PRELIMINARIES

1. Kastelo Proprietary Limited (hereinafter “Kastelo”) is a company duly registered and incorporated in terms of the Companies Act 71 of 2008, and licensed as an authorised financial services provider that must comply with the Protection of Personal Information Act (hereinafter “POPIA”)
2. It is hereby recorded that POPIA obliges Kastelo to inform their clients how the latter’s personal information is collected, used and destroyed.
3. It is hereby recorded that Kastelo also offers services and products which fall outside the ambit of its FSP license, which products and services may require the collection of clients’ information, and which collection must nevertheless comply with the requirements as set out in POPIA.
4. Kastelo is committed to its compliance with POPIA as well as to protecting its clients’ privacy and personal information.
5. Kastelo platforms its services, offerings and information collection systems on its website at https://www.kastelo.co.za and/or patently linked or affiliated websites (hereinafter separately or collectively referred to as the “website”) which website Kastelo owns and manages.
6. Amendments to this policy may occur on an ad hoc basis. Clients are advised to monitor the website periodically to inform themselves of any changes

PRIVACY

1. This section applies to all persons using the website and its related mobile and/or proxy sites and explains how Kastelo uses the personal information collected when the website is used by such client.
2. By accessing the website, the client accepts and agree to this clause, and expressly consent to the use and disclosures of your personal information in accordance with POPIA as well as with the provisions contained herein.
3. If the Client does not agree to the provisions herein contained, he/she may not access or use the website.
4. If the Client accesses the website without giving Kastelo any personal information, Kastelo may still gather non-personal information, including information regarding the Client’s activities on the website.
5. In the event of the Client registering an account on the Website, Kastelo will collect and use the Client’s personal information, which may include, without limitation, the Client’s name, email address, phone number, residential address, identity number or passport number, financial information, password, transaction history and/or details of the Client’s visit to the website.
6. The Client is free not to communicate personal information to Kastelo, but such refusal may affect the availability and the functioning of the services offered on the website, or by Kastelo in general. Where personal information is required for the purposes of providing the services or for verification and identity checks, whether for know-your-customer, FICA-related requirements, or anti-money laundering and anti-terrorism obligations, the Client may not be able to utilise the service offerings on the website if such information is not provided.

PURPOSE OF USE

The purpose for which Kastelo collects the Client’s personal information includes:

1. provide services to, and/or facilitate transactions for the Client, depending on whether Kastelo renders intermediary services in financial products incidental to the carrying out of a certain transaction;
2. facilitate the Client’s transactions on the website, or such services referenced on the website;
3. open an account with Kastelo’s banking partners so as to remit money and fulfil the associated compliance requirements as stipulated by international KYC requirements;
4. improve the services offered by Kastelo, with specific reference to the improving of user experience when using the website;
5. communication with the Client;
6. introduce special offers on Kastelo products and services, as well as other promotional and/or marketing purposes
7. market research conducted by Kastelo;
8. conducting credit reference searches or verification, as well as for credit assessment and/or credit management;
9. for the detection and prevention of fraud, crime, money laundering or other malpractices;
10. for audit and record-keeping purposes;
11. to follow client’s instructions;
12. confirming, verifying and updating details;
13. ensuring the FSP’s business and offerings are appropriate and/or possible in accordance with the Client’s financial capabilities; and/or
14. to carry out such services requested by the Client and to maintain and constantly improve the relationship between the Client and Kastelo.

