Website and email privacy statement of Mentenova (Pty) Ltd

Mentenova (Pty) Ltd collects, processes and stores personal information in the ordinary course of conducting its business. We are committed to protecting personal information and to processing such information lawfully and responsibly in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA), applicable financial services legislation and other relevant South African laws.
This statement provides a general overview of how personal information is collected, used, stored and protected, and explains the rights of data subjects.
A data subject refers to a natural or juristic person to whom personal information relates.
________________________________________

Why

As a provider of financial and related professional services, we collect and process personal information in order to:
• provide services to clients and prospective clients
• fulfil contractual obligations
• comply with regulatory and legal requirements, including those arising from financial sector legislation
• communicate with stakeholders and maintain business relationships
• administer operations, risk management and governance processes
• distribute communications, newsletters, research or updates where individuals have elected to receive such information
Personal information is processed only where a lawful basis exists. This may include:
• the consent of the data subject
• performance of a contract or pre-contractual engagement
• compliance with legal or regulatory obligations
• protection of legitimate interests pursued by Mentenova or a third party
• other lawful grounds recognised under POPIA
We will only collect information that is adequate, relevant and limited to what is necessary for the intended purpose.
________________________________________

How

We maintain a structured data protection and POPIA compliance framework supported by internal policies, risk assessments, governance controls and oversight by an appointed Information Officer.
Personal information is typically obtained directly from data subjects through:
• our website and electronic forms
• email or electronic correspondence
• onboarding processes and contractual engagements
• meetings, telephonic discussions or professional interactions
In certain circumstances, information may be obtained from publicly available sources or authorised third parties where permitted by law.
Personal information may be processed by trusted third party service providers such as regulators, auditors, professional advisers, technology vendors, software platforms or operational suppliers where required to deliver services or maintain business operations. Appropriate contractual and security safeguards are implemented where third parties process personal information on our behalf.
We implement reasonable technical and organisational measures designed to protect personal information against loss, unauthorised access, disclosure or misuse.
________________________________________

Cross-border transfers

Personal information may be transferred outside the Republic of South Africa where operationally required.
This may occur where:
• cloud infrastructure or hosting services are located internationally
• software providers or service partners operate from foreign jurisdictions
• individuals subscribe through our website to mailing lists, newsletters or electronic communications distributed via international technology platforms
Where cross-border transfers occur, we take reasonable steps to ensure compliance with section 72 of POPIA by ensuring that the recipient is subject to adequate data protection standards or that appropriate safeguards, agreements or lawful grounds exist.
By submitting personal information through our website or subscribing to communications, data subjects acknowledge that such cross-border processing may occur.
________________________________________

What

Depending on the nature of our interaction, we may collect personal information including:
• identifying information such as name, identity number, company registration details, email address, physical address, telephone number or online identifiers
• information relating to education, employment, financial history or regulatory requirements
• correspondence that is implicitly or explicitly private or confidential
• personal opinions, views or preferences
• biometric information where lawfully required
• information relating to race, gender, health, religion or other special personal information where permitted by law
• information relating to children where legally required and appropriately authorised
Certain information may be collected to comply with regulatory obligations, including anti-money laundering, financial sector compliance and governance requirements.
________________________________________

Retention of information

Personal information will be retained only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal and regulatory obligations.
Retention periods may be influenced by requirements under financial services legislation, including FAIS record keeping obligations, tax legislation, anti-money laundering requirements and other statutory duties.
________________________________________

Data subject rights

Data subjects have the right to:
• request confirmation of whether we hold personal information about them
• request access to such information
• request correction or updating of inaccurate or incomplete information
• request deletion or restriction of processing where legally permissible
• withdraw consent where processing is based on consent
• object to certain processing activities as allowed under applicable law
Data subjects are not obliged to provide personal information. However, failure to provide required information may prevent us from delivering certain services or complying with legal obligations.
________________________________________

Electronic communications and marketing

Where individuals subscribe to communications or mailing lists, personal information may be used to send electronic updates, newsletters or other communications relevant to our services.
Individuals may opt out of such communications at any time using the unsubscribe functionality included in electronic messages or by contacting us directly.
________________________________________

Enquiries or complaints

Any person may contact us using the details provided on our website to speak with our Information Officer or to submit queries or complaints relating to personal information.
Information Officer: info@mentenova.co.za
Data subjects also have the right to lodge a complaint with the Information Regulator of South Africa:
complaints.IR@justice.gov.za
www.justice.gov.za/inforeg/
________________________________________

Consent

By visiting our website, communicating electronically with us or submitting personal information, the data subject acknowledges and consents to the processing of personal information as described in this notice, including potential cross-border transfers where operationally required.