MUA Insurance Acceptances (Proprietary) Limited (“MUA”) is dedicated to protecting the privacy and confidentiality of its customers and takes the responsibility regarding the security of data in its possession and under its control seriously. MUA abides by the provisions of the Protection of Personal Information Act (“POPIA”), of 2013 and is upheld by the Information Officer (IO) and is authorised by the (FSCA) as regulated by the regulator to arrange non-life insurance products. This includes processing any personal information lawfully, fairly and in a transparent manner. POPIA gives effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations. There are several conditions that must be met to ensure that personal information is vastly protected.
POPIA can be obtained from MUA by e-mailing email@example.com.
You must accept all the terms of this policy when you request our services and products. If you do not agree with anything in this policy, then you may not request our services or products. When you request services or products from MUA you will be asked to provide us with additional information on a voluntary basis (goods or services information).
WHO ARE DATA SUBJECTS?
We process the personal information of the following categories of people:
- customers or organisations,
- contractors, vendors, or suppliers, intermediaries
- children and their guardians,
- debtors and creditors,
- dealers, and
- directors and shareholders.
WHO IS THE DATA RESPONSIBLE PARTY?
A responsible party is the public or private body or any other person who alone or in conjunction with others, determines the purpose of and means for processing personal information. The party who controls (the controller) and is responsible to keep and use personal information is the responsible party in relation to the specific personal information.
WHO IS THE DATA OPERATOR PARTY?
A person who processes personal information for or on behalf of the responsible party in terms of a contract or mandate (without coming under the direct authority of the responsible party).
WHAT PERSONAL INFORMATION IS COLLECTED
When you submit an enquiry or if you register on our website, you will no longer be anonymous to us. For MUA to provide you with the requested and / or required products and services, your personal information will need to be processed. MUA will collect information from you, your broker and / or from external sources and certain information will be collected automatically when you visit our website.
The personal information collected may include:
- Your name and surname
- Your contact details such as name, physical and postal addresses, phone numbers, email address
- Your company name, company registration number and VAT number
- Your marital status, employment status, proof of residency
- Government identifiers such as driving licence number
- Claims history
- Location information
- Machine identifiers including IP address
- Information about how you interact with MUA, the website and MUA products and services
- Your payment and banking details in order to complete your purchase of products and services
- Information about others who will be or are included on your policy (which you should have the consent to share)
- Information on your vehicle or property, some of which will be collected from external databases. Example includes geological and flood data from your area
Depending on the goods or services that you require, we may also collect sensitive personal information including your:
- Financial information – such as your bank account details
- Your medical information
- Employment information
- Criminal and / or convictions and / or judgements.
For information on how we deal with cookies, please refer to our Cookies Policy.
”Cookies” are a small data file consisting of encrypted information assigned to a computer, mobile or other device when using a website to recognise repeat users, facilitate the user’s access to and use of a website and allow a website to track usage behaviours and compile aggregated data that allows a website to optimise functionality of the website and improve its content. The type of information collected by cookies is not used to personally identify users. There is a simple procedure in the browser that allows users to accept or reject cookies.
Cookies are used to identify which areas of a website are more frequently visited and enable MUA to deliver content that is specific to the need of users and may be necessary to provide users with certain features available on the website. MUA can thus provide a more valuable online experience with the information received. Although cookies can be disabled by you, this may influence the functioning of the website and is not recommended.
HOW PERSONAL INFORMATION IS COLLECTED
Your personal information is collected when:
- details for a quotation are provided
- enquiries are made about the products through the website
- MUA products and services are purchased or those provided by our services partners
- interacting with MUA or making enquiries
- registering for information or other services
- registering an insurance claim
- responding to communications or a surveys
- MUA requests additional information from you for validation purposes
- You consent to the collection of personal information
If you have a Telematics Unit, the unit captures data and other associated vehicle and driving behaviour related information from your vehicle. This information includes:
- Other associated vehicle information.
Telematics systems normally collect information while a vehicle is being used and transmit this to the suppliers after a delay. Instances where the Telematics systems may send real-time data and alerts to the suppliers include where a collision or crash is detected, if the device’s tamper alerts are activated, or if it is at request, for example if the vehicle has been stolen and a Theft Tracking service has been activated. MUA has the right to request the telematics data collected from the supplier when such a unit is a requirement on the policy.
DRIVING LICENCE INFORMATION
MUA may collect driving licence information as part of an application for motor insurance or when making a claim.
