PRIVACY

POPIA

CAPE TOWN STOCK EXCHANGE LIMITED (PTY) LTD
PRIVACY POLICY


This document is a privacy policy for the Cape Town Stock Exchange (CTSE), CTSE Registry (Pty) Ltd and CTSE Nominee (Pty) Ltd the two wholly owned subsidiaries of the Exchange.

CTSE is a licensed Exchange in South Africa, according to section 9 of the Financial Markets Act 19 of 2012, providing an infrastructure for the buying and selling of securities listed with the Exchange while the CTSE Registry is a wholly owned subsidiary of CTSE Exchange offering transfer secretary and share registry services to companies using a secure Cloud-based, real-time trade registry technology.


PURPOSE OF THE PRIVACY POLICY

This policy has been put in place to demonstrate our commitment to protecting your privacy rights, we describe how we collect and process your personal information, how this information is protected, and your rights in relation to it through stating desired behaviour and directing compliance with the provisions of the Protection of Personal Information Act (“POPIA”) and best practice; internal controls for the purpose of managing the compliance risk associated with the protection of personal information; the practices that provide reasonable assurance that your rights are protected and balanced with the legitimate business needs of CTSE.


PERSONAL INFORMATION COLLECTED BY CTSE

We will only process your information for a purpose you would reasonably expect, and other circumstances considered reasonably consistent with the original purpose. Your information may be hosted on servers managed by a third-party service provider which may be located outside of South Africa we will therefore take all precautions to ensure that the third-party treats your information with the same level of protection as required by us. We use your personal information to enhance your experience in using the website, to identify you when responding to your queries and to grant investors access into the investor’s portal. We also may use your personal information for the following purposes:

  • To communicate with you, including responding to your comments or requests for information
  • To provide access to restricted pages/portals
  • To comply with the statutory and regulatory requirements and cooperate with regulators and law enforcement bodies.
  • To facilitate your activity and to identify you when you log into your account on our Portals.
  • To detect, prevent or manage potential fraud, security breaches or unauthorised use of the website in contravention with the ‘terms of use’ and this Privacy Policy or any other related terms and conditions that apply to your use of the website;
  • communicate with you and retain a record of the correspondences between you and the Exchange
  • to create user profiles and to analyse and compare how you and other users make use of the website, click-patterns, preferences, frequency and times of use, trends and demographic information
  • To protect our rights, your rights, and the rights of others, and to meet our own high standards of business practice.

HOW CTSE COLLECTS YOUR PERSONAL INFORMATION

We collect personal information directly from you through our authorised users or when you use our portals. Information such as including information required to comply with the FICA requirements:

  • Name and Surname
  • Title
  • Age
  • Date of Birth
  • ID number
  • Gender
  • Marital status
  • Nationality
  • Physical and Postal address
  • Email address
  • Telephone number
  • Cellphone number
  • Online identifier (eg. Investor number)

We and our third-party service providers use cookies and other tracking technologies to improve your browsing experience on our website, to analyse our website traffic, and to understand where our visitors are coming from. By browsing our website, you consent to our use of cookies and other tracking technologies gathering anonymous data.


SECURITY AND DATA INTEGRITY

CTSE manages the security of its filing system ensuring that personal information is adequately protected and has implemented controls that will help minimise the risk of loss, unauthorised access, disclosure, interference, modification, and or destruction.

Our operators and third-party service providers are bound and committed to the lawful processing of your personal information pursuant to the conclusion of a Service Level Agreement and pledge their mutual commitment to the protection of your personal information that we handle.


YOUR SECURITY OBLIGATION

The protection of your personal information must be a mutual effort. You therefore also have an obligation to keep your user ID, password and personal information secure on your end. As part of maintaining this obligation we recommend that you do the following:

  • Keep your user ID and password confidential, do not share it with anyone, please note that CTSE will never ask you for your username and password in any unsolicited communication (by letters, phone calls or email)
  • Change your unique password as frequently as possible
  • Always logout properly when no longer using the portal and do not leave your computer unattended while logged on

RETENTION OF YOUR PERSONAL INFORMATION

Your Personal Information is stored in our secure servers or those of our service providers with whom Service Level Agreements exist with terms that bind them to comply with any relevant data protection laws in their countries as well as the South African laws as we recognise that they may differ with those of the Republic of South Africa


YOUR RIGHTS

The following are the rights conferred to you by the Information Regulator according to the Protection of Personal Information Act:

The right to access your Personal information – The request will only be entertained in a written form with sufficient information identifying you as the rightful owner of the personal information and this process attaches a minimal fee, refer to the PAIA manual for more information on cost and process to follow in acquiring information.

The right to have your Personal information corrected or deleted.

The right to object to the processing of your Personal information (The data subject has the right, on reasonable grounds that don’t go against other regulatory obligations such as FICA,FMA, etc).

The right to object to Direct Marketing (by means of unsolicited electronic communications).

The right to complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.

The right to be informed when personal information is being collected by CTSE and in any situation where we have reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person.


POLICY UPDATES AND AMENDMENTS

Updates and amendments to this policy will always be within the confines of the applicable laws and related legislations and will be effective immediately upon being uploaded to the website. You are encouraged to check the page regularly.


THIRD PARTY SITES

Our website may contain links to third party websites purely for your convenience, we do not have any control over such websites and our privacy policy does not cover them you are therefore encouraged to familiarise yourself thoroughly with their privacy policies, terms of use, cookie policies etc. We have no responsibility or liability the way the companies operating such linked websites may collect, process and secure your personal information.


CONTACT US

An Information Officer has been appointed to oversee how your personal information is handled and for queries concerning incorrect processing of your information or complaint if your have reason to believe that information is being used for a purpose other than what it was originally intended, you can contact our Information Officer.

You can request access to the information we hold about you (for a fee) and if you think that we have outdated information, please request us to update or correct it.

Our Information Officer's Contact Details Name: Eugene Booysen
Email Address: InfoOfficer@ctexchange.co.za


Information Regulator Contact details:

If you feel like we have not handled your query to your satisfaction, you may lodge a complaint with the Information Regulator through their website on www.justice.gov.za/inforeg.

The following persons may be contacted in relation to this policy:

Chief Risk Officer: Megan Young megan@ctexchange.co.za
Compliance Officer: Palesa Manana palesa@ctexchange.co.za