Kanan Wealth's Privacy and Personal Information Policy

Kanan Wealth Proprietary Limited (reg: 2019/277726/07) (“Kanan Wealth”) adheres to the highest  standards of protecting your personal information when we process it by virtue of your use of our Services,  your use of our website https://www.kananwealth.co.za/ or any of its related blogs, websites, applications  or platforms (collectively, “the Website”), or by providing us with your personal information in any other  way. As such, we have created this specific and detailed Privacy Policy for you to read and appreciate exactly  how we safeguard your personal information and respect your privacy (“Policy”).  

  • Please note that Kanan Wealth is a private limited liability company duly registered and operating in  accordance with the laws of South Africa. We are also a licensed Financial Services Provider under FSP  license 36443. 
  • For more information regarding your personal information lawfully stored or used by Kanan Wealth,  please contact info@kananwealth.com and we will gladly assist. 

Not all terms are necessarily defined in order or may be defined in our other agreements or policies.

Please ensure that you read all the provisions below, and our other Kanan Wealth rules and policies  which may apply from time to time and made available to you, to understand all of your, and our, rights  and duties.

Frequently Asked Questions

1. Important information and who we are

1.1. Purpose of this Privacy Policy  

1.1.1. This Privacy Policy aims to give you information on how Kanan Wealth collects and  processes your personal data through any form of your engagement with Kanan Wealth such as your engagement with us when contracting or corresponding with us, when using  our Services, accessing or using the Website, or providing us with your personal  information in any other way (such as when participating in surveys, participating in  events or signing up for newsletters). 

1.1.2. This Privacy Policy complies with, and facilitates the obligations required from, the South  African Protection of Personal Information Act, No. 4 of 2013 (“POPI”), as amended. Users with citizenships from jurisdictions other than of South Africa, please  note that Kanan Wealth complies with all South African data protection  laws when processing your personal information pursuant to the Services  as we are a South African entity operating in the South African market.  Should foreign law be applicable in any regard to your use of the Services  and/or the Website in any way, including how we may process your  personal information, please contact Kanan Wealth at info@kananwealth.com and we will gladly engage you on its application  and your rights. 

1.1.3. It is important that you read this Privacy Policy together with any other privacy policy or  fair processing notice we may provide on specific occasions when we are collecting or  processing personal data about you, so that you are fully aware of how and why we are  using your data. This Privacy Policy supplements the other notices and is not intended to  override them. 

1.1.4. By virtue of the comprehensive and very unique services we provide to our clients, we  have to process limited special categories/sensitive of personal data as well as the data  of minors of our clients and some contractors. Users understand and expressly consent  to this processing. All such special categories/sensitive data is protected/secured at  better standards than conventional data.

1.2. Responsible Party and Operator roles 

1.2.1. Kanan Wealth is the “Responsible Party” and is responsible for your personal data in  instances where we decide the processing operations concerning your personal data.  Sometimes we also operate as a “Operator” of personal data on behalf of a third-party  Responsible Party, where that Responsible Party’s privacy terms will apply, but we will  draw your attention to them, when applicable. 

1.2.2. Users also understand and agree that should you be using the services of an independent  financial service provider who uses Kanan Wealth for particular processing services, then  that user’s financial service provider is the Responsible Party for that data, and not Kanan  Wealth. Should this be the case, users must approach their provider and confirm their  compliance with the applicable data laws.

1.2.3. We have appointed an Information Officer (“IO”) at Kanan Wealth who is responsible for  overseeing questions in relation to this Privacy Policy. If you have any questions about  this Privacy Policy, including any requests to exercise your legal rights, please contact the  IO using the details set out below. 

1.2.4. Our full details are: 

▪ Full name of legal entity: Kanan Wealth Proprietary Limited 

▪ Name of IO: Jonathan Henning 

▪ Email address: jhenning@kananwealth.com 

▪ Postal address: 31 Rugley Road, Vredehoek, Cape 

Town, 8005 

▪ Telephone number: 021 461 2429 

1.2.5. You have the right to make a complaint at any time to the South African regulator’s office  (Information Regulator’s Office of South Africa). We would, however, appreciate the  chance to deal with your concerns before you approach any such regulator, so please  contact us in the first instance. 

