Liberty Privacy and Security Notice

​Your right to privacy and security is very important to us. The Liberty Group and its subsidiaries, (Liberty, we, us, our) treat personal information as private and confidential.

When we mention Liberty Group in this statement, terms like "we," "us," or "our" encompass all legal entities within the Liberty Group structure. Similarly, when referring to clients, "you" or "your" pertains to clients associated with a legal entity within the Liberty Group.

Liberty is a subsidiary of The Standard Bank Group and the incorporation into Standard Bank provides synergies and advantages not only in South Africa but across the African continent, positioning Liberty as an integral part of a universal financial services organisation focused on delivering exceptional customer experiences and superior value.

Liberty Group’s simplified legal structure highlights the major subsidiaries and businesses and can be viewed on its website at Financial Services Company | Insurance and Investments | Liberty

 

Regulation of data privacy and protection

As we operate in different countries and through various legal entities, we adhere to the relevant data protection and privacy laws in each of these countries. Consequently, the specific Liberty Group legal entity responsible for determining the purpose and means of processing your personal information (known as the responsible party or controller/operator) may vary. In other words, the legal entity that maintains the business relationship with you may not always be the same. When you acquire a product or service, the responsible party or data controller will be clearly communicated to you.

 

What is the purpose and scope of this statement?

This statement aims to inform you about how we handle your personal information, including how we collect, use, store, share, update, and protect it. In some countries, personal information is also called personal data. We'll explain your privacy rights and the legal protections in place.

We may combine your personal information from across the Group and use it for the purposes outlined in this statement, as long as we have legal grounds to do so. Your personal information might be processed in a country with different data protection standards than your country of origin. However, we commit to processing and transferring personal information only to countries where we are confident about adequate data protection.

Ensuring the privacy, confidentiality, and security of your personal information is a top priority for us. This commitment is crucial to maintaining your trust and meeting your needs effectively. To uphold this, we have implemented comprehensive Group-wide policies and procedures dedicated to safeguarding your personal information.

 

What is personal information and what types of personal information do we collect?

Personal information is any information from which you can be identified. The personal information we may collect about you includes:



name, age, gender, sex, date of birth and identifying numbers;


physical and postal addresses, e-mail addresses and contact numbers;


online identifiers and your online behaviour such as cookies and IP addresses;


engagements with us including use of products or services, transactions, requests, queries, applications and complaints;


banking information and financial information with regard to financial behaviour, goals and needs;


internal reports and other derivative data based on the personal information we collect;


other personal information including biometric details, race or ethnic origin, nationality, marital status, employment history, criminal history and behaviour, medical and health history.



 

How and with whom we collect and share personal information

At Liberty, transparency is key, and we want you to understand how we collect and share your personal information. Here's a breakdown:

Collection Methods:



We collect your personal information directly from you, whether it's through phone conversations or online channels such as our website, mobile apps, or messaging platforms.



 

Direct Collection:



When you purchase our products, contact us, or provide information through this website, we collect your personal information directly.



 

Third-Party Involvement:



To fulfil our responsibilities as a registered long-term insurer and authorised financial services provider, we may collect and share your information with selected third parties. These include regulatory bodies, financial advisers, intermediaries, Standard Bank Group companies, credit bureaus, and other insurers or authorised financial services providers for fraud prevention.



 

Purposes of Collection:

We will collect personal information directly from you or by telephone or through online channels such as our website, mobile applications or electronic messaging platforms.



We collect personal information for the purposes set out in this notice or otherwise communicated to you.


We collect personal information directly from you when you purchase our products, contact us directly or provide information through this website.


We may collect from and share your personal information with selected third parties to ensure we meet our responsibilities as a registered long-term insurer and authorised financial services provider. These third parties may include, but are not limited to:


Regulatory bodies


Financial Advisers and other intermediaries


Member companies of the Standard Bank Group


Credit bureaus


Other insurers or authorised financial services providers for prevention of fraud


We collect personal information from and about you for the following purposes, but not limited to:


Assess your individual requirements accurately


Deliver effective and personalised services to you that comply with applicable regulations.


Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services)


Tell you about services and products available within the Group


Constantly improve our offerings to suit your unique needs


To verify and protect your identity


Conduct credit checks


Regulatory reporting


Comply with relevant regulatory requirements, including monitoring and analysing your account for credit, fraud, compliance and other risk-related purposes as required by law.


As otherwise allowed by law



Your personal information is crucial for us to provide, or continue to provide, the products or services you need. Your choices matter, and we are here to ensure your information is handled responsibly and in your best interest.

