1. Introduction
1.1 This Manual constitutes the NVest Financial Holdings PAIA manual.
1.2 This Manual is compiled in accordance with section 51 of PAIA as amended by the Protection of Personal Information Act, 2013 (“POPIA”).
1.3 This PAIA manual also includes information on the submission of objections to the processing of personal information and requests to delete or destroy personal information or records thereof in terms of POPIA.
1.4 For purposes of this Manual, we refer to ourselves as “NVest”, “the Group”, “we”,” us” or “our”.
2 Who Are We? – About us and our Business
2.1 NVest Financial Holdings is a full service financial services Group that offer solutions for the majority of the financial needs of its clients.
2.2 If you would like to find out more about us, our main business activities please visit our website
3. Subsidiaries and associate entities
3.1 The Group comprises NVest Financial Holdings Proprietary Limited as the holding company, along with the subsidiaries and associate entities listed below;
3.1.1 NFB Private Wealth Management Proprietary Limited
3.1.2 NFB Insurance Brokers (Border) Proprietary Limited
3.1.3 NFB Finance Proprietary Limited
3.1.4 NFB Asset Management Proprietary Limited
3.1.5 NFB Finance Brokers Western Cape Proprietary Limited
3.1.6 NVest Securities Proprietary Limited
3.1.7 NVest Properties Limited
3.1.8 NVest Private Equity Proprietary Limited
3.1.9 Independent Executor and Trust Proprietary Limited
3.2 If you have a PAIA request you would like to submit to one of them, you should follow the procedures set out in this Manual, as it will also apply to them.
4. Our Contact Details
4.1 All requests for access to records in terms of the Act for the Group must be in writing and must be addressed to the Information Officer, at the contact details below:
Information Officer: Advocate Fanie van Biljon
Postal Address: P O Box 8132 | Nahoon | 5210
Street Address: NFB House | 42 Beach Road | Nahoon | East London
Contact Number: +27 (0) 43 735 2000
Email: [email protected]
5. The PAIA Guide
5.1 To assist those who are not familiar with PAIA or POPIA, a Guide that contains information to assist you in understanding how to exercise your rights under PAIA (“the Guide”) is available in all the South African official languages.
5.2 If you have any queries, or need a copy of the Guide, please visit the Information Regulator website
6. Information that is automatically available
6.1 The information available on our websites, may be automatically accessed by you without having to go through the formal PAIA request process.
6.2 You are also, subject to verification, allowed to access your information insofar as it relates to any of the products or services we offer which is regulated by any of the following;
6.2.1 Collective Investment Schemes Control Act;
6.2.2 Companies Act;
6.2.3 Financial Advisory and Intermediary Services Act;
6.2.4 Financial Markets Act;
6.2.5 Insurance Act;
6.2.6 National Credit Act; and
6.2.7 Pension Funds Act.
7. Records Kept in Terms of The Other Legislation
7.1 We are subject to many laws and regulations, some of which require us to keep certain records.
7.2 These laws are detailed in Appendix A hereto (note that the list is not exhaustive).
8. Description of Records We Hold
8.1 Described below are the records which we hold, divided into categories for ease of reference (this list is not exhaustive):
| Subject | Category/Description of Records |
| Client Records to provide products and services to our clients |
|
| Human Resources records to appoint and manage employees |
|
| Business Records |
|
| Supplier, Referring Agents and Product |
|
| Provider Records to manage relationships for our service providers |
|
9. Personal Information
9.1 Requests for personal information under POPIA must be made in accordance with the provisions of PAIA. This process is outlined in paragraph 10.
9.2 If we provide you with your personal information, you have the right to request the correction, deletion or destruction of your personal information, in the prescribed form. You may also object to the processing of your personal information in the prescribed form.
9.3 Purpose of processing:
9.3.1 POPIA provides that personal information may only be processed lawfully and in a reasonable manner that does not infringe your (the data subject’s) privacy.
9.3.2 The type of personal information that we process will depend on the purpose for which it is collected. Information is generally processed to enable us to provide you with financial service and related products.
9.3.3 We will, on request, disclose to you why the personal information is being collected and will process the personal information for that purpose only.
9.4 Personal information that is processed; category of data subject; and category of personal information (this is not an exhaustive list)
9.4.1 Clients (natural persons) – names; contact details; physical and postal addresses; date of birth; ID number; tax related information; health-related information; religious information; nationality; gender; race; beneficiaries; confidential correspondence; banking details.
