Privacy Policy
KasiSure — a product of Tsoga Afrika Insurance Brokers (Pty) Ltd
Last Updated: February 2025
1. Introduction
KasiSure ("we," "us," "our"), a product of Tsoga Afrika Insurance Brokers (Pty) Ltd, is committed to protecting the privacy and personal information of individuals ("you," "your") who use our services. This Privacy Policy outlines how we collect, use, process, disclose, and safeguard your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable data protection laws. We are the responsible party for the personal information we process, unless otherwise stated.
2. Information We Collect and Our Lawful Basis for Processing
We collect and process personal information only for specified, explicit, and legitimate purposes, and we will not process it further in a manner incompatible with those purposes. We collect the minimum necessary information, and will inform you should additional information be required. We collect this information directly from you.
2.1 Personal Information
| Type of Information | Purpose of Processing | Lawful Basis for Processing |
|---|---|---|
| Name and Contact Details | To process insurance applications, provide financial services, communicate about our services, verify your identity, prevent fraud, and respond to inquiries. | Performance of a contract, compliance with legal obligations, legitimate interests (fraud prevention, service improvement). |
| Identity Number | To verify your identity, comply with legal obligations (e.g., FICA), and process insurance applications. | Compliance with legal obligations, performance of a contract. |
| Financial Information | To assess eligibility for financial products, process payments, and provide financial advice. | Performance of a contract, consent (where required). |
| Employment Details | To assess eligibility for insurance and financial products. | Performance of a contract. |
| Insurance History | To assess risk, provide accurate quotes, and process claims. | Performance of a contract. |
| Credit Information | To assess creditworthiness for financial products. | Consent, legitimate interests (responsible lending). |
2.2 Technical Information
| Type of Information | Purpose of Processing | Lawful Basis for Processing |
|---|---|---|
| Device Information | To optimize our website and services for different devices, analyze website traffic, and improve user experience. | Legitimate interests (improving our services, ensuring website security and functionality). |
| IP Address | To analyze website traffic, prevent fraud, and ensure website security. | Legitimate interests (fraud prevention, website security). |
| Browser Type | To optimize our website for different browsers and enhance user experience. | Legitimate interests (improving our services). |
| Usage Data | To analyze user behavior, understand how our services are used, and improve our website and services. | Legitimate interests (improving our services). |
| Cookies | We use cookies to enhance your browsing experience. You can manage your cookie preferences through your browser settings. | Consent (where required), legitimate interests (website functionality). |
3. How We Use Your Information
We use your information for the following specific purposes:
- To process insurance applications and provide financial services: This includes assessing your eligibility, providing quotes, managing policies, processing claims, and offering financial advice.
- To communicate with you: We may send you important information about your account, our services, policy updates, and responses to your inquiries. We will obtain your consent for direct marketing communications as outlined in section 9 below.
- To comply with legal and regulatory obligations: This includes complying with laws such as the Financial Intelligence Centre Act (FICA), the Financial Advisory and Intermediary Services Act (FAIS), and other applicable regulations.
- To improve our services: We analyze data to understand how our services are used, identify areas for improvement, and develop new products and features.
- To prevent fraud and ensure security: We use information to detect, investigate, and prevent fraudulent activity and to protect the security of our systems and your information.
- For internal record keeping: We must process your personal information in order to adhere to internal record keeping requirements.
4. Information Sharing
We do not sell your personal information. We may share your information only in the following limited circumstances:
4.1 Third-Party Service Providers (Operators)
We may share information with trusted third-party service providers who assist us in operating our business and providing our services. These service providers are contractually obligated to protect your information and use it only for the purposes we specify. They include:
- Insurance providers: To obtain quotes, process applications, and manage policies.
- Financial institutions: To process payments and provide financial services.
- Credit bureaus: To assess creditworthiness, subject to your consent where required.
- Service providers: Including IT service providers, data storage providers, and marketing service providers.
- Regulatory bodies: To comply with legal and regulatory requirements.