1.3. Changes to the Privacy Policy and your Duty to Inform us of Changes  

1.3.1. This Privacy Policy version was last updated on 7 June 2021 and historic versions are  archived and can be obtained by contacting us. 

1.3.2. It is important that the personal data we hold about you is accurate and current. Please  update your personal data yourself by keeping us informed (using email or telephone  engagements) if your personal data changes during your relationship with us. 

1.4. Third-Party Links on Website or otherwise 

1.4.1. The Website may include links to third-party websites, third-party service providers, plug ins and applications. Clicking on those links or enabling those connections may allow third  parties to collect or share data about you. We do not control these third-party websites  and are not responsible for their privacy statements or terms. When you leave our  Website, or engage with such third parties, we encourage you to read the distinct privacy  policy of every third-party you engage with. 

2. The data we collect about you

2.1. Personal data, or personal identifiable information, means any information about an individual,  both natural and juristic entities (i.e. people and companies), from which that entity can be  identified. It does not include data where the identity has been removed (anonymous data). 

2.2. We may collect, use, store and transfer (“process”) different kinds of personal data about you  which we have grouped together as follows: 

2.2.1. Identity Data including first name, maiden name, last name, identity number, passport  number, birth certificate number, date of birth, age, gender, nationality, and photograph  (non-biometric quality), or the information about your company such as company  registration details, company address and name; 

2.2.2. Contact Data including email address, fax number, postal address, home telephone  number, mobile telephone number, business telephone number, business email address,  business fax number, business address, business mobile telephone number; 

2.2.3. Trust Data including trustee and beneficiary full names, identity numbers and documents,  email addresses and telephone numbers; 

2.2.4. Financial Data including bank account details; 

2.2.5. Transaction Data including details about payments to and from you, service or  performance contracts, contractual terms, contract fees, signups, invoices and other  details of services you have obtained from us, or provide to us; 

2.2.6. Minors’ Data including first name, last name, birth information, identity number,  home/residential address, email address, telephone number; 

2.2.7. Health Data including medical record, including information about physical or  psychological state of health, well-being, disability, disease state, medical history or  medical treatment or diagnosis by a health care professional, prescription information  such as prescription number and prescribed drug, health insurance identification or  member number, drugs, therapies, or medical products or equipment used, patient  identification number, genetic test results or information, family health or morbidity  history, pregnancy status, insurance claim history and medical aid number; 

2.2.8. Sensitive Data including marital status; 

2.2.9. Usage Data including information about how you use our company, Website, surveys,  events and Services; and 

2.2.10. Marketing and Communications Data including your preferences in receiving notices and  marketing from us and our third parties and your communication preferences. 

2.3. We also collect, use and share Aggregated Data such as statistical or demographic data for any  purpose. Aggregated Data may be derived from your personal data but is not considered personal  data in law as this data does not directly or indirectly reveal your identity. For example, we may  aggregate your Usage Data to calculate the percentage of users accessing a specific Website  feature. However, if we combine or connect Aggregated Data with your personal data so that it  can directly or indirectly identify you, we treat the combined data as personal data which will be  used in accordance with this Privacy Policy. 

2.4. Where we need to collect personal data by law, or under the terms of a contract we have with you  and you fail to provide that data when requested, we may not be able to perform the contract we  have or are trying to enter into with you (for example, to provide you with services or allow you  to provide us with your services). In this case, we may have to cancel Website-access or Services  you have with us, but we will notify you if this is the case at the time.

3. How is your personal data collected?

3.1. We use different methods to collect data from and about you, including through: 

3.1.1. Direct interactions: You may give us your Identity, Contact, Trust, Social Media, Usage,  Transaction, Sensitive, Minors, Health, Special Categories, Marketing &  Communications and Financial Data by filling in various Kanan Wealth forms, Website  forms or by corresponding with us by post, phone, email or otherwise. This includes  personal data you provide when you: use our Services; use our Website; contract with us (as a client, service provider or otherwise); consult with us; complete forms; sign-up for newsletters; interact with us via webinar or social platform group, such as a Facebook™ group provide any services to us as a service provider or independent contractor on  contract with us; request information to be sent to you; attend any Kanan Wealth event whether online (such as online calls or  webinars) or in person; or give us some feedback. 