Driving licence number is used to do a check with the eNatis database, to retrieve the required information such as:
- Type of licence held
- Length of time licence has been held
- Entitlements to drive
- Convictions and / or charges
- Conviction dates
- Disqualifications (endorsement, suspension and / or cancellation of licence).
The data collected may be used in conjunction with other information provided:
- To calculate an insurance quotation
- To administer the policy
- For anti-fraud purposes.
This information will not be used for any other purpose or be available to third parties. Only the motor insurance industry may use this information. If you request a quotation and decide not to proceed with the policy provided by MUA, the data returned will be retained in accordance with the industry retention requirements, whereafter it will be deleted.
Searches may be carried out prior to the date of the insurance policy and at any point throughout the duration of your policy including at the mid-term adjustment and renewal stage.
When applying for an agency (as a broker), requesting a quotation and / or a policy, at renewal, and in certain circumstances where an amendment to your contract and / or agreement is requested, we make several checks to assess your application for credit and verifying identities to prevent and detect crime and money laundering. To obtain this information, we will check the following records about you and anyone else who may also be insured and whose personal details have been provided as part of any service request and / or application.
- MUA records
- Credit reference agencies records. A search from us will place a search footprint on your credit file that may be seen by other entities. Credit reference agencies supply both public, and shared credit and fraud prevention information.
- Fraud Prevention Agencies records.
The credit reference agencies will record details of the search whether or not your application proceeds. The searches will not be seen or used by lenders to assess your ability to obtain credit. Scoring methods are used to assess your application and to verify your identity.
Credit searches and other information which is provided to MUA and/or the credit reference agencies, about you and those with whom you are linked financially, may be used by MUA and other companies if you, or other members of your household, apply for other facilities including insurance and claims. This information may also be used for debt tracing and the prevention of money laundering as well as the management of your account. Alternatively, physical forms of identification may be requested from you.
If you provide MUA with false or inaccurate information and we suspect identify fraud, it will be recorded and may also be provided to Fraud Prevention Agencies and other organisations involved in the prevention of crime and fraud.
If it is determined that you pose a fraud or money laundering risk, we may refuse to provide the products and services you have requested, or to employ you, or we may stop providing existing products and services to you.
CALL RECORDING AND MONITORING
All calls, emails, electronic messages, and other communications are recorded and monitored for:
- Business purposes such as quality control and training
- Processing necessary for entering or performance of a contract and / or agreement
- Prevention of unauthorised use of MUA telecommunication systems and websites
- Ensuring effective systems operation
- Meeting any legal obligation
- Protecting your interests
- Prevention and detection of crime
- For the legitimate interests of the responsible party
BANKING DETAILS – SECURE DATA EXCHANGE
When you apply for an agency or financial product and services, or during the course of your agreement and / or contract with MUA, you may be asked to share access to your chosen bank and / or financial institution account data.
When you share your bank and / or financial institution account data with us, we will use the information you provide for the following purposes:
- To check the accuracy of other information you have provided to us
- To manage your ongoing relationship with us
- To help us prevent criminal activity and financial crime including fraud and money laundering and identity theft.
HOW YOUR PERSONAL INFORMATION IS USED/PROCESSED
- Personal information collected from you could be used or processed for a wide range of reasons:Collecting requests for and providing our services and product
- Managing our contracts with various data subject
- Processing your quotation or agency application
- Administering your policy, including claims handling
- Communicate with you and others as part of our business
- Keeping our data subject records and information up to date
- Make decisions about whether to provide insurance; provide insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes
- Provide training (intermediaries) and providing support to customers
- Fraud detection and prevention
- Credit scoring or other decision-making
- Verifying your identity when required
- Undertaking market research, product development and statistical purposes
- To provide you and other customers with relevant information through the marketing programme
- Keeping you informed about new product developments by email, telephone, electronic communication, social media or post (dependent on your preferences)
- Processing the renewal of your policy
- Send you important information regarding changes to our policies, other terms and conditions, the online services and other administrative information
- Provide marketing information
- Resolve complaints, and handle requests for data access or correction
- Employee management
- Internal audits
- Complying with regulations or pursuing good governance
- For assessment and analysis to enable us to review, develop and improve the services and products offered; and
- Refining pricing models and using collected data to accurately price individuals across all our insurance products.
When you make a claim
Your claims and conviction history might be investigated in the course of assessing the claim. You can be assured that we will keep such investigations strictly confidential.
We pass information to the Claims and Underwriting Exchange Bureaus. This helps insurers to check information and prevent fraudulent claims.
