristic person
If you are a juristic person, such as a company or close corporation, we may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons.
If you provide the personal information of a related person to us, you warrant that the related person is aware that you are sharing their personal information with us, and that the related person has consented thereto.
5. Personal information of other individuals
If you provide personal information to Crawford Dougall regarding other individuals, you agree to:
- Inform the individual about the content of this Privacy Standard; and
- Obtain any legally required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of personal information about the individual in accordance with this Privacy Standard.
6. Reasons we need to process your personal information
Personal Information may be obtained to:
- Assess insurance risks;
- Enable us to deliver goods, documents or notices to you;
- Carry out your instructions and requests;
- Communicate with you and others as part of our business;
- Send you important information regarding changes to our policies, other terms and conditions, our website and other administrative information.
- Open, manage and maintain your relationship with us;
- To disclose and obtain personal information from credit bureaux regarding your credit history;
- Make decisions about whether to provide insurance; provide insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes;
- For insurance underwriting and administration;
- For customer satisfaction feedback;
- Process your premium and other payments;
- Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers);
- Prevent, detect, investigate and report crime, including fraud, financing of terrorism and money laundering, and analyse and manage other commercial risks. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when obtaining financial services/ products with us, or avoiding liability by way of deception;
- Enforce and collect on any agreement when you are in default or breach of the terms and conditions of the agreement, such as tracing you; or to institute legal proceedings against you;
- Develop, test and improve our products and services for you;
- Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed;
- Allow you to participate in contests, prize draws, competitions and similar promotions, and to administer these activities. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Information, as a result, we suggest that you read these carefully;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
- Process payment instruments (such as a cheque) and payment instructions (such as a debit order);
- Resolve complaints, and handle requests for data access or correction;
- Fulfil reporting requirements and information requests;
- Comply with applicable laws and regulatory obligations (including laws, directives, sanctions and rules outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence);
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners and associates; our rights, privacy, safety or property, and/or that of Crawford Dougall, you or others; and pursue available remedies or limit our damages;
- For security and identity verification, and to check the accuracy of your personal information;
- For any related purposes.
We will take appropriate and reasonable technical, physical, legal and organisational measures, which are consistent with applicable privacy and data security laws. This includes the following:
- Keeping our systems secure (such as monitoring access and usage);
- Storing our records securely;
- Controlling the access to our buildings, systems and/or records;
- and Safely destroying or deleting records.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any personal information you might have with us has been compromised), please call us directly on telephone 031 207 3272.
When we provide personal information to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Information.
8. International (cross border) transfer of personal information
Due to the presence of our business activities in other countries we may transfer Personal Information to parties located outside of the Republic of South Africa that have a different data protection regime. For example, we may transfer Personal Information in order to process international travel insurance claims and provide emergency medical assistance services when you are abroad. We may transfer information internationally to our service providers, business partners and governmental or public authorities.
9. Retention of personal information
- The law requires us to keep it;
- A contract between you and Crawford Dougall requires us to keep it;
- You have consented to us keeping it;
- We are required to keep it to achieve the purposes listed in this privacy standard;
- We require it for statistical or research purposes, we will then de-identify the personal information where necessary; and/or
- We require it for our lawful business purposes.
TAKE NOTE: We may keep your personal information even if you no longer have a relationship with us, if the law permits.
10. Your duties and rights regarding the personal information we have about you
You must provide proof of identity when enforcing the rights below. You must inform us when your personal information changes.
You have the right to request access to the personal information we have about you by contacting us. This includes requesting:
- Confirmation that we hold your personal information;
- A copy or description of the record containing your personal information;
- and The identity or categories of third parties who have had access to your personal information.
We will attend to requests for access to personal information within a reasonable time. You may be required to pay a reasonable fee to receive copies or descriptions of records, or information about, third parties. We will inform you of the fee, if applicable, before attending to your request.
Please note that the law may limit your right to access information. You have the right to request us to correct or delete the personal information we have about you if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if we are no longer authorised to keep it, under certain circumstances. You must inform us of your request in writing.
Please refer to our access to information manual for further information in this regard, such as the process you should follow to give effect to this right. It may take up to 30 business days for the change to reflect on our systems. We may request documents from you to verify the change in personal information.
A specific agreement that you have entered into with us may determine how you must change your personal information provided at the time when you entered into the specific agreement. Please adhere to these requirements.
If the law requires us to keep the personal information, it will not be deleted upon your request. The deletion of certain personal information may lead to the termination of your business relationship with us.
You may object on reasonable grounds to the processing of your personal information. We will not be able to give effect to your objection if the processing of your personal information was and is permitted by law, you have provided consent to the processing, and our processing was conducted in line with your consent; or the processing is necessary to conclude or perform under a contract with you.
You must inform us of any objection in writing.
Where you have provided your consent for the processing of your personal information, you may withdraw your consent. If you withdraw your consent, we will explain the consequences to you. We may proceed to process your personal information, even if you have withdrawn your consent, if the law permits or requires it. It may take up to 30 business days for the change to reflect on our systems. During this time, we may still process your personal information. The withdrawal of your consent may lead to the termination of your business relationship with us.
You have a right to file a complaint with us or the Information Regulator by email at complaints.IR@justice.gov.za about an alleged contravention of the protection of your personal information. We request that you address your complaint to us first at email@example.com
11. Complaint procedure
You have the right to complain in the event your rights in terms of POPIA have been infringed. Crawford Dougall takes all complaints in a serious light and will address all personal information/privacy related complaints in accordance with the following procedure:
You will receive a written acknowledgment of receipt;
The Information Officer will carefully consider the complaint and address the complaint’s concerns in an amicable manner and in accordance with the principles of POPIA;
The Information Officer must also determine whether the complaint relates to an error or breach of confidentiality that has occurred.
Where the Information Officer has reason to believe that your personal information has been accessed or acquired by an unauthorised person, the affected data subjects and the Information Regulator must be informed of the breach;
The Information Officer will revert to you with a proposed solution. In all instances, Crawford Dougall will provide reasons for any decisions taken and communicate any anticipated deviation from the specified timelines;
A response to you may comprise any of the following:
- A recommendation or remedy for the complaint;
- A dismissal of the complaint with reasons as to why it was dismissed; or
- An apology (if applicable) with appropriate action against any persons involved.
- Where you are not satisfied with the outcome or handling of the complaint, you have the right to complain to the Information Regulator
- The Information Officer will regularly review the complaints process and procedure to assess its effectiveness. A root cause analysis of the complaints will be done to avoid reoccurrences that give rise to POPIA related complaints.
12. Who to contact about your personal information?
If you have any queries about our use of your Personal Information you can email: firstname.lastname@example.org