Privacy and Security Statement
Coronation Fund Managers Limited and its South African subsidiaries (“Coronation”, “we”, “us”) has prepared this Privacy and Security Statement in accordance with the Protection of Personal Information Act No.4 of 2013 (“POPIA”). The purpose of this Privacy and Security Statement is to outline how we collect, use, store, share, and otherwise process personal information and rights in relation to that information.
Coronation provides investment management services and supplies investment products. All of the personal information we collect, or is provided to us, directly or indirectly is necessary for and/or relates to the delivery of our services/products. We do not process personal information for reasons other than for legitimate business purposes and other lawful purposes.
Please see our PAIA Manual for a description of the types of information we process.
We collect personal information via the following channels:
1. When a client subscribes to a product or service or we obtain a product or service from a service provider or supplier (collectively a “supplier”)
When you become a client/investor/supplier of Coronation, and over the course of our relationship with you, we will obtain your personal information and/or the personal information of your representatives or office bearers. Most of the personal information we collect is necessary for us to comply with our legal obligations or other legitimate business purposes. The collection of this information is mandatory (unless otherwise indicated) and if you don’t supply the information, we will not be able to enter into a contract and / or business relationship with you, or otherwise provide you with a product or service. There may be circumstances in which the supply of certain personal information is voluntary, enabling you to choose how much information you give us. Please note that where you don’t supply voluntary information, this may affect the quality of the service/information we are able to provide to you.
1.1 Where do we get your information from?
The main source of the personal information we have about you, is you. We collect this information as part of our client/supplier on-boarding process and when you correspond with us (via our website, email or over the phone). We rely on you to let us know when your personal information changes.
We may obtain your personal information from third parties. These include, but are not limited to, parties that:
- supply information to assist us to monitor and prevent money laundering and financial crime
- obtain background, criminal and/or credit checks where applicable
- you have appointed to manage investments/business on your behalf or are entitled by law to do so.
We may also source information on you that is available in a public record to assist us in complying with our regulatory, legal, and contractual obligations.
1.2 What do we use your personal information for?
We use your personal information to enable us and our service providers to deliver the product or service you have requested from us, and/or ancillary service, and to fulfil our contractual and legal obligations. This may include, but is not limited to:
- onboarding you if you are a new client, processing your instructions, enabling payments to be made, investigating complaints, sharing your information internally and with our service providers that we rely on to deliver the product/service, process your instructions or otherwise provide an ancillary service to you, and generally for the purposes of meeting our responsibilities to you and the administration of any agreement that we have concluded with you or any investment that you have made with us;
- if you are a supplier, onboarding you as a supplier, enabling payments to be made and generally for purposes related to the administration of your agreement with us;
- helping us identify you when you contact us and for communicating with you (including for the purposes of sending required reports and other information, and responding to your requests);
- ensuring you meet the requirements for investment into a particular product;
- providing you with publications (including, without limitation, articles, bulletins, podcasts, greeting cards, visual or audio recordings of webinars) and/or invitations to attend and/or participate in any Coronation events (such as thought leadership events and webinars) or competitions and surveys. Including, where Continuous Professional Development (“CPD”) points are attached to the aforementioned, for the purposes of issuing CPD Certificates when requested by you;
- enabling us to trace you (or your beneficiaries’ whereabouts) when necessary;
- helping us to detect and prevent fraud, money laundering and financial crimes. This includes the recording of calls for regulatory purposes and providing personal information to third parties who assist with the verification of your information or the obtaining of additional information as is needed for us to meet regulatory obligations;
- meeting our contractual, legal, and regulatory obligations, including providing personal information to third parties, such as local and/or international governmental, regulatory and non-regulatory bodies, law enforcement agencies and any other person with whom we are required, by law, to share the information;
- using personal information to conduct research for our internal purposes or to service products, or to help us improve the quality of our products and services;
- for any other purpose related to us conducting our business, including:
- keeping and maintaining financial, client and operational records. Including sharing personal information with third parties that provide us with professional or record keeping services;
- general administration, financial and tax purposes, and to enable us to transact with third party service providers;
- the management and auditing of our business systems and operations;
- reviewing the safety, usability, use and availability of Coronation’s website;
- health and safety purposes and to enable us to monitor premises access and security;
- business continuity and disaster recovery purposes;
- enabling us to adhere to best practice guidelines, where appropriate.
1.3 When do we share your information, and with whom?
Coronation does not sell, rent out or trade your personal information with anyone. Coronation will, however, disclose information under certain circumstances, including, for example, to comply with our legal, regulatory, and contractual obligations, and in order to exercise or defend Coronation’s rights and property.
We may need to share aggregated information with our stakeholders and business partners, but we will not disclose individual personal information in these circumstances, unless legally obliged to do so or upon your express instruction to do so.