3.1.2. Automated technologies or interactions: As you interact with our Website, we may  automatically collect Usage Data about your equipment, browsing actions and patterns.  We may collect this personal data by using server logs and other similar technologies.  

3.1.3. Third parties or publicly available sources: We may receive personal data about you from  various third parties and public sources as set out below: Technical Data and Usage Data from the following parties: analytics providers Commspace based in South Africa and Google  

Analytics based in the USA; Twitter, Facebook, LinkedIn based in based in the USA; survey data providers Survey Monkey and Mailchimp based in the  

USA; marketing platforms Mailchimp based in the USA; and search information providers Astute based in South Africa; Contact, Financial and Transaction Data from a substantial and dynamic list  of various sources, which can be provided to any data subject upon request. 

4. How we use your personal data

4.1. We will only use your personal data when the law allows us to and for legitimate reasons, which  you hereby expressly understand and consent to. Most commonly, we will use your personal data  in the following circumstances: 

4.1.1. where we have your express consent to do so; 

4.1.2. where we need to consult with you or perform on the Services contract we are about to  enter into or have entered into with you; 

4.1.3. where it is necessary for our legitimate interests (or those of a third party) and your  interests and fundamental rights do not override those interests; and/or 

4.1.4. where we need to comply with a legal or regulatory obligation.

4.2. Purposes for which we will use your personal data: 

4.2.1. We have set out below, in a table format, a description of all the ways we plan to use your  personal data, and which of the legal bases we rely on to do so. We have also identified  what our legitimate interests are, where appropriate, and which exact External Third  Parties your personal data is handed to for same reasons. 

4.2.2. Note that we may process your personal data for more than one lawful ground depending  on the specific purpose for which we are using your data. Please contact us if you need  details about the specific legal ground we are relying on to process your personal data  where more than one ground has been set out in the table below.

To engage with you
after you have
contacted us
requesting an
engagement via the
Website or
(a) Identity
(b) Contact
(c) Marketing and
(a) Express consent
(b) Performance of a contract
with you
(c) Necessary for our legitimate
interests (to keep our
records updated and to
study how engagees use
our services, as well as to
develop our services and
grow our organisation)
WordPress, open
Microsoft Office,
Mailchimp, USA
To provide you with
our Services as
contracted (as a
(a) Identity
(b) Contact
(c) Social Media
(d) Usage
(e) Transaction
(f) Sensitive
(g) Professional &
(h) Minors
(i) Health
(j) Special Categories
(k) Marketing &
(l) Financial Data
(a) Performance of a contract
with you
(b) Express consent
(c) Necessary to comply with a
legal obligation.
Atwork, South Africa
Microsoft Office,
Commspace, South
Mailchimp, USA
To contract with you
as an Operator
and/or other third
party service
(a) Identity (limited)
(b) Contact (limited)
(c) Financial
(d) Professional &
(a) Performance of a contract
with you
(b) Express consent
(c) Necessary to comply with a
legal obligation
Commspace, South
Microsoft Office,
To contract with you
/ manifest rights
associated with
trustees and trust
(a) Identity (limited)
(b) Contact (limited)
(c) Trust
(a) Performance of a contract
with you
(b) Express consent
(c) Necessary to comply with a
legal obligation
Atwork, South Africa
Microsoft Office,
Commspace, South
Mailchimp, USA
To contract with you
as a Product Supplier
service provider to
Kanan Wealth
(a) Identity (limited)
(b) Contact (limited)
(c) Financial
(d) Professional &
(e) Transaction
(a) Performance of a contract
with you
(b) Express consent
(c) Necessary to comply with a
legal obligation
Microsoft Office,
To process and
service your
payment for any
services rendered by
Kanan Wealth or its
service providers
To manage
payments, fees and
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(a) Performance of a contract
with you
(b) Necessary for our legitimate
interests (to make or
receive necessary
organisation payments)
(c) Express consent
Wave App, Canada
Microsoft, USA
To manage our
relationship with you
which may include
notifying you about
changes to our terms
or Privacy Policy or
(a) Identity
(b) Contact
(c) Marketing and
(a) Performance of a contract
with you
(b) Necessary to comply with a
legal obligation
(c) Necessary for our legitimate
interests (to keep our
records updated and to
study how engagees use
our Services)
(d) Express consent
Microsoft, USA
Atwork, South Africa
Mailchimp, USA
To administer and
protect our
organisation and our
Website (including
data analysis,
testing, system
support, reporting
and hosting of data)
(a) Identity
(b) Contact
(c) Usage
(a) Necessary for our legitimate
interests (for running our
organisation, provision of
administration and IT
services, network security,
to prevent fraud and in the
context of an organisation
restructuring exercise)
(b) Necessary to comply with a
legal obligation
(c) Express consent
Solid Systems, South