9.4.2 Clients (legal persons) – names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories; beneficiaries; ultimate beneficial owners.
9.4.3 Employees (and potentially their family members): biometric information; gender, pregnancy; marital status; race, age, language, education information; financial information; employment history; ID number; next of kin; children’s name, gender, age, school, grades; physical and postal address; contact details; opinions, criminal behaviour and/or criminal records; well-being; trade union membership; external commercial interests; beneficiaries; medical and health information.
9.4.4 Website end-users / Application end-users: names, electronic identification data: IP address; log-in data, cookies, electronic localization data; cell phone details, GPS data.
9.5 Categories of recipients for purposes of processing personal information
9.5.1 We may supply personal information to these potential recipients:
9.5.1.1 Regulators and law enforcement agencies;
9.5.1.2 Employees;
9.5.1.3 Service and product providers; and
9.5.1.4 Funders, shareholders and directors
9.5.2 We will enter into written agreements to ensure that other parties comply with our confidentiality and privacy requirements.
9.6 Actual or planned trans-border flows of personal information
9.6.1 We may disclose personal information we collected to our shareholders, funders or third-party service providers, with whom we engage in business or whose services or products we elect to use, including cloud services hosted in international jurisdictions.
9.6.2 We endeavour to enter into written agreements to ensure that other parties comply with our confidentiality and privacy requirements. Personal information may also be disclosed where we have a legal duty or a legal right to do so.
9.7 General description of information security measures
9.7.1 We employ industry appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information. These measures include, but are not limited to:
9.7.1.1 Firewalls;
9.7.1.2 Virus protection software and update protocols;
9.7.1.3 Logical and physical access control; and/or
9.7.1.4 Secure setup of hardware and software making up our information technology infrastructure; and
10. The Request Procedure
10.1 All requests for access to information in terms of this manual will be received centrally at the Group level. Upon receipt, requests will be assessed and, where necessary, directed to the relevant subsidiary or associate entity for processing and response.
10.2 While subsidiaries and associates may handle specific requests pertaining to their operations, all external communications and formal responses will be managed under the Group’s unified PAIA framework to ensure consistency and compliance. The Group Information Officer will coordinate with the appropriate management teams to facilitate efficient handling of requests, ensuring that responses are aligned with statutory obligations and internal policies.
10.3 The requester must use the prescribed form (available here) to make the request for access to a record, addressed to the information officer as noted in clause 4 above;
10.4 Once a request has been assessed, a requester will be provided with an Outcome of Request and Fee Payable form.
10.5 Section 54 of PAIA entitles us to levy a charge or to request a fee to enable us to recover the cost of processing a request and providing access to records. The fees that may be charged are set out in Regulation 9(2)(c) promulgated under PAIA.
10.6 POPIA provides that a data subject may, upon proof of identity, request us to confirm, free of charge, all the information we hold about the data subject and may request access to such information, including information about the identity of third parties who have or have had access to such information.
10.7 POPIA also provides that where the data subject is required to pay a fee for services provided to him/her, we must provide the data subject with a written estimate of the payable amount before providing the service and may require that the data subject pay a deposit for all or part of the fee.
11. Decision
11.1 We will, within 30 days of receipt of the request, decide whether to grant or decline the request and give notice with reasons to that effect.
11.2 Where a third party is affected by the request for access and the Information Officer has decided to grant you access to the record, the third party has 30 (thirty) days in which to appeal the decision in a court of competent jurisdiction. If no appeal has been lodged by the third party within 30 (thirty) days, you must be granted access to the record.
11.3 The 30 day period may be extended for further period of no more than 30 days if the request is for a large amount of information, or the request requires a search for information held at another office within the Group and the information cannot reasonably be obtained within the original 30 days period. The Group will notify the requester in writing should an extension be sought.
12.1 There are various grounds upon which a request for access to a record may be refused. These grounds include:
12.1.1 the protection of personal information of a third person (who is a natural person) from unreasonable disclosure;
12.1.2 the protection of commercial information of a third party (for example: trade secrets; financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
12.1.3 if disclosure would result in the breach of a duty of confidence owed to a third party;
12.1.4 if disclosure would jeopardise the safety of an individual or prejudice or impair certain property rights of a third person;
12.1.5 if the record was produced during legal proceedings, unless that legal privilege has been waived;
12.1.6 if the record contains trade secrets, financial or sensitive information or any information that would put us at a disadvantage in negotiations or prejudice it in commercial competition; and/or
12.1.7 if the record contains information about research being carried out or about to be carried out on behalf of a third party or by us.
