POPIA Notice

1. What is POPIA?

The Protection of Personal Information Act, 4 of 2013 (POPIA) is South Africa's primary data protection legislation. It regulates how organisations — called "Responsible Parties" — collect, use, share, store, and destroy personal information about individuals and juristic persons ("Data Subjects").

POPIA establishes eight conditions for the lawful processing of personal information and grants Data Subjects specific rights in relation to their personal information. Compliance with POPIA has been mandatory since 1 July 2021.

2. Responsible Party

In terms of POPIA, the Responsible Party is the party that determines the purpose and means of processing personal information. For all personal information processed in connection with this website and the services of Mageba Gasela (Pty) Ltd, the Responsible Party is:

3. Information Officer

In terms of POPIA, every Responsible Party must designate an Information Officer who is responsible for ensuring compliance with POPIA within the organisation. The Information Officer of Mageba Gasela (Pty) Ltd is:

The Information Officer has been duly registered with the Information Regulator as required by section 55(1) of POPIA.

4. Personal Information We Process

In the course of conducting our business as a licensed insurance brokerage, we may process the following categories of personal information:

Contact and Identity Information

• Full name and surname
• South African ID number or passport number
• Date of birth
• Physical and postal address
• Email address and telephone number

Financial and Insurance Information

• Banking details (where required for premium collection or claims payment)
• Vehicle registration and description details
• Property details and valuations
• Claims history and prior insurance information
• Premium payment records

Business Information (for commercial clients)

• Company registration number
• VAT registration number
• Business financial information relevant to commercial cover
• Director and officer details

Website Usage Data

• IP address and device information
• Browser type and version
• Pages visited and time on site
• Cookie data (with consent)

5. Purpose of Processing

We process personal information only for the following specific, defined purposes:

• To provide insurance brokerage and intermediary services as authorised under FSP: 50630
• To obtain, compare, and place insurance quotations and policies on your behalf
• To administer, renew, and manage insurance policies
• To process and assist with insurance claims
• To communicate with you about your policy, enquiry, or claim
• To comply with legal and regulatory obligations under FAIS, FICA, POPIA, and other applicable legislation
• To maintain accurate and complete business records
• To improve our website and service delivery

We will not process your personal information for purposes other than those stated above without your prior, specific, and informed consent.

6. Conditions for Lawful Processing

POPIA sets out eight conditions for the lawful processing of personal information. We confirm that our processing complies with all applicable conditions:

• Accountability: We take responsibility for ensuring that our processing of personal information complies with POPIA.
• Processing limitation: We only collect personal information that is adequate, relevant, and not excessive for the identified purpose.
• Purpose specification: Personal information is collected for a specific, explicitly defined, and lawful purpose.
• Further processing limitation: We do not process personal information in a manner incompatible with the original collection purpose.
• Information quality: We take reasonable steps to ensure information is accurate, complete, and up to date.
• Openness: We maintain documentation of all processing activities and disclose our practices through this Notice and our Privacy Policy.
• Security safeguards: We implement appropriate technical and organisational security measures.
• Data subject participation: We facilitate the exercise of Data Subject rights as described in Section 8 below.

7. Special Personal Information

POPIA provides heightened protection for certain categories of "special personal information", including information relating to health, race, ethnicity, political persuasion, trade union membership, religious beliefs, criminal history, and biometric data.

We do not routinely collect special personal information. In limited cases where health information may be relevant to a life or disability insurance enquiry, we will obtain your explicit consent before collecting or processing such information, and will use it solely for the purpose for which consent was given.

8. Your Rights as a Data Subject

POPIA grants you the following rights in relation to your personal information held by us:

To exercise any of these rights, submit a written request to our Information Officer at info@magebagasela.co.za. We will respond within 30 days of receipt. We may ask you to verify your identity before processing your request.

9. Cross-Border Transfer of Personal Information

We generally process and store personal information within the Republic of South Africa. In limited circumstances, personal information may be transferred to a third party in a foreign country — for example, where an international insurer or reinsurer is involved in placing your cover.

Any cross-border transfer of personal information will only take place where the recipient country provides an adequate level of protection, or where adequate contractual safeguards are in place, in accordance with section 72 of POPIA.

10. Information Security

We take the security of your personal information seriously. We have implemented reasonable technical and organisational security measures to prevent loss, damage, unauthorised access, disclosure, alteration, or destruction of personal information in our possession.

Our security measures include, but are not limited to:

• Restricted access to personal information on a need-to-know basis
• Password-protected systems and document management
• Secure communication channels for sensitive information
• Staff awareness of data protection obligations

11. Data Breach Notification

In the event of a data breach that is likely to prejudice your rights and freedoms, we will notify:

• The Information Regulator as soon as reasonably possible after becoming aware of the breach; and
• You, the affected Data Subject, as soon as reasonably possible, where it is reasonable to do so.

The notification will describe the nature of the breach, the categories and approximate number of Data Subjects affected, the likely consequences of the breach, and the measures we have taken or propose to take to address it.

12. Information Regulator of South Africa

If you are not satisfied with how we have handled your personal information or a complaint you have submitted to us, you have the right to lodge a complaint with the Information Regulator:

13. Contact the Information Officer

For any questions, concerns, or requests relating to this POPIA Notice or your personal information, please contact our Information Officer: