Data Protection Policy

Introduction

Custom Capital Finance Group (including Custom Capital Invoice Discounting), herein known as Custom Capital, is a company specialising in the alternate lending space that provides finance through various products to its clients. Custom Capital acknowledges that our clients, suppliers, and our employees care about how their personal information is used and shared. This policy describes the types of personal information that we may collect, the purposes for which we use the information, the circumstances in which we may share the information, and the steps that we take to safeguard the information and privacy of those persons and entities we deal with.

Rationale

This policy stipulates Custom Capital’s commitment to ensuring that any personal or business data which Custom Capital processes, is carried out in compliance with The Protection of Personal Information Act 4 of 2013 (or POPIA Act).

Scope

This policy applies to all personal data processed by Custom Capital and is part of Custom Capital’s approach to comply with data protection law. All Custom Capital employees are expected to comply with this policy and failure to comply may lead to disciplinary action for misconduct, or dismissal.

Personal Information

  • The information we collect may include, but is not limited to, the following:
  • Identity documents and personal contact details.
  • Company Banking details & FICA documents.
  • Financial Statements bank statements, personal statements of assets and liabilities.
  • Tax clearance certificates.
  • Invoices & Proof of delivery of goods and services.

Method of data collection

We collect personal information directly from the client by way of face-to-face meetings, telephone conversations, emails, use of drop box, client memory sticks, manual file drop offs and from third parties etc.

What do we do with personal information collected from you?

Our small staff team has access to all client information provided to us and we use all personal information collected to assess the risk associated with the relevant lending product. If you apply for employment with us, we use the personal information you supply to process your job application, draw up the employee contracts and for payroll purposes. Only Custom Capital staff have access to this data. Other than what is set out in this privacy policy, we will not share your personal information unless we are required to do so by law.

Protection of the Company and others

We will only release personal information when we believe that such a release is appropriate to comply with the law; enforce or apply our mandate or other agreements; or protect the rights, property, or safety of the Company. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. However, this does not include selling, sharing, or otherwise disclosing personally identifiable information from insured persons, or entities for commercial purposes in a way that is contrary to the commitments made in this privacy policy. With the consent of the relevant party, and other than as set out above, such party will receive notice when information about them might go to third parties, and you will have an opportunity to choose not to share the information.

How secure is the information held by us?

We maintain appropriate physical, electronic and procedural safeguards in connection with the collection, storage, and disclosure of personally identifiable information.
Some of the physical safeguards implemented by Custom Capital include but are not limited to the following:

All hard copies of information are kept in our locked and access-controlled premises;

  • Our building is situated in an office park, where access to the park is controlled by boom gates and security personal;
  • Staff entry into the office is controlled by a physical access control system, prompting staff to use a code to enter the office;
  • Our computer server is securely stored in a locked IT cabinet and can only be accessed by selected staff and the designated IT consultant;
  • All offices within our office are locked at the end of each business day.  Staff have keys to  lock and open their own offices;
  • We have a “clean desk” policy in place with all employees;
  • All hard copy data returned to our clients is to be signed out by the client as proof of receipt;
  • On the odd occasion employees need to remove a client’s hard copy file from the office, a register is kept, and all employees are required to sign the information in and out of the office. 
  • Some of the electronic safeguards implemented by Custom Capital include but are not limited to the following:
  • Our server has multiple fire walls, as well as Anti-virus software;
  • Custom Capital makes use of Microsoft 365, which is only available for use in the office, thus no one has access to global email passwords and therefore emails cannot be accessed from any other devices;
  • Each employee has their own username and password to access his/her computer and the company system;
  • Each clients accounting files are password protected;
  • Due to Covid, remote access has been given to certain employees, which allows them to access their work stations remotely. This is controlled via a password protected VPN access and each employee can only access their own work station;
  • Only staff have the WIFI password.
  •  All the information on our server is  backed up every night to an offsite storage. Additionally we have a second backup that performs automatically, where information is stored on a local hard drive attached to the server. These back ups are monitored daily by our external IT service providers.
  • Custom Capital ensures that good data protection practice is imbedded in the culture of our employees and our organization. Each Custom Capital employee is required to sign a Confidential Information Agreement on start of their employment. When a Custom Capital employee leaves, all physical and electronic access is terminated immediately, and their email addresses are deleted.

Storage of data

We retain your personal data only for the period necessary for the purposes set out in this policy, or in accordance with the provisions of any applicable legislation. Thereafter, the client is given the option to collect their information, otherwise this information is shredded and recycled. Clients’ details kept on file are updated as soon as we are made aware of any changes, otherwise every few years an email is sent to clients requesting them to reconfirm their details to ensure we have our clients most up to date information.

Breach of Data

Should any breach of personal data occur, the incident is required to be reported immediately to the designated Information Officer, whereafter an incident report form is required to be completed. If required, the client will be contacted by the Information Officer to inform them of any breach that may have occurred and the effects thereof. Steps to rectify the situation will also be put in to place as soon as possible and any incident will be treated as a top priority by Custom Capital.

Designated Information Officer

Custom Capital has appointed Bronwyn Barnard and Leisha Pillay as the designated Information Officers responsible for all data protection and monitoring.

What choices do I have?

You have the right to request a copy of the personal information we hold about you or to object to the processing of personal information held about you. You also have the right to ask us to update, correct or delete your personal information. To do this, contact our Information Officer and specify what information you would like and any changes to be made. We will take all reasonable steps to confirm your identity before providing details of your personal information, or before making changes to personal information we may hold about you. Please note that we may amend this policy from time to time.

Notices and Revisions

If you have any concern about privacy at the Company, please e-mail us a thorough description and we will try to resolve the issue for you. Unless stated otherwise, our current privacy policy applies to all information that we have on record. However, we stand behind the promises we make and will never materially change our policies and practices to make them less protective of personal information collected in the past, without the consent of affected persons. Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to the Information Officer.

Contact Details Address:

1st Floor, The Glasshouse, 309 Umhlanga Rocks Drive,  Umhlanga, KwaZulu Natal, 4319                

Tel: 031 007 0777
Information Officer’s email: bronwyn@customcapital.co.za
Website: www.customcapital.co.za

Monitoring and review

This policy was last updated on the 28th of June 2021 and shall be regularly monitored and reviewed, at least every third year.

Other data policies in place at Custom Capital • Electronic Communications and Information Security Policy • Confidential Information Agreement