Last updated 06 July 2021
1. Background and Principles
The right to privacy is recognised and protected in the South African Constitution and in the Protection of Personal Information Act 4 of 2013 (“POPI”). Fulcrum is committed to protecting the personal information that we process and that is under our control.
The Fulcrum Group of Companies (“Fulcrum”) is the foremost independent provider of financial services to the South African insurance industry. We offer innovative, effective premium collections and premium finance services to insurers, brokerages and UMA’s.
Fulcrum Collect (Pty) Ltd is a regulated entity in the Insurance Sector and is a registered financial services provider. Fulcrum Collect is a specialist premium collection agency with a TPP license and subject to oversight from the Payments Association of South Africa. Fulcrum Collect (Pty) Ltd ensures that premium collections for brokers, UMA’s and insurers are accurate, timely, efficient and risk free. Fulcrum Collect (Pty) Ltd also collects payments in retail or other business sectors.
Fulcrum Group (Pty) Ltd offers premium finance services to personal and corporate policyholders with annual policies. In particular, Fulcrum Group (Pty) Ltd services companies covered by multiple lines of insurance with various insurers; or companies that pay annual premiums.
In this Privacy Notice, reference to Fulcrum shall include Fulcrum Group (Pty) Ltd and Fulcrum Collect (Pty) Ltd, as well as any associated companies within the Fulcrum group structure.
Fulcrum’s Privacy Notice is intended to explain to our clients what personal information we process as a company, and how this personal information is used and safeguarded.
FULCRUM COLLECTS DATA AND PERSONAL INFORMATION FROM DIFFERENT SOURCES AND PLATFORMS
- 2.1 Website traffic
We will monitor all traffic on our Fulcrum website and may collect and analyse data of the website traffic. Where you have not consented to the collection of your data by accepting our website cookies, we will ensure that all data collected is de- identified before it is collected.
- 2.2 Client onboarding and contracts
Fulcrum will collect certain information directly from our clients or prospective clients in order to onboard them as a client and to finalise a contract with them. We do make sure that we have consent of the prospective client to collect their information for purposes of putting together a services proposal and thereafter to conclude a contract.
- 2.3 Marketing
Fulcrum may also collect market related information that is publicly available from public websites and platforms for marketing purposes. Other sources of public information include company registers, online search engines, social media, newspapers and magazines. Reference may also be made to lists published by industry regulators.
- 2.4 Third Parties
Information regarding prospective clients may also be obtained from business partners and we may potentially be referred to a client by an insurer or broker.
The Company may process personal information from any of the following categories:
- Basic personal information (for example first name, last name, email address)
- Authentication information (for example usernames and password)
- Prospective client commercial information (for example volume and value of the collections book, value of premium collected, number of collection transactions, debit order dispute and return rates, debit order mandate information, insurance policies and cover, premium payments, insurers, value added providers, underwriting managers)
- Contact information (for example work email and phone number)
- Policy holder information for collection services (for example first and last name, policy numbers)
- Company information (for example registration numbers, VAT number, physical and postal address, email addresses and contact numbers, financial statements and information)
- Director and signatory information (for example full names)
- Financial information (for example annual financial statements)
- Location information (for example, geo-location network data)
- Special Personal information as identified in section 26 of POPI ,including surveillance footage of persons entering our office building
- Any other Personal Information identified in section 1 of POPI
Save for video images captured in our surveillance footage, we do not keep any special personal information relating to our clients. Should we be required to process special categories of personal information at the instruction of a client, we will request that our client warrant that such processing is authorised by law.
Fulcrum uses video surveillance at our offices situated at Ballyoaks Office Park, 1st Floor Lacey Oak House, 35 Ballyclare Drive, Bryanston, 2191. Video Surveillance is used to increase overall safety and physical security of our employees and those visiting the Company’s premises, as well as to protect against theft, vandalism and damage to Fulcrum’s goods and property. Generally, recorded images are routinely destroyed or overwritten every seven days and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority.
will use the information that we collect about our clients to
- Approach you for marketing purposes (where you have provided your consent)
- Offer you proposals in terms of our service offering with the intention to conclude a services contract
- Perform due diligence checks on you or your business for onboarding purposes (including financial stability and credit scoring)
- Conclude a contact with you, and for all matters relating to our performance under that contract
- Communicate with you and carry out client instructions and requests
- Keep records of the services provided to you, which are kept for as long as it is required for us to perform our obligations under the contract and for such longer period as required by law or for historical purposes, for lawful purposes relating to our business function and activities or to protect our legitimate interests.
In the process of providing our services to you and for purposes relating to our business activities and functions, we may also process your data in the following ways:
- Record details of your interactions with us
- Record telephone conversations or meetings held with you, provided that consent has been obtained
- Record details of information that you have given us and correspondence with you as is required in performance of our obligations.