We have written agreements in place with these operators to ensure they comply with POPIA and protect your personal information.
4.2 Legal Requirements
We may disclose your information:
- To comply with applicable laws and regulations.
- In response to lawful requests from public and government authorities, including law enforcement agencies.
- To protect our rights, property, or safety, or the rights, property, or safety of others.
- In emergency situations where the safety of an individual is at risk.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity, subject to applicable data protection laws.
5. Cross-Border Data Transfers
We may transfer your personal information to countries outside South Africa, for example, for cloud storage or data processing by certain operators. When we do so, we will take steps to ensure that your personal information receives an adequate level of protection, such as:
- Entering into standard contractual clauses approved by the Information Regulator.
- Transferring data only to countries that have been deemed to provide an adequate level of data protection by the Information Regulator.
- Relying on other approved transfer mechanisms under POPIA.
6. Data Security
We are committed to maintaining the confidentiality, integrity, and availability of your personal information. We implement appropriate technical and organizational security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption: We encrypt sensitive data during transmission and storage.
- Secure Servers: We store your information on secure servers with appropriate access controls.
- Access Controls: We restrict access to personal information on a need-to-know basis.
- Regular Security Assessments: We conduct regular security assessments and vulnerability testing.
- Staff Training: Our employees receive training on data protection and security best practices.
- Incident Response Plan: We have an incident response plan in place to address any data breaches or security incidents.
7. Data Retention
We will retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by law. Our retention criteria include:
- Legal and regulatory requirements: We retain information for the periods required by applicable laws and regulations.
- Business needs: We retain information for as long as necessary to provide our services, manage our business operations, and maintain accurate records.
- Contractual obligations: We retain information for the duration of our contractual relationship with you and for a reasonable period thereafter.
When your personal information is no longer needed, we will securely delete or anonymize it.
8. Your Rights as a Data Subject
Under POPIA, you have the following rights regarding your personal information:
- Right of Access: You have the right to request access to the personal information we hold about you, including information about the categories of personal information, the purposes of processing, and the recipients of the information.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
- Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (where consent is the lawful basis for processing).
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when the processing is unlawful.
- Right to Object: You have the right to object to the processing of your personal information in certain circumstances, such as when the processing is based on legitimate interests or for direct marketing purposes.
- Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another responsible party in certain circumstances.
- Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Regulator if you believe that we have not processed your personal information in accordance with POPIA.
8.1 How to Exercise Your Rights
To exercise any of these rights, please contact our Information Officer using the contact details provided in Section 10 below. We will respond to your request within a reasonable time and in accordance with POPIA requirements. We may need to verify your identity before fulfilling your request.
9. Direct Marketing
We may use your personal information to send you direct marketing communications about our products and services that may be of interest to you. We will only send you direct marketing communications with your consent, or where we are otherwise permitted to do so under POPIA. You have the right to opt-out of receiving direct marketing communications at any time.
9.1 How to Opt-Out
You can opt-out of receiving direct marketing communications by:
- Clicking the "unsubscribe" link in any marketing email you receive from us.
- Contacting our Information Officer using the contact details provided in Section 10 below.
10. Information Officer
Our Information Officer is responsible for overseeing our compliance with POPIA and for handling any data protection inquiries or requests. You can contact our Information Officer at:
Name: Pallo Marumo
Email: hello@tsogainsure.co.za
Phone: 010 442 6968
Physical Address: Unit 5 Health Emporium, C/O Church and Market Street, Midrand
11. Contact Information
For any privacy-related inquiries:
Website: www.kasisure.app
Email: hello@tsogainsure.co.za
Phone: 010 442 6968
Physical Address: Unit 5 Health Emporium, C/O Church and Market Street, Midrand
12. Complaints to the Information Regulator
If you are not satisfied with our response to your data protection concerns, or if you believe that we have not complied with POPIA, you have the right to lodge a complaint with the Information Regulator. The contact details for the Information Regulator are:
Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.