DATA PROTECTION POLICY

For CYA22KA Holdings,

1. Introduction

CYA22KA Holdings is committed to ensuring the confidentiality, integrity, and security of all personal information collected, processed, and stored in relation to funeral and life policies. This policy is designed to comply with the Protection of Personal Information Act (POPIA) and other applicable South African regulations.

2. Scope

This policy applies to all employees, contractors, third-party service providers, and any other entities that process personal information on behalf of CYA22KA Holdings. It covers all personal data collected from policyholders, beneficiaries, and stakeholders.

3. Legal Basis for Processing Personal Information

CYA22KA Holdings processes personal data lawfully under the following conditions:

  • Performance of a contract between the policyholder and CYA22KA
  • Compliance with legal obligations (e.g., Financial Sector Conduct Authority (FSCA) and South African Revenue Service (SARS) requirements).
  • Legitimate business interests, including fraud prevention and risk
  • Explicit consent obtained from data subjects where
4. Types of Personal Information Collected

The following personal data is collected and processed:

  • Policyholder information: Name, ID number, contact details, address, financial
  • Beneficiary details: Names, ID numbers, relationship to
  • Policy details: Policy numbers, insurance provider details, payment
5. Data Collection, Processing, and Retention
  • Personal data will only be collected for specified, legitimate
  • Data will be retained for the duration of the policy and an additional five (5) years

post-policy termination, as required by regulatory bodies.

  • After the retention period, data will be securely deleted or anonymized unless legally required to retain
6. Data Security Measures

CYA22KA Holdings implements security controls to protect personal data, including:

  • Encryption of sensitive data during storage and
  • Access controls and authentication mechanisms to prevent unauthorized
  • Regular security audits and vulnerability
  • Incident response and breach notification
7. Data Subject Rights

Under POPIA, individuals have the right to:

  • Access their personal
  • Request correction, deletion, or restriction of their
  • Object to data processing in certain
  • Withdraw consent for optional processing
  • Lodge complaints with the Information Regulator of South Africa.
8. Third-Party Data Sharing

Personal data may be shared with:

  • Insurance providers for policy administration and claims
  • Regulatory authorities, including the FSCA and
  • Third-party service providers, subject to strict confidentiality
G. Cross-Border Data Transfers

In cases where data is transferred outside South Africa, CYA22KA Holdings ensures compliance with Section 72 of POPIA by:

  • Confirming the recipient country has adequate data protection
  • Implementing legally binding agreements with foreign entities handling
  • Obtaining explicit consent from data subjects when
10.  Data Breach Notification

In the event of a data breach:

  • Affected individuals will be notified
  • The Information Regulator of South Africa will be informed within the required
  • Remedial actions will be taken to contain and mitigate any
11.  Employee Responsibilities s Training
  • All employees handling personal data must complete POPIA compliance training.
  • Any unauthorized access, processing, or sharing of personal data will result in disciplinary
12.  Amendments s Updates

CYA22KA Holdings reserves the right to update this policy periodically in response to regulatory changes or organizational needs.

13.  Contact Information for POPIA Queries

For any concerns or questions regarding data protection, please contact:

 

†-ç⬛v Email: info@cyaholdings.co.za

 

 

 
  

 

This Data Protection Policy is effective as of Jan 2024

Download Data Protection Policy