4.2.3. Marketing We strive to provide you with choices regarding certain personal data uses,  particularly around marketing and advertising. To manifest your rights attached to any marketing sent to you as an existing customer, please use the  in-built prompts provided on those communications, or contact us. You will receive marketing communications from us if you are a contracted  data subject of ours already (or become one by accepting this Policy) have  requested information from us, use our Services, have participated in any  Kanan Wealth service or event, or if you provided us with your details when  registering for a promotion or event and, in each case, you have not opted out of receiving that marketing. 

4.2.4. Third-Party Marketing Whilst we may use your personal data within our Kanan Wealth organisation  group, we will get your express opt-in consent before we share your personal  data publicly with any entity outside the Kanan Wealth group of organisations  for public purposes. 

4.2.5. Opting-Out You can ask us or authorised third parties to stop sending you marketing  messages at any time by contacting us or the relevant third party at any time and requesting us to cease or change your marketing preferences. Where you opt-out of receiving these marketing messages, this opt-out will  not apply to other personal data of yours which we processfor another lawful  basis. 

4.2.6. Change of Purpose We will only use your personal data for the purposes for which we collected  it, unless we reasonably consider that we need to use it for another reason  and that reason is compatible with the original purpose. If you wish to get an  explanation as to how the processing for the new purpose is compatible with  the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify  you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge  or consent, in compliance with the above rules, where this is required or  permitted by law. 

5. Disclosures of your personal data

5.1. We may have to share your personal data with the parties set out below for the purposes set out  in the table above. 

5.1.1. Internal Third Parties as set out in the Glossary; 

5.1.2. External Third Parties as set out in the Glossary; 

5.1.3. Specific third parties listed in the table above; and/or

5.1.4. Third parties to whom we may choose to sell, transfer, or merge parts of our organisation  or our assets. Alternatively, we may seek to acquire other organisations or merge with  them. If a change happens to our organisation, then the new owners may use your  personal data in the same way as set out in this Privacy Policy. 

5.2. We require all third parties to respect the security of your personal data and to treat it in  accordance with the law. We do not allow our third-party service providers to use your personal  data for their own purposes and only permit them to process your personal data for specified  purposes and in accordance with our instructions and standards. 

6. Express Cookies provision

6.1. The Website may make use of “cookies” to automatically collect information and data through the  standard operation of the Internet servers. “Cookies” are small text files a website can use (and  which we may use) to recognise repeat users, facilitate the user’s on-going access to and use of a  website and allow a website to track usage behaviour and compile aggregate data that will allow  the Website operator to improve the functionality of the Website and its content, and to display  more focused advertising to a user by way of third party tools.  

6.2. The type of information collected by cookies is not used to personally identify you. If you do not  want information collected through the use of cookies, there is a simple procedure in most  browsers that allows you to deny or accept the cookie feature. Please note that cookies may be  necessary to provide you with certain features available on our Website, and thus if you disable  the cookies on your browser you may not be able to use those features, and your access to our  Website will therefore be limited. If you do not disable “cookies”, you are deemed to consent to  our use of any personal information collected using those cookies, subject to the provisions of this  Policy and our other policies or terms. 