We may share your personal information with the following categories of recipients:
- companies in the Coronation group
- foreign and local governmental and regulatory bodies, financial and non-financial regulators and ombudsmen, commissions of inquiry, law enforcement agencies, industry bodies, and any other person with whom we are required, by law, to share the personal information
- your authorised representatives and agents
- corporate social investment partners
- contracted third party service providers that enable us to deliver a product or service to you or provide a product or service to us to enable and/or enhance the functioning of our business. These include, but are not limited to, parties that provide the following types of services:
- Fund Administration
- Capturing, organising, reporting, printing, and storing of data and/or records
- IT, information systems and security
- Professional services providers (for example auditing firms)
- Conducting AML and FICA related checks or otherwise assisting with establishing and / or obtaining additional information on you and your affiliated parties, or assisting with the prevention of fraud and / or financial crime
- Customer satisfaction, quality assurance and research services
- Health and safety
- Facilities management
- Event organisation
- Marketing and advertising
- Banking, trading, and transaction services
- Staff augmentation
We are not able to control all processing of your personal information by third parties, particularly in cases where those parties are not our contracted service providers (like regulators for instance or where you instruct us to provide your personal information to another party on your behalf). We take all reasonable measures to ensure that the third parties that we contract with have appropriate security and privacy safeguards in place.
1.4 Do we transfer personal information outside of South Africa?
Coronation may transfer your personal information outside the borders of South Africa but will only do so in accordance with the requirements of POPIA. Steps are taken to ensure that the third parties we use are bound by laws, binding corporate rules or binding agreements that provide an adequate level of protection and uphold principles for reasonable and lawful processing of personal information referenced in POPIA.
2 The use of our Website, mini-sites, and online platforms (collectively “platforms”)
When you visit and use our platforms, the personal information we collect about you during your visit comes primarily from the information and materials you provide and your communications to us in connection with your use of our platforms. We may also collect information about your transactions and experiences as you utilize our platforms. This is done using "cookies". We may also collect information about your country location so as to display country-relevant content to you.
We place small text files called “cookies” on your device when you visit our website. These files contain a personal identifier allowing us to associate your personal information with a certain device.
- improving the performance of our website;
- tailoring our website’s functionality to you personally by letting us remember your preferences, location, or device type;
- understanding who our audience is so that we provide relevant content to you;
- granting you access to restricted content;
- allowing third parties to provide services to our website; and
- helping us deliver interest-based advertising to you.
Some of the cookies we use are placed by us and others are placed by third parties (i.e. third-party plug-ins, suppliers, or advertisers). These cookies may be deleted at the end of your browsing session, or after a set period, or they may persist on your device until you disable them.
We use the following types of cookies on our website:
Analytics cookies – these cookies give us information about the traffic on our website so that we can measure and improve our website’s performance. The information these cookies collect is aggregated and therefore anonymous.
Functional cookies – these are cookies that remember who you are as a user of our website. We use them to remember any preferences you may have selected on our website, like saving your username and password or settings. They enable the website to provide enhanced functionality and personalisation. They may be set by us or third parties whose services we have added to our pages. If you disable these cookies then some or all of these services may not function properly.
Marketing cookies – these cookies may be set through our site by our advertising partners and may be used by those companies to build a profile of your interests and show you relevant content on other sites. They may also be used to limit the number of times you see an advert. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you disable these cookies you will experience less targeted advertising.
Strictly Necessary cookies – these cookies are necessary for the website to function and cannot be disabled. Without these cookies, some parts of our website will not work.
Strictly Necessary cookies will always be enabled on our site. Analytics, Functional and Marketing cookies are enabled by default but may be disabled by you. Your internet browser generally accepts cookies automatically, but you can often change this setting to stop accepting them. You can also delete cookies manually. You can read how to do this at at Digital Trends.
Deleting or no longer accepting cookies may prevent you from accessing certain aspects of our website where cookies are necessary or because the website forgot your preferences.
2.2 Non-public areas of the website
Users of the non-public areas of our website will be required to identify and authenticate themselves prior to accessing our services. Generally, identification and authentication take place using your username, password, and One-time PIN (OTP). Your use of the non-public areas of the website are due to your being a client of ours and section 1 above applies to the processing of your personal information that we obtain in the course of your using these non-public areas.
2.3 Subscriptions to publications
When you subscribe, on our website or through any other platform, to receive a publication, we collect your personal information you provide for the purposes of sending you the publication(s). We may also use your information to provide you with other publications (including without limitation articles, bulletins, podcasts, visual or audio recordings of webinars) and/or invitations to attend and/or participate in any Coronation events (such as thought leadership events and webinars) or competitions. You will have the opportunity to unsubscribe at any time. We may share your personal information with third parties that enable us to provide you with this service, where the information may be sent cross-border. If your personal information is sent cross-border, this will be done in compliance with POPIA.
2.4 The “Contact Us” section of our website
When you use the Contact Us section of our website, we collect the personal information you provide to us to respond to you and for further communications with you. We may share your personal information with third parties that enable us to address your query accurately and completely, where the information may be sent cross-border. If your personal information is sent cross-border, this will be done in compliance with POPIA.
2.5 Other disclosures
If you use our website and follow a link from it to another website, different privacy notices/statements may apply. Before you submit any of your personal information to another website, you should read that website’s privacy notice/statement.