12.2 Section 70 of PAIA contains an overriding provision. Disclosure of a record is compulsory if it would reveal (i) a substantial contravention of, or failure to comply with the law; or (ii) there is an imminent and serious public safety or environmental risk; and (iii) the public interest in the disclosure of the record in question clearly outweighs the harm contemplated by its disclosure.
12.3 If the request for access to information affects a third party, then such third party must first be informed within 21 (twenty one) days of receipt of the request. The third party would then have a further 21 (twenty one) days to make representations and/or submissions regarding the granting of access to the record.
13. Remedies Available to a Requester on Refusal of Access
13.1 If the Information Officer refuses access to a record, you will be provided with reasons for the refusal as provided for in clause 11 above, if you are not satisfied with the outcome of the decision, you are entitled to:
13.1.1 apply to court of competent jurisdiction to take the matter further; or
13.1.2 lodge a complaint with the Information Regulator, within 180 (one hundred and eighty) days of the decision, alleging that the decision was not in compliance with PAIA, in the prescribed manner and form.
14.1 Copies of this Manual are available for inspection, free of charge, at the registered offices of The Group at the address listed above.
14.2 Copies will also be made available on the Group website/s
AUDITING PROFESSION ACT 26 OF 2005
BASIC CONDITIONS OF EMPLOYMENT ACT 75 OF 1997
BROAD-BASED BLACK ECONOMIC EMPOWERMENT ACT 53 OF 2003
CLOSE CORPORATIONS ACT 69 OF 1984
COLLECTIVE INVESTMENT SCHEMES CONTROL ACT 45 OF 2002
COMPANIES ACT 71 OF 2008
COMPENSATION FOR OCCUPATIONAL INJURIES AND DISEASES ACT 130 OF 1993
DISASTER MANAGEMENT ACT 57 OF 2002
DIVORCE ACT 70 OF 1979
EMPLOYMENT EQUITY ACT 55 OF 1998
ESTATE DUTY ACT 45 OF 1955
FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 37 OF 2002
FINANCIAL INTELLIGENCE CENTRE ACT 38 OF 2001
FINANCIAL MARKETS ACT 19 OF 2012
FINANCIAL SECTOR REGULATION ACT 9 OF 2017
FINANCIAL SERVICES OMBUD SCHEMES ACT 37 OF 2004
INCOME TAX ACT 58 OF 1962
INSURANCE ACT 18 OF 2017
LABOUR RELATIONS ACT 66 OF 1995
LOCAL GOVERNMENT: MUNICIPAL PROPERTY RATES ACT 6 OF 2004
MEDICAL SCHEMES ACT 131 OF 1998
NATIONAL CREDIT ACT 34 OF 2005
NATIONAL MINIMUM WAGE ACT 9 OF 2018
NATIONAL ROAD TRAFFIC ACT 93 OF 1996
OCCUPATIONAL HEALTH AND SAFETY ACT 85 OF 1993
PREVENTION OF ORGANISED CRIME ACT 121 OF 1998
PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000
SECURITIES TRANSFER TAX ACT 25 OF 2007
SHORT-TERM INSURANCE ACT 53 OF 1998
TAX ADMINISTRATION ACT 28 OF 2011
TOBACCO PRODUCTS CONTROL ACT 83 OF 1993
TRANSFER DUTY ACT 40 OF 1949
TRUST PROPERTY CONTROL ACT 57 OF 1988
UNEMPLOYMENT INSURANCE ACT 63 OF 2001
VALUE-ADDED TAX ACT 89 OF 1991
Please note that the forms provided in this appendix are hosted by the Information Regulator, should you be unable to access the forms, you can access them directly on the information regulators’ website.
1 PAIA Forms
1.1 Form 01: Request for a Guide from the Regulator
1.2 Form 01: Request for a Copy of the Guide from an Information Officer
1.3 Form 02: Request for Access to Record
1.4 Form 03: Outcome of request and of fees payable
1.5 Form 05: Complaint Form
1.6 Form 13: PAIA Request for Compliance Assessment Form
2 POPIA Forms
2.1 Form 1: Objection to the Processing of Personal Information
2.2 Form 2: Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information