1.1 This Privacy Notice applies to MidSquare Capital (Pty) Ltd ( “the Company”).
2.1 “Data Subject” means the person to whom the Personal Information relates.
2.2 “Personal Information” is defined in the Protection of Personal Information Act, 4 of 2013 (“POPIA”) as information relating to an identifiable, living, natural person and, where it is applicable, an identifiable, existing juristic person, including, but not limited to –
2.2.1 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
2.2.2 information relating to the education or the medical, financial, criminal, or the employment history of the person;
2.2.3 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
2.2.4 the biometric information of the person;
2.2.5 the personal opinions, views or preferences of the person;
2.2.6 correspondence sent by the person, that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.2.7 the views or opinions of another individual about the person; and
2.2.8 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.3 “Processing” is defined in POPIA as any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including –
2.3.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.3.2 dissemination by means of transmission, distribution or making available in any form; or
2.3.3 merging, linking, as well as restriction, degradation, erasure or destruction of information.
2.4 “Responsible Party” is defined in POPIA as a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.
3.1 The Company has adopted a Personal Information Protection Policy which governs the Processing of your Personal Information. You may request a copy of the Company’s Personal Information Protection Policy by sending an e-mail to info@midsquare.io.
3.2 The Company is a Responsible Party in respect of the Personal Information you (the Data Subject) provide to the Company or which the Company collects from other sources. The Company Processes the following types of Personal Information (as may be applicable to our business relationship with you):
3.2.1 Identification document;
3.2.2 Proof of residential/business operating address;
3.2.3 Website address;
3.2.4 Income tax registration number or other tax registration numbers;
3.2.5 VAT registration number;
3.2.6 Classifications and disclosures made under local and international tax laws and regulations (including FATCA and CRS);
3.2.7 Contact numbers;
3.2.8 E-mail addresses;
3.2.9 Banking details;
3.2.10 Founding or constitutional documents (applicable to legal entities);
3.2.11 Registration numbers and registration certificates (applicable to legal entities);
3.2.12 Legal Entity Identifiers (LEI) (applicable to legal entities);
3.2.13 Other identifying codes;
3.2.14 Ownership structure (applicable to legal entities);
3.2.15 Statements on your source of wealth and source of funds;
3.2.16 Details of your investments and investment transactions;
3.2.17 Accounting records;
3.2.18 Curriculum vitae;
3.2.19 BEE status;
3.2.20 Criminal and background checks;
3.2.21 Website usage and other technical data;
3.2.22 Education, qualifications and transcripts; and
3.2.23 E-mail correspondence of a confidential nature.
4.1 Certain categories of Personal Information are required in terms of the Financial Intelligence Centre Act, 38 of 2001 or similar anti-money laundering laws in other jurisdictions, as well as the Company’s Risk Management and Compliance Programme. The Personal Information forms part of the Company’s requirements when obtaining a discretionary mandate from you or opening an account to facilitate the relevant business activities.
4.2 In certain circumstances, where your Personal Information has not been provided to us, we may not be able to continue with our business relationship with you or to provide certain services to you.
4.3 The Company needs your Personal Information to provide you with the following services:
4.3.1 to establish a legal relationship with you;
4.3.2 to populate the client account information required on the various on-boarding platforms to open your account, including the opening of accounts with local and international third party providers;
4.3.3 to generate statements and capture contact information related to our business relationship with you;
4.3.4 to comply with the obligations and responsibilities stipulated in our agreement with you;
4.3.5 to comply with our obligations under any laws or regulations which we are subject to;
4.3.6 to effectively render services to you as set out in our agreement with you;
4.3.7 to protect or pursue your or the Company’s legitimate interests;
4.3.8 to ensure efficient business communication and respond to your queries and requests; and/or
4.3.9 to consider the suitability of a candidate for a vacant position (recruitment purposes).
5.1 Your Personal Information may be Processed and stored both manually at our physical office locations and electronically on our IT systems.
5.2 Your Personal Information may be collected directly from you or from other sources, including your employer, agents, recruitment agencies, service providers, financial services providers (including management companies or general partners of local and foreign portfolios of collective investment schemes or other pooled investment vehicles in which you are invested) or any other party with whom you have contracted, or through use of the Company’s website, other service channels or public sources.
5.3 Based on the nature of our business relationship with you, your Personal Information may be subject to cross-border transfers to foreign countries, as permitted under POPIA.
6.1 Your Personal Information may be stored or routed through third party platforms and systems to which we have subscribed or have access to. Your Personal Information can accordingly be accessed by such third parties.
6.2 Your Personal Information may be shared with all companies forming part of the MidSquare group of companies.
6.3 Your Personal Information may be shared with regulatory bodies, local and international tax authorities.
6.4 Your Personal Information may be shared with third parties who perform services to us or in relation to your account including, but not limited to, brokerage services, banking services, custody services, trading platforms, insurance providers and brokers, administration services, accounting services, auditing services, KYC, cloud services, data storage and processing and payment processing.
6.5 When we share your Personal Information with third parties, we take all appropriate, reasonable steps for the protection of your Personal Information in line with the applicable legal obligations.
7.1 We may retain your Personal Information indefinitely, unless you object, in which case we will only retain it if we are permitted or required to do so in terms of applicable laws. However, as a general rule, we will retain your Personal Information in accordance with retention periods set out in applicable laws, unless we need to retain it for longer for a lawful purpose (for example, for the purposes of complaints handling, legal processes and proceedings). You may request a copy of the Company’s Personal Information Retention Policy by sending an e-mail to info@midsquare.io.
8.1 Should you believe that any of your Personal Information held by the Company is incorrect or incomplete, you have the right to request to view this information, rectify it, have it deleted or object to the processing thereof. Should this be required, please contact the Company by sending an e- mail to info@midsquare.io.
8.2 In addition, if you wish to complain about how the Company has handled your Personal Information, please contact the Company by sending an e-mail to info@midsquare.io. The Company’s Compliance Department, in consultation with the Company’s Information Officer, will investigate your complaint and contact you within two (2) business days of the complaint being lodged and work with you to resolve the matter.
8.3 If your query relating to your Personal Information is not, in your opinion, adequately dealt with, you can contact the Information Regulator on 012 406 4818 or inforeg@justice.gov.za to file an official complaint.