If you are involved in a road traffic accident (in South Africa or the territorial limits), insurers may verify the relevant information.
WHERE WILL COLLECTED PERSONAL DATA BE PROCESSED?
Your personal data may be processed both inside and outside of South Africa. Whenever we transfer your personal data for processing outside of South Africa it is subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorised to process them.
DISCLOSURE OF PERSONAL INFORMATION
Your personal information may be shared with:
- other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services);
- our goods or services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit);
- credit bureaus to report account information, as permitted by law; and
- other third parties who provide us with relevant services where appropriate.
MUA may disclose your personal information as required by law or governmental audit:
- requested to do so by any regulatory authority and the regulators appointed by such regulatory authorities for the various financial sectors
- compelled in terms of a court order or by law
- to protect the safety of any individual or the general public; and
- to prevent violation of our customer relationship terms.
International transfer of Personal Information
Personal information is transferred across borders via cloud-computing to mitigate the personal information breach risks. MUA has taken reasonably practicable steps to ensure that the cloud-based service provider complies with the POPIA and MUA has an agreement with the services provider, aimed at ensuring that appropriate security for the protection of personal information is established and maintained.
These circumstances include:
- Enriching our data sets with information from external databases in order to provide a quotation. Examples of this may include checking your driving license number or checking your address against flood databases.
- Comparing our records with those of third parties.
- Sharing with other insurers, re-insurers, brokers, and other third parties who assist us in administering your insurance contract and/or financial products and services.
- Servicing your claim and sharing with companies that assist us such as loss adjusters, claims administrators, our approved repairers’ network, medical professionals, and any company representing third parties to the claim.
- Sharing with carefully selected partners in order to add value to our products.
- Sharing with third parties so they can provide you with a survey.
- Building a marketing profile to find similar customers with similar needs.
- Sharing with regulatory or public bodies such as the FSCA, Financial Industry Ombudsmen.
MUA takes the security of personal information very seriously and endeavours to comply with applicable data protection laws by maintaining reasonable measures to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction.
On any MUA online platform and/or website portal (“non-public online services”) your personal information is protected by providing you with a User ID and password in order to obtain information. We also use industry standard security to encrypt sensitive data in transit to our servers.
The User ID and password helps us to protect your personal information. You must keep this password safe and must not disclose it to anyone. Some suspicious emails contain attachments or links to websites that try to install malicious software on your computer. If you have entered your password on what you think might be a malicious website, please contact MUA immediately and ask us to change your password.
Many organisations use security features such as firewalls to protect their computer systems. These firewalls may prevent you from connecting to our secure server. If you are at work and cannot connect to the MUA website, please speak to your IT administrator.
Please be aware that communications over the internet, such as emails, are not secure unless they have been encrypted. Your communications may route through several countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
MUA cannot guarantee the security of information that is transmitted to MUA electronically as such transmissions are susceptible to unlawful access or monitoring. Any electronic transmissions made by you to MUA are at your own risk.
Additionally, you can protect your system by installing anti-virus and running scans. You should also run any security updates or patches you receive for your system from the supplier.
Never respond to unsolicited emails from unfamiliar sources. Such emails may be fraudulent and attempt to get you to provide your personal details or payment information. Only authorised employees, agents and representatives of MUA will have access to your personal information and all of MUA’s employees, service providers and marketing partners are bound by confidentiality agreements and obliged to comply with strict standards of privacy and confidentiality.
MUA shall take appropriate and reasonable technical and organisational measures to prevent the loss of or damage to or unauthorised destruction of data and the unlawful access to or processing of personal information. MUA will also ensure that all its systems and operations which it uses to provide the products and services, including all systems on which personal information is processed as part of providing the products and services, shall always be of a minimum standard required by all applicable laws and be of a standard no less than the standards which are in compliance with the best industry practice for the protection, control and use of data.
RETENTION OF INFORMATION
MUA will not retain your personal information for longer than is necessary and will hold it only for the purposes for which it was obtained unless:
- retention of the record is required or authorised by law; or
- you have consented to the retention of the record.
During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information. We may retain your personal information in physical or electronic records at our discretion.
Complaints relating to processing of your personal data
If you have any complaints relating to the processing of your personal information, you also have the right to complain to the relevant Regulatory Authority. The Information Regulator can be contacted at:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: firstname.lastname@example.org
Sign up to our newsletter
Stay ahead by subscribing to “The Pulse,” an exclusive quarterly newsletter tailored for MUA brokers. Join us on this journey of knowledge and never miss a beat with “The Pulse” always at your disposal.