By using our website, you are accepting the terms of this Privacy and Security Statement and you consent to the collection, processing, further processing, and storage of your personal information as contemplated in this Privacy & Security Statement.
3. Special Personal Information
Special Personal Information is particularly sensitive information. It includes religious/philosophical beliefs, race/ethnic origin, trade union membership, political persuasion, health or sex life or biometric information. It also includes criminal behaviour to the extent that it relates to the alleged commission of an offence or related proceedings. We will only process Special Personal Information as permitted in accordance with POPIA.
4. How long do we keep your information for?
We may hold your personal information after your relationship with us ends.
We will at your request, return to you or destroy, all your personal information and may, after receiving such a request, retain copies only to the extent required by applicable law or regulation or reasonably required for a lawful purpose related to our functions or activities, subject to us continuing to meet our obligations regarding the processing and safeguarding of such personal information. If you don’t submit such a request to us, we shall retain your personal information in accordance with our retention policies for as long as we consider appropriate in our discretion or, for so long as is reasonably required for any lawful purpose related to our functions or activities, provided that we then continue to comply with our obligations in relation to the processing and safeguarding of your personal information.
Regarding our back-up procedures, please note that the integrity of our back-ups is essential to our operations and to our clients, suppliers, and other stakeholders. Deleting single data entries from compressed back-up files may jeopardise the integrity of the entire back-up file and may negatively affect our ability to recover data for business continuity and disaster recovery purposes. Should the personal information you want deleted be stored in back-up files, we will let you know if it is possible to delete this data. Access to our back-up files is restricted and is not used in any of our production (live) systems, unless required for business continuity or disaster recovery purposes.
5. Your rights as a Data Subject
You have certain rights regarding your personal information that are afforded to you by law. These rights are not without limitation and there may be circumstances where you won’t be able to exercise these rights. Where applicable you have the right to:
- request confirmation on which of your personal information is / has been collected and information on the identity of all third parties or categories of third parties who have / have had access to it (subject to any legal or regulatory obligations preventing us from providing the information to you).
- request the correction of your personal information held by us at any time.
- object to the processing of your personal information or withdraw consent once given to Coronation. Coronation will advise you of the consequences of that objection/withdrawal. Coronation might not be able to give effect to an objection/withdrawal if the processing of the personal information was and is permitted by law, you provided consent to the processing, and our processing was already conducted in line with your consent or the processing is necessary to perform contractual/legal obligations.
You may want to discontinue receiving communications from Coronation. While this may mean that you will not receive product or service information that may be of interest to you, we will respect your wishes not to receive these communications. If this is the case, please e-mail us at email@example.com and specify that you would like to be removed from the Coronation e-mail database. You will also be provided with an "unsubscribe" link in communications we may send you.
Although we would appreciate the opportunity to first deal with any complaints you have about our processing of your personal information, you have the right to lodge a complaint with the Information Regulator if you think that we have infringed any of your rights. You may contact the Information Regulator at:
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email Address (general enquiries): firstname.lastname@example.org
Email Address (complaints): POPIAComplaints@inforegulator.org.za
We take the management of privacy risk seriously and aim to mitigate the risks associated with processing personal information as far as possible. We take all reasonable technical and operational precautions to prevent the loss and/or misuse of personal information. We can, however, not guarantee the security of any information you transmit to us electronically and you do so at your own risk.
We employ various measures to protect the confidentiality, integrity and availability of personal information and review the adequacy of these measures on an ongoing basis. These measures cover:
- Network and device security
- Physical security
- Access and password controls and monitoring
- Acceptable Use policies
- Data Breach Response Procedures
- Adherence to best practices and standards
- Third party contracts contain appropriate security and confidentiality obligations
7. Contact Information
Please contact us if you have any questions about this Statement:
Coronation Fund Managers Ltd (and its South African subsidiaries):
- Coronation Asset Management (Pty) Ltd
- Coronation Investment Management International (Pty) Ltd
- Coronation Alternative Investment Managers (Pty) Ltd
- Coronation Life Assurance Company Limited
- Coronation Management Company (RF) (Pty) Ltd
- Coronation Investment Services (Pty) Ltd
- Coronation Investment Management SA (Pty) Ltd
7th Floor MontClare Place
Corner of Campground and Main roads
Cape Town, South Africa
PO Box 44684
By continuing to engage with us, as a client, supplier, visitor to our platforms, or in regard of any service we offer you or in any other capacity, you agree to the terms set out in this Privacy and Security Statement.
Note: Whilst every reasonable care has been taken to ensure the accuracy of the information contained in this Privacy and Security Statement (“Statement”), Coronation does not guarantee its accuracy nor that it will remain accurate. Coronation shall not be liable for any losses or damage suffered arising from reliance being placed upon any of the contents of this Statement. We reserve the right to amend this Statement at any time, and all such amendments will be posted on the Site. Unless otherwise stated, the current version shall supersede and replace all previous versions of this Statement. Please check the Statement regularly to see if any updates or changes have been made. By continuing to use our website and interact with us, you are confirming that you have read and understood the latest version of this Statement.