 

Why do we process your personal information?

Our responsibilities to you are very important to us and we aim to provide you with personalised services to meet your needs. We may process your personal information for any of the reasons outlined below:



Contract requirements



We may need to process your personal information if we require it to conclude or perform under a contract or agreement with you for a product or service that you have applied for either with us or through our business partners with whom we have entered into a partnership, collaboration or alliance arrangement or for purposes of:



providing products and services, such as opening and maintaining your account, executing transactions, administering claims, collecting payments, managing risks, and nurturing our overall relationship with you;


communicating with you regarding the products or services you have with us; or


providing you with further information that you request from us regarding the products or services you have with us.





Lawful obligations



We may need to process your personal information for the following purposes:



To complete integrity and business conduct checks required for compliance purposes including due diligence and onboarding processes, monitoring and assurance reviews and conduct sanctions screening against any sanctions lists.


To comply with other risk management, regulatory and legislative requirements.


To comply with voluntary and mandatory codes of conduct.


To detect, prevent and report theft, money laundering, terrorist financing, corruption or other potentially illegal activity, or activity that could lead to loss.


To process and settle transactions and payments.


To conduct research and analysis (which may include assessing product suitability, credit quality, insurance risks, market risks and affordability, developing credit models and tools and obtaining related information).





Legitimate Interest



The Liberty Group may process your personal information in the regular management of its business and to protect the interests of the Group and its clients, depositors, shareholders, employees and other third parties, including our business partners and members of the general public. As a member of the Standard Bank Group, Standard Bank may process your personal information in order to:



Maintain, monitor, improve and develop our business policies, systems and controls;


Maintain and improve data quality;


Design, develop and test products, services and solutions for clients, which may include combining sources and types of your personal information across multiple legal entities and countries, subject to compliance with applicable laws;


Personalise and customise products, services and solutions, messaging and advertising;


Respond to client enquiries and communications and to record these interactions for the purpose of analysis and improvement;


Manage business emergencies and stress events;


Process and settle transactions and payments;


Meet record-keeping obligations;


Conduct research and analysis (among other things, to assess product suitability, credit quality, insurance risks, market risks and affordability, to conduct behavioural profiling, to develop credit models and tools and to obtain related information);


Enable clients to use value-added solutions and participate in reward programmes;


Achieve other related purposes.





Consent



In addition to the reasons given above, we may process your personal information where we have your specific consent for a defined purpose. We will also seek your consent where applicable laws require it. When we may reveal personal information without consent, we will not reveal personal information to anyone outside Liberty or our service providers without your permission, unless:



we must do so by law or in terms of a court order;


it's in the public interest;


we need to do so to protect our rights;


there is a legitimate purpose for the sharing.



 

Storage

​We store personal information as required by law.

Transfer across borders

Sometimes we will process your personal information in other countries, either to carry out your instructions or for ordinary business purposes. These countries may not have the same level of protection. We will only process your personal information with your consent. If necessary, we will ask the party to whom we transfer your personal information to agree to our privacy principles, associated policies and practices.

 

Where will we process your personal information?

We ask other organisations to provide support services to us. When we do this, they have to agree to our privacy policies if they need access to any personal information to carry out their services. Our website may contain links to or from other websites. We try to link only to websites that also have high standards and respect for privacy, but we are not responsible for their security and privacy practices or their content. We recommend that you always read the privacy and security notices on these websites.

To meet the demands of Liberty Group's operations, we may handle your personal information in South Africa or in countries where we are active, delivering our products or services. This includes locations where our valued third-party service providers operate. Your data's security is paramount in our business approach. Integrated processing holds the following benefits for you:



A single, holistic view of your information that helps us to manage your client profile, authenticate your identity and protect you against fraud.


Improved business processes and service delivery (and less duplication of information provided).



 

How will we communicate with you?

Following your approval, we use various channels to ensure seamless communication about your existing products and services, and to provide timely updates. Here's how we may reach out:



In-person Communication


SMS, Email, and Phone Calls


Automated Calls


Mobile Device Notifications and In-App Notifications



 

We understand the importance of staying up-to-date on your existing products and services. Whether it's conveying new features or conducting research, these communication channels serve to enhance your overall experience. Additionally, we may reach out through these channels to share exciting updates about new products or services, providing you with comprehensive insights and choices. Your permission empowers us to keep you well-informed and connected.

 

How do we use your personal information for marketing?

If you give us permission, we may use your personal or other information to tell you about products, services and special offers from us or other companies that may interest you.

