Privacy Policy
GapRisk – Privacy Policy
GapRisk is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Privacy Policy applies to the GapRisk, our website and governs data collection and usage. By using the GapRisk and our website, you consent to the data practices described herein.
This website Privacy Notice applies to any personal information that GapRisk collects through this website and any other sub-domains: www.gaprisk.co.za and www.gapcover.co.za
1. DEFINITIONS
- Cookie(s) means a small text file (up to 4KB) created by a website that is stored in the user’s computer either temporarily for that session only OR for a period with a reasonable expiry date OR permanently on the hard disk (persistent cookie). Cookies provide a way for the website to recognise you and keep track of your preferences.
- Data means information in electronic format.
- Data Subject means the person to whom personal information relates to.
- IP Address means a unique address that identifies a device on the Internet or local network.
- Personal Information means information relating to you or any other living person or existing legal entity, including but not limited to –
- information relating to the race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person, provided that such information is not in the public domain in the same or in a different format or held by a public body and publicly accessible.
- POPIA means the Protection of Personal Information Act 4 of 2013.
- Regulator means the Information Regulator.
- GapRisk, “we”, “us”, “our” means GapRisk.
- Traffic Data means any data processed for the purpose of the conveyance of a communication on an electronic communications network in respect of the communication and included data relating to the routing, duration or time of a communication.
- User means a person who uses a computer and/or device to access this website.
- De-Identify means to delete any information that identifies a data subject or which can be used by a reasonably foreseeable method to identify, or when linked to other information, that identifies the data subject.
- Web browser means an application used to access and view this website. Well known web browsers include Google Chrome, Mozilla Firefox, Internet Explorer, Edge and Safari.
- Third Party means any affiliated party that we need to share your personal information with, in order to process your personal information for the purpose intended for the product and/or services you signed up for.
2. COLLECTION OF YOUR PERSONAL INFORMATION
We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you and for certain other purposes explained below.
The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
We collect information directly from you where you provide us with your personal details, for example when you purchase a product from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
3. USE OF YOUR PERSONAL INFORMATION AND DISCLOSURE THEREOF
GapRisk collects and uses your personal information to deliver the services you have requested. GapRisk may also contact you from time to time via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
What types of personal information will we request?
- The policy holder’s personal details are required to activate their policy, after activation to access their policy information and for security purposes to ensure that the person doing the enquiry has the right to access the information requested.
- Bank details are required for debit order deductions and claim payments.
- All dependents on the policy are identified by their name, surname and ID or Passport number.
- Medical information is required for the purpose of underwriting and processing claims.
Without this information, we will not be able to activate your cover, access your policy details or collect your premiums.
What types of special personal information will we request?
- Minor children’s name, surname and ID/Passport number for identification purposes.
- Trade union details are only requested, where the Gap Cover product has a special arrangement with the relevant trade union, regarding discounted premiums.
- Medical information relating to pre-existing conditions for underwriting purposes.
- Medical information regarding diagnosis, medical advice, medication, treatments and procedures are required to assess, validate and process a claim.
Without this information, we cannot register your dependents for cover, impose the correct underwriting on your policy, apply the correct premium structure or process your claims.
GapRisk does not sell, rent or lease its customer lists to third parties.
In addition, GapRisk will share data with trusted partners to help us provide you with value added services, send you email or postal mail or provide customer support. All such third parties are prohibited from using your personal information except to provide these services to GapRisk and you as our client, and they are required to maintain the confidentiality of your information according to these privacy terms.
Our third-party affiliations are partners we have agreements with pertaining to a specific service(s) or product(s) you have signed up for. Your personal information will be used only for the purpose for the third-party to provide the contracted service or product to you and your family.
Additionally, each of these affiliated companies may make use of additional third-parties, which should be listed under their specific Privacy Policies.
We may also be required to use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law (for example to protect GapRisk’s interests).
4. INFORMATION SECURITY
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of personal information. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal information is secure.
Our security policies and procedures cover all aspects of Information Security amongst others;
- Physical security;
- Device & Network security;
- System Access;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Governance and regulatory issues;
- Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information, that we remain responsible for, is kept secure.
If for any reason we may need to transfer your personal information to another country for processing or storage, we will ensure that anyone to whom we pass your personal information onto, agrees to treat your information with the same level of protection as we are obliged to.
Wherever personal information is transmitted electronically to you or to a third party, the document is password protected to safeguard your information from any unauthorised access.
Where it is determined that a reasonable period has passed and we no longer are required to retain your information for the purposes for which it was collected, our Data Retention Policy requires us to either destroy, or if that is not possible, to implement data masking of the personal information that we maintain of you.
5. CORRECTION OF AND ACCESS TO PERSONAL INFORMATION
In certain cases, you have the right to object to the processing of your personal information. You also have the right to ask us to update, correct or delete your personal information. You may do this by contacting us at the numbers/addresses provided below.
You also have the right to know what personal information we hold about you. If you wish to receive a copy, please complete a form called a “Personal Information Request Form” downloadable here and specify the information you would like.
In all cases, we will take all reasonable steps to confirm your identity before making changes to or providing the personal information we may hold about you.
Please note that we are entitled to charge a legally allowable fee for this service and will let you know what it is at the time of your request. The general cost can also be viewed on our PAIA Manual which is also located on this website.
6. USE OF COOKIES
GapRisk makes use of Google Analytics, which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
You have the option to opt-out or disable cookies at any time on your computer or browser. Be aware that disabling cookies may affect the functionality of the website. Disabling cookies will usually result in also disabling certain functionality and features of the site. Therefore, it is recommended that you do not disable these.
To disable cookies in the most popular browsers, please follow these links:
7. YOUR ACCEPTANCE AND CONSENT
By using this website and/or our ongoing services for the products and/or services you are signing up with, you expressly agree to the terms and conditions of this Privacy Policy. You also agree that this Privacy Policy applies to any information accessed via the website, and to all sections of the website.
If you do not agree to all the terms and conditions, please do not continue to use the website.
8. CHANGES TO THIS PRIVACY POLICY
We may change the terms and conditions of this Privacy Policy from time to time. Please check this website periodically to be informed of any of these changes. The most updated version of this Privacy Policy will apply each time that you access and use the website.
9. HOW TO CONTACT US
If you have questions about this policy or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us at the following numbers/addresses:
- Call Centre: 021 970 6929
- Contact email: compliance@gaprisk.co.za
- POPIA Complaint Form: Download
10. INFORMATON REGULATOR
If you believe that we have used your personal information contrary to this Privacy Policy, please first attempt to resolve any concerns with us directly using the information above. If you are not satisfied after this process, you have the right to lodge a complaint with the Information Regulator, under the Protection of Personal Information Act.
Their contact details are:
Street Address:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street
Braamfontein
Johannesburg
2017
Postal Address:
P.O Box 31533
Braamfontein
Johannesburg
2017
General enquiries: enquiries@inforegulator.org.za.
Complaints (complete POPIA/PAIA form 5)
Should your PAIA request be denied or there is no response from a public or private
bodies for access to records you may use this email address to lodge a complaint:
PAIAComplaints@inforegulator.org.za
Should you feel that your personal information has been violated,
you may use this e-mail address to lodge a complaint:
POPIAComplaints@inforegulator.org.za
Website: https://www.justice.gov.za/inforeg