7. International transfers

7.1. We share your personal data within the Kanan Wealth group of organisations and affiliates, and  this may involve transferring and processing your data outside of South Africa. 

7.2. Whenever we transfer your personal data out of either territory, we ensure a similar degree of  protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

7.2.1. We will always have a contract concluded between the parties speaking specifically to  data protection and the duties of each party related thereto; and 

7.2.2. We will only transfer your personal data to countries that have been deemed to provide  an adequate level of protection for personal data by the Information Regulator’s Office  of South Africa; and/or 

7.2.3. Where we use certain service providers, we may use specific contracts/clauses approved  by the Information Regulator’s Office which give personal data the same protection it has  in South Africa. 

7.3. Please contact us if you want further information on the specific mechanism used by us when  transferring your personal data out of South Africa.

8. Data security

8.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed by using data encryption wherever possible as well as anonymise data where possible. We also implement cutting-edge security and ensure that all of our data servers and technologies are audited and maintained by industry-leading specialists in IT security. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

8.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data retention

9.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected  it for, including for the purposes of satisfying any legal, accounting, or reporting requirements (including financial/tax reporting and record-keeping laws). 

9.2. To determine the appropriate retention period for personal data, we consider the amount, nature,  and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure  of your personal data, the purposes for which we process your personal data, any other South  African applicable law requiring us to retain the data and whether we can achieve those purposes  through other means, and the applicable legal requirements. 

9.3. Details of retention periods for different aspects of your personal data are available from us by  contacting us. 

9.4. In some circumstances you can ask us to delete your data; see below for further information. 

9.5. In some circumstances we may anonymise your personal data (so that it can no longer be  associated with you) for research or statistical purposes in which case we may use this information  indefinitely without further notice to you. 

10.Your legal rights

10.1. Under certain circumstances, you have rights under data protection laws in relation to your  personal data where we are the relevant “Responsible Party” over such personal data. Please  contact us to find out more about, or manifest, these rights: 

10.1.1. request access to your personal data; 

10.1.2. request correction of your personal data; 

10.1.3. request erasure of your personal data; 

10.1.4. object to the processing of your personal data; 

10.1.5. request a restriction of processing your personal data; 

10.1.6. request transfer of your personal data; and/or 

10.1.7. right to withdraw consent.

10.2. You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or  excessive. Alternatively, we may refuse to comply with your request in these circumstances. 

10.3. We may need to request specific information from you to help us confirm your identity and ensure  your right to access your personal data (or to exercise any of your other rights). This is a security  measure to ensure that personal data is not disclosed to any person who has no right to receive  it. We may also contact you to ask you for further information in relation to your request to speed  up our response. 

10.4. We try to respond to all legitimate requests within one month. Occasionally it may take us longer  than a month if your request is particularly complex or you have made a number of requests. In  this case, we will notify you and keep you updated. 

11. Glossary

11.1. Lawful Basis  

11.1.1. Legitimate Interest means the interest of our organisation in conducting and managing  our organisation to enable us to give you the best service and the most secure experience.  We make sure we consider and balance any potential impact on you (both positive and  negative) and your rights before we process your personal data for our legitimate  interests. We do not use your personal data for activities where our interests are  overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our  legitimate interests against any potential impact on you in respect of specific activities by  contacting us. 

11.1.2. Performance of Contract means processing your data where it is necessary for the  performance of a contract to which you are a party or to take steps at your request before  entering into such a contract. 

11.1.3. Comply with a legal or regulatory obligation means processing your personal data where  it is necessary for compliance with a legal or regulatory obligation that we are subject to. 

11.1.4. Express consent means the confirmed express consent you have provided to our  processing of your personal data by actively accepting this Privacy Policy. 

11.2. Third Parties  

11.2.1. Internal Third Parties means other entities or parties in the Kanan Wealth group acting  as joint controllers or processors and who are based in South Africa and provide IT and  system administration services and undertake reporting. 

11.2.2. External Third Parties means: Authorised third-party service providers under contract with Kanan Wealth who need your personal information in order to contact and transact with you  pursuant to your use of the Services; specific third parties who have been identified in the table above; service providers acting as processors based in South Africa