POPI - Privacy Notice


The Insurance Institute of South Africa NPC ("IISA", the "Responsible Party") recognises that one of its fundamental responsibilities is to ensure that it protects Personal Information entrusted to it by its Members.

This is critical for the maintenance of IISA's reputation and for complying with its legal and regulatory obligations to protect the Responsible Party's Member Information. The Responsible Party also follows a transparent Policy to handle Personal Information of its Members.

In this Policy, Personal Information means any Information that relates to a natural person, which either directly or indirectly, in combination with other Information available or likely to be available with the Responsible Party, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

This Policy is in compliance with the Protection of Personal Information Act, Act 4 of 2013.


IISA collects three types of Information: Personal Information, Sensitive Personal Information and Non-personal Information.

Personal Information means any Information that relates to a natural person, which either directly or indirectly, in combination with other Information available or likely to be available with the Responsible Party, is capable of identifying such person, for e.g., telephone number, name, address, transaction history etcetera.

Sensitive Personal Information or Information of a person means such Personal Information which consists of Information relating to passwords, financial Information such as bank account or credit card or debit card or other payment instrument details, sexual orientation, physical physiological and mental health condition, medical records and history, biometric Information, details of nominees and national identifiers including but not limited to: account number, bank card details, passport number, income,  etc. For Members enrolled in services provided by the Responsible Party, such as online bill payment, Personal Information about the transaction is collected.

Any Information that is freely available or accessible in public domain or furnished under the PAIA  or any other law for the time being in force shall not be regarded as sensitive Personal Information or Information for the purpose of this Policy.

The Information Members provide online is held by the Responsible Party's business that maintains the account or is processing the application for a new product or service.

Non-Personal Information includes the IP address of the device used to connect to the Responsible Party's website along with other Information such as browser details, operating system used, the name of the website that redirected the visitor to the Responsible Party's website, etc. Also, when you browse our site or receive one of our e-mails, the Responsible Party uses cookies and/or pixel tags to collect Information and store your online preferences.

This Policy is applicable to Personal Information (including sensitive Personal Information) collected by the Responsible Party directly from the Member or through the Responsible Party's online portals, electronic communications as also any Information collected by the Responsible Party's server from the Member's browser.


IISA shall have processes in place to ensure that the Personal Information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that Personal Information residing with the Responsible Party is incorrect, the Member should inform the Responsible Party in this regard. The Responsible Party shall correct the erroneous Information as quickly as possible.


IISA shall use the Information collected to manage its business and offer an enhanced, personalised online experience on its website. Further, it shall enable the Responsible Party to:

  • Process applications, requests and transactions
  • Maintain internal records as per regulatory guidelines
  • Provide services to Members, including responding to Member requests
  • Comply with all applicable laws and regulations
  • Recognise the Member when he conducts online banking
  • Understand the needs and provide relevant product and service offers

If a Member does not wish to provide consent for usage of its sensitive Personal Information or Information or later withdraws the consent, the Responsible Party shall have the right not to provide services or to withdraw the services for which the Information was sought from the Member.


IISA shall not disclose Personal Information of its Members without their prior consent unless such disclosure has been agreed to in a contract between IISA and the Member, or where the disclosure is necessary for compliance of a legal obligation. In case the Responsible Party discloses the Personal Information to Third Parties, such Third Parties shall be bound contractually to ensure that they protect Member Personal Information in accordance with applicable laws.

The above obligations relating to sharing of Personal Information or Information shall not apply to Information shared with government mandated under the law to obtain such Information or by an order under law for the time being in force. Further, if any Personal Information or Information is freely available or accessible in the public domain, the Responsible Party shall not have any obligations regarding the same.

No specific Information about Member accounts or other personally identifiable Personal Information shall be shared with non-affiliated Third Parties unless any of the following conditions is met:

  • To help complete a transaction initiated by the Member;
  • To perform support services through an outsourced business provided it conforms to the Privacy Policy of the Responsible Party;
  • The Member / applicant has specifically authorised it;
  • To conform to legal requirements or comply with legal process;
  • The Information is shared with Government agencies mandated under law;
  • The Information is shared with any Third Party by an order under the law;
  • Enforce the terms and conditions of the products or services;
  • Act to protect the rights, interests or property of the Responsible Party or its members or of other persons.

The security of Personal Information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect Member Information against loss, misuse, damage and unauthorised access, modifications or disclosures. Employees shall be trained in the proper handling of Personal Information. When other businesses are used to provide services on behalf of the Responsible Party, it shall ensure that such businesses protect the confidentiality of Personal Information they receive in the same manner the Responsible Party protects. The Responsible Party shall continuously review and enhance its Security Policies and security measures to consistently maintain a high level of security.


IISA shall reserve the right to change or update this Policy or Practice, at any time with reasonable notice to Members on IISA's website so that Members are always aware of the Information which is collected, for what purpose IISA uses it, and under what circumstances, if any, IISA may disclose it.

By virtue of this Privacy Policy, the Member assents to collection, use, transfer, disclosure, retention and other processing of her/his Personal Information, including sensitive Personal Information, as described in this Policy.


IISA shall encourage Members' enquiries, feedback and complaints which shall help it identify and improve the services provided to the Members.


Any Personal Information supplied by a Data Subject shall only be collected and used by IISA for the purpose for which it was originally intended. In the event that the Personal Information will be used for another purpose, consent from the Data Subject will be obtained prior to the use of such Information.


In the event of any changes to the Personal Information of a Member, the said Member is under an obligation to inform IISA of the said changes within a reasonable period of time.


IISA reserves the right to amend, alter and terminate this Policy at any time.