We will rely on one or more of the following legal grounds in order to process your data:
- Entering into and performing a contract with you for the provision of services
- Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business and which does not materially impact your rights, freedom or interests
- Legal compliance: if the law requires us to, we may need to collect and process your data. As a financial services provider and as a third-party payment provider, we are required to comply with legislative, regulatory and compliance requirements. We may also need to comply with reporting obligations to the regulators, including in relation to money laundering, theft, fraud, corruption and other crimes
- Consent: in specific situations, we can collect and process your data with your permission
- We will not collect any personal data from you that we do not need.
We will rely on one or more of the following legal grounds in order to process your data:
Fulcrum is committed to keeping any data that you provide to us safe and secure. All of our staff therefore undergo comprehensive protection of personal information training on at least an annual basis.
All of our online forms are encrypted which means that the details on them can’t be accessed while the information is transferred to us. Our computer network is protected by anti-virus software and is routinely monitored by our information technology team in order to prevent security breaches.
Emails sent are encrypted through Mimecast and information transferred between systems is also encrypted. Encrypted communication with external parties is dependent on the recipient’s level of protection. If the recipient also makes use of an encryption security provider, the communication is fully encrypted. In cases where the recipient does not utilise a security provider, the communication is only encrypted on Fulcrum’s end.
Email communication is monitored and any emails sent or received which includes reference to or inclusion of any personal information, will be identified and flagged by our security team. A notification will be sent by email to both the sender of the email communication and Information Officer advising of the sensitivity of the information that was included in the email communication.
Fulcrum ensures that a comprehensive security approach is adopted to protect against unauthorised access to, deletion of or destruction of information or damage to information. This approach entails the adoption of principles of generally accepted information security standards and best practice and is codified in our internal information technology policies.
Personal information may be sent to various third parties for business purposes in relation to the services performed by us, or where required by regulatory authorities.
Any information shared with regulators will be communicated to you in advance and will be in accordance with agreed contractual processes.
Below is a list of third parties with whom we may share your data
- Our service providers, such as IT hosting companies, system providers and technology partners
- Our associated companies within our group of companies
- Our employees, as regulated by their employed contracts
- Banks and financial institutions
- Insurers or brokers
- Professional advisors such as lawyers, insurers, accountants, auditors, and financial advisors
- Regulatory authorities including (but not exhaustively) the financial Services Conduct Authority, the Payments Association of South Africa, South African Revenue Service, industry ombudsman, the Information Regulator
- Law enforcement agencies, courts and other tribunals
All Data is stored and hosted within South Africa. Should information be transferred across border for storage or hosting purposes, the hosting jurisdiction shall have the same or higher data protection laws and requirements as provided for under the Protection of Personal Information Act 4 of 2013, alternatively, contractual agreements shall be in place so as to ensure appropriate information technology controls are adopted
We send our existing clients email correspondence which includes marketing material in relation to new services, as well as information relating to existing services. Our clients are given the opportunity to opt out of these emails at each email correspondence.
All direct marketing directed at prospective clients will only be sent out with consent.
10. OUR COMPANY WEBSITE
Our website is for information purposes only. Nothing on our website contains an offer by Fulcrum to do business or to transact with you. Details of the services that Fulcrum offers and any explanations provided, serve only as a guide.
Whilst Fulcrum makes every effort to ensure that this site is updated and accurate, Fulcrum does not guarantee that this site is free of errors, virus and/or interference or interception or that the information contained on this site is reliable.
This site and the information contained in this site is protected by applicable copyright and trademark law.
- 10.2 Website functionally and improvement
The main function of the website is to advertise services offered by the Company. Third party providers hosts and manage the content and improvements made to the website with the approval of senior management.
Cookies are small text files that we transfer to your computer to help the website identify you.
- 10.4 Website updates and amendments
Fulcrum may make changes to our site and/or the materials contained on our website including changes to this Privacy Notice at any time and will make the changed Privacy Notice available on our website.an
You have a number of rights in relation to your own personal data. You have the right to request access to the personal information that we process, the right to request the correction or deletion of the personal information that we process, alternatively to object to us processing that information. Where we process your data on the legal basis of consent, you have the right to withdraw consent. You have the right to lodge a complaint with the Information Regulator where our internal appeal process has first been exhausted.
Where we require your personal information and you have failed to give consent, withdraw consent, object to processing or request deletion of the information, we may not be able to provide services to you as envisaged in our client contracts.
All requests in relation to the exercise of your rights as listed above should be sent to the Information Officer at firstname.lastname@example.org, where your request will be reviewed in accordance with the processes set out by the Company’s Promotion of Access to Information manual. This manual is available on request and is also available on our website.