Summit takes the issue of collecting and processing your personal information seriously. Summit is committed to protecting your personal information and to informing you of your rights with respect to your personal information. Summit aims to set out clearly at the time we collect your personal information:
- what your personal information will be used for
- where it will be processed and
- how long it will kept.
This Policy applies to anyone (you, your*) who interacts with us, including identifiable Juristic Persons in South Africa (such as an incorporated company), who enquires about our services or who makes use of them, via any media including electronic media such as email, website, apps, telephone etc.
*You may be a Summit: prospect, client, employee, agent or consultant, Summit client, Summit employee, agent or consultant providing services to Summit or to whom Summit is providing services.
Reference to “Summit” includes Summit Group Holdings Proprietary Limited and its affiliated entities and group companies including:
- Summit PE Investment Managers Proprietary Limited (registration number 2016/465338/07, FSP Licence No. 48417) (“PEIM”)
- Summit Private Equity Proprietary Limited (registration number 2016/400736/07)
- Summit REIM Proprietary Limited (registration number 2016/465376/07) (“REIM”)
- Summit Real Estate Proprietary Limited (registration number 2016/409068/07)
- Summit PE GP Partnership
- Summit SI GP Partnership
- Summit Social Infrastructure Fund
- Summit Private Equity Fund
In instances where the board of Summit is different to the board of a subsidiary (such as PEIM and or REIM), then this policy will require a separate review, sign-off and approval by the Audit, Risk and Compliance Committee and board of directors of the relevant Summit subsidiary.
3. What Personal Information does Summit require?
Summit’s Personal Information Protection Policy governs the Processing of your Personal Information. You may view the Personal Information Protection Policy by contacting the Information Officer:
Postal & Physical address
|: Louise Chennells
: +27 79 366 0389
: 3rd Floor, One Vdara Towers, 41 Rivonia Rd, Sandhurst, Johannesburg, South Africa
“Personal Information” is defined in the Protection of Personal Information Act (Act no. 4 of 2013) (“POPIA”) as follows:
“Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal, or the employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person, that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.”
“Processing” is defined in POPIA as follows:
“any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information;”
Summit is a Responsible Party in respect of the Personal Information you (Data Subject) provide to the Company. Summit processes the following types of Personal Information from you:
- Identification document;
- Curriculum vitae data, including professional and employment history and education;
- Proof of residential/business operating address, postal address, billing address;
- E-mail addresses;
- Contact numbers;
- Income Tax registration or other tax identification number;
- VAT registration number (if applicable per individual/legal entity);
- Banking details where you are required to make a payment to Summit or we are required to remit a payment to you or as part of a bank reference or statement provided to us during a due diligence exercise;
- Political exposed person status;
- Source of wealth and source of funds;
- For Juristic Persons we may also collect documents to establish your identity and existence, including the business activities, financial position, transactions, tax related information, regulated status, listed status, directors, management, control, shareholdings and beneficial ownership;
- Marketing preferences in receiving marketing from us and our third parties and your communication preferences.
You are responsible for providing us accurate and up-to-date information. Please keep us informed if your personal information changes during your relationship with us.
Summit may also collate and hold data found from the results of Google or other internet searches and other sources in the public domain as well as third party service providers in the course of our employee and client due diligence and review process, and in providing the services that we are engaged to provide.
4. Why does Summit require your Personal Information?
This Personal Information is required in terms of the Financial Intelligence Centre Act, 38 of 2001 and Summit’s Risk Management and Compliance Programme. The Personal Information forms part of Summit’s requirements when obtaining a mandate from you or opening an account to facilitate the relevant business activities.
Summit needs your Personal Information to provide you with the following services:
- To establish a legal relationship with you;
- To populate the client account information required on the various on-boarding platforms; and
- For internal administrative and accounting, auditing, data analysis and research purposes in the normal course of managing Summit’s business and to improve Summit’s services and client communications.
5. How is your Personal Information processed?
Your Personal Information is Processed at Summit’s offices at 3rd Floor, One Vdara Towers, 41 Rivonia Rd Sandhurst, Johannesburg, South Africa and those of our group companies. Storage of your Personal Information takes place in:
- Summit’s FICA system, with servers located in South Africa;
- Summit’s cloud based servers, located in data centres across the United States;
- Summit’s email servers located in Europe;
- Laptop computers and other mobile devices of employees in South Africa and Mauritius;
- Hard copy documents are held under lock and key in a cabinet at the Summit’s offices in South Africa.
No third-party providers have direct access to your Personal Information unless specifically required by law and to satisfy client due diligence principles. All personnel acting on behalf of Summit must exercise caution when asked to disclose any Personal Information to a third party and prior to completing any such transfer, Summit must be satisfied that there is a lawful basis for such disclosure of Personal Information to third parties.
Your Personal Information may be shared with companies within the Summit Group and to our service providers who are involved in the delivery of products or services to the client. We have agreements in place to ensure that all service providers comply with these privacy terms. We may also disclose information where we have a legal obligation or duty to disclose this information or where it is necessary to protect our legal rights.
In certain circumstances, legislation will allow that Personal Information be disclosed to law enforcement or other agencies without the consent of the Data Subject. In such circumstances, Summit may be obliged to disclose the requested data, but will first ensure that the request is legitimate and will seek assistance beforehand from its legal advisers or other experts. Only the Information Officer will be authorised to furnish the requested data to the enquiring party.
6. How long does the company keep your Personal Information?
Summit will only retain your Personal Information for as long as necessary to fulfil the purposes for which it was collected for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Under South African law, Summit is required to keep your Personal Information for a five (5) year period following the date of termination of the business relationship according to the Summit’s Personal Information Retention Policy. After this period, your Personal Information will be irreversibly destroyed. For more information on the Summit’s Personal Information retention schedule, please refer to our Personal Information Retention Policy which can be accessed by contacting our Information Officer on firstname.lastname@example.org.
Summit may keep Personal Information for longer where it is required in litigation or an investigation by a supervisory authority or other law enforcement agency, or any other legal or regulatory requirement.
7. What are your rights?
Should you believe that any of your Personal Information held by Summit is incorrect or incomplete, you have the right to request to view this information, rectify it or have it deleted. Please contact Summit’s Information Officer on email@example.com should this be required.
In addition, if you wish to complain about how Summit has handled your Personal Information, please contact the Information Officer on firstname.lastname@example.org. Summit’s Compliance Department will investigate your complaint and contact you within two (2) business days of the complaint being lodged and work with you to resolve the matter.
If your query relating to your Personal Information is not, in your opinion, adequately dealt with, you can contact the Information Regulator on 012 406 4818 or email@example.com to file an official complaint in the prescribed format available at https://www.justice.gov.za/inforeg/docs/forms/POPIA-ComplaintsForm5-eForm.pdf or contact complaints.IR@justice.gov.za.
8. Changes to this Policy
Summit will place any updates to this Policy (or any other policies referred to in this Policy) from time to time on our website. When Summit changes this Policy in a material way, a notice will be posted on our website along with the updated Policy.