SECURITY & SAFEGUARDING OF INFORMATION

1. Kastelo strives to ensure the security, integrity and privacy of personal information submitted. Kastelo shall review and update its security measures following future legislation and technological advances.
2. No data transmission over the internet van be guaranteed to be totally secure; Kastelo shall nonetheless endeavour to take all reasonable steps to protect the personal information, which an individuals submits to Kastelo or Kastelo’s online products and services as presented on its website.
3. Kastelo shall take all reasonable and practicable steps to ensure the integrity of their systems
4. Kastelo may engage with other third parties to provide support services to Kastelo. Such third parties are obliged to respect the confidentiality of any personal information held by Kastelo.
5. Kastelo will not reveal any personal information to anyone unless it is compelled with legal or regulatory requirements, or otherwise allowed by law, and/or if it is in the public interest, and/or if Kastelo needs to protect its interest.
6. Kastelo endeavours to take all reasonable steps to secure information which it holds about an individual, and to keep such information accurate and up to date. If at any time, an individual discovers that information gathered about him/her is incorrect, he/she may contact Kastelo to have the information corrected
7. Kastelo recognises the importance of protecting the privacy of information collected about individuals, and in particular, such information that is capable of identifying an individual.

CONDITIONS OF LAWFUL PROCESSING

1. Accountability - Kastelo must ensure that the conditions set out in Chapter 3 of the POPIA, and all measures that give effect to such conditions are complied with at the time of determining the purpose and the means of the processing.
2. Processing limitation - Personal information may only be processed in a lawful and reasonable manner that does not infringe on the privacy of the data subject, and may only be processed if:
   1. the Client consents to the processing;
   2. processing is necessary to carry out actions for the conclusion or performance of a contract or undertaking to which the Client is party;
   3. processing complies with an obligation imposed by law on Kastelo for it to obtain information from Clients about their financial needs and capabilities in order to provide them with applicable and beneficial products;
   4. processing protects a legitimate interest on the Client; it is in the best interest of the Client to have a proper needs analysis performed so as to provide him/her with an appropriate and beneficial product, and which would require the obtaining of personal information;
   5. processing is necessary for the proper performance of a public law duty by a public body; in order for Kastelo to provide Clients with products or services, both ourselves and certain third parties require certain personal information to make a decision as to whether he/she would qualify for certain products and/or services; or
   6. processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied;
3. Purpose specific - Kastelo will process personal information only for specific reasons. Kastelo will inform Clients of such reasons, which are contained herein, prior to the collecting and processing of personal information. It remains the responsibility of the data subject / client to read and satisfactorily interpret this policy and reasons for collection and processing.
4. Further processing - personal information will not be processed for a secondary purpose unless that processing is compatible with the original purpose; if Kastelo wishes to process existing personal information for a purpose other than the purpose for which it was originally collected, Kastelo shall first obtain additional consent from the Client.
5. Information quality - Kastelo shall take reasonable steps to ensure that all personal information collected is complete, accurate and not misleading. Where personal information is collected or received from third parties, Kastelo will take reasonable steps to confirm that the information is correct by verifying the accuracy of the information directly with Kastelo or by way of independent sources.
6. Openness - Kastelo will take reasonable steps to inform all data subjects whose information is being collected of:
   1. the information being collected and, where information is not being collected from the data subject, the source from which it is collected;
   2. the name and address of the responsible party, which shall be Kastelo;
   3. the purpose for which the information is being collected;
   4. whether or not the supply of the information by Client is voluntary or mandatory;
   5. the consequence of failure to provide the information;
   6. Any particular law authorising or requiring the collection of information;
7. Security Safeguards - Kastelo must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent loss of damage to or unauthorised destruction of personal information, and unlawful access to or processing of personal information, and thereby take the following reasonable measures:
   1. identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
   2. establish and maintain appropriate safeguards against the risk identified;
   3. regularly verify that the safeguards are effectively implemented; and
   4. ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards
8. Client Participation - A Client may request whether his/her personal information is held, as well as the correction or deletion of his /her personal information held by Kastelo, the latter taking all reasonable steps to confirm the applicable Client’s identity before providing details of such personal information requested.

ACCESS AND CORRECTION

1. The Client has the right to access personal information Kastelo holds about you. The Client moreover has the right to request Kastelo to update, correct or delete the Client’s personal information on reasonable grounds. Upon objection, Kastelo my no longer process said personal information.
2. Upon withdrawal of consent for Kastelo to process the Client’s personal information, Kastelo may still be obliged by law to keep information for five years after termination of the relationship between Kastelo and Client.