If you no longer wish to be contacted for marketing purposes, you may opt out at any time as per the instructions contained in any marketing communication you receive. You can also opt out by contacting our customer servicing centre on 0860 456 789 or contacting your financial adviser. Each Group entity that you have a relationship with will allow you to manage your marketing preferences in line with locally applicable laws.

 

How is your personal information protected?

We are committed to protecting your personal information. We implement all reasonable controls to secure access to your data. When third parties are involved in processing your information for the purposes stated in this notice and other legal requirements, we ensure they are contractually obligated to follow appropriate security practices.

For your online interactions with us, be it on our website or during transactions, rest assured that we employ encryption methods (secret codes) that align with international standards, providing a secure digital environment.

It's important to note that we may share or receive personal information from parties mentioned above, even if they are located outside the Republic of South Africa. Regardless of geographical boundaries, we maintain consistent and robust security measures to safeguard your privacy.

 

What are your rights?

We value your trust and want you to be familiar with your rights under the legislation and to know how you can exercise them in your interactions with the Liberty Group. You have the right to:



access the personal information we hold about you and to correct and update your information;


object to our processing your personal information, where applicable;


request that we delete your personal information where appropriate;


be notified that your personal information is being collected by us or has been accessed or acquired by an unauthorised person;


object to the processing of personal information for the purposes of direct marketing;


not be subject to automated decision-making processes in respect of an application for products and/or services, except under certain circumstances; and


to request reasons or make a representation to us if your application for products and/or services is refused.



 

Use of cookies on our website

We use cookie technology on some parts of our website and applications. A cookie is small pieces of text that is saved on your internet browser when you use our website or applications. The cookie is sent back to our computer each time you visit our website or applications. Cookies make it easier for us to give you a better experience online. You can stop your browser from accepting cookies, but if you do, some parts of our website or online services may not work. To use or store cookie types that are not required for the functioning of the website or applications we will obtain your consent first.

For this reason, we limit our use of cookies to:



providing products and services that you request;


delivering advertising through marketing communications;


providing you with a better online experience and tracking website performance; and


helping us make our website more relevant to you.



 

We use the following types of cookies on our online channels, such as our website.



Strictly necessary cookies



These cookies are mandatory and are required for the effective operation and functioning of our website on your device. They enable you to use the website and the features on the website and cannot be switched off.



Performance cookies



These are optional cookies that collect information about how you use the website but not any personal information. Performance information is anonymous and mostly statistical and is used to improve the performance of our website.



Marketing cookies or advertising cookies



These cookies are also optional and are used to deliver and display advertisements that are relevant and engaging for you as the user. They help us measure how effective our advertising campaigns are by your interaction with the advertisement.



Session cookies



These cookies are temporary and optional and only exist while you browse our website to remember your activities on the website. As soon as you close the website or move to a different website, the cookies are deleted.



Persistent cookies



These are permanent, optional cookies that are stored on your device until they reach a set expiry date or until you delete them. They remember your preferences or actions on our website (or in some cases across different websites). We may use them for various reasons, for example to remember your preferences and choices when you use our website, or to display relevant advertising campaigns to you.



First-party cookies



These are cookies that we create and store when you use our website and relate to information obtained directly from you.



Third-party cookies



These cookies are owned and created by a third party that provides a service to us such as social media sharing, website analytics or content marketing. These cookies are intended to collect information directly from you by us and we share the personal information with the third party through the cookies that the third-party stores on our website.

 

Social Media

When you engage with us through our social media channels your personal information may be processed by the social media platform owner. This process is outside our control and the processing activities may be in a country outside of your home country that may have different data protection laws. For more information about the privacy practices of a social media platform, please refer to and read the terms and conditions of that social media platform before you use it or share any personal information on it.

Our social media accounts are not appropriate forums to discuss our clients’ products or financial arrangements. We will never ask you to share personal information, account or policy information on social media platforms. We may, however, ask you to message us in private through one of our official social media channels.

 

Data Protection Legislation in the Group

Countries to be displayed:

Country

Data Protection Legislation

Angola

Data Protection Law – 22/11

Botswana

Data Protection Act – 2018

eSwatini

Data Protection Act No.5 of 2022

Ghana

Data Protection Act 2012 (Act 843)

Isle of Man

Isle of Man Data Protection Act 2018

Jersey

Jersey Data Protection Law 2018

Kenya

Data Protection Act of 2019

Lesotho

Data Protection Act of 2011

Mauritius

Mauritius Data Protection Act 2017

Nigeria

Nigeria Data Protection Regulation

South Africa

Protection of Personal Information Act 4 of 2013

Tanzania

The Personal Data Protection Act No.11 of 2022

Uganda

Data Protection and Privacy Act – 2019

Zambia

Data Protection Act of 2021

 

Privacy and security statements that apply to specific online services

Different online services or businesses of Liberty may have their own privacy and security policies because the service or product they offer may need different or extra policies. These specific policies will apply to your use of the particular service where they are different from our general policies.

 

Personal use of emails and notice about checking on emails

Our communication and information systems are for business use. However, we realise that our employees occasionally use our systems for personal use. Personal use includes sending or receiving personal emails within or outside Liberty. We do not accept responsibility for the contents of personal emails sent by our employees using our systems. Please note that we may intercept, check on and delete any communications created, stored, sent, or received using our systems, according to any law that applies.

Right to change this privacy and security notice

We may always change this privacy and security notice. We will put all changes on our website. The latest version of our privacy and security notice will replace all earlier versions of it, unless it says differently. Email us on privacy@liberty.co.za if you have any questions about this privacy and security notice.

Right of access to information: Promotion of Access to Information Act

The Promotion of Access to Information Act (PAIA) (https://inforegulator.org.za/acts/ - refer to PAIA) was passed in order to give effect to the constitutional right of access to information held by a public or private body for the exercise or protection of any right.

 

A requester must be given access to any information record of Liberty if all the following requirements are met:

 



The record is required for the exercise or protection of any right of the individual.


The requester meets the procedural requirements of the act relating to a request for access to an information record.


The request falls outside any of the grounds of refusal contemplated in the act.



 

Liberty Group including all wholly or partially owned subsidiaries and associated juristic persons (hereinafter referred to as "Liberty") is a private body as defined in the Act. Liberty is bound by this Act and shall process any request made in terms thereof.

Please click on the links below to access the Liberty information manual and Request form.

 



The Liberty Access to Information Manual


The request form


Outcome of request and of fees payable



 

Liberty clients

All Liberty clients are allowed access to their own information without having to use the request for access to information procedures as set out in the Promotion of access to information act, including, but not limited to:



Policy documents


Account information


Personal records


Voice recordings



All Liberty clients should contact the relevant call centre or department to request access to their own information without having to use the request for access to information procedure. Please note that there may be administration costs associated with retrieval of certain types of information records.

Any Liberty client who wishes to be given access to information that is deemed to belong to Liberty or any of its other clients must follow the request for access to information procedure (Request procedure).

 

Request procedure

The following procedure is applicable to requests for access to information in terms of the act:

 

 

Liberty must process a request that meets the procedural requirements within 30 (thirty) days of receipt thereof. Liberty shall inform the requester in writing of any extension of the period to deal with a request.

Contact person

All requests for information must be directed to the following address:

Group Privacy Officer
PO Box 10499
Johannesburg
2000
Tel: +27 11 408 2559 / +27 11 408 5027
E-mail: privacy@liberty.co.za



The requester must complete in full the prescribed request form and send that to the Group Privacy Officer


Where required to do so by the Group Privacy Officer, the requester must deposit a prescribed fee to ensure that processing takes place (The requester will be notified where the Group Privacy Officer requires a deposit)


The prescribed fee, where applicable, as provided for in paragraph 9.2 of the PAIA manual, must be paid and proof of payment (e.g. copy of deposit slip) submitted following your request (Please ensure that you use the following reference for your deposit or we will not be able to identify it as belonging to you: "PAIA" followed by your initial(s) and surname e.g. If your initials and surname is AN Smith, you must use PAIA AN Smith as your reference).


If you qualify for exemption of the payment of any fee, please state the reason for exemption


The completed request form and proof of deposit must be sent to:

Particulars of Liberty (or Division of Liberty)
Group Privacy Officer
PO Box 10499
Johannesburg
2000
Tel: +27 11 408 2559 / +27 11 408 5027
E-mail: privacy@liberty.co.za


Upon receipt of the request form and proof of deposit, Liberty:



Assess the request form to ensure completeness


Confirm receipt of the request fee


Process the request if it meets the procedural requirements of the act


Notify a third party where applicable


Decide whether to grant or deny the request


Let the requester know of the decision


Notify the requester about the payable access fee if the request is granted


Repay the R140.00 (one hundred and forty rand) request fee to the requester if the request is refused


Release the requested information record to the requester upon confirmation of receipt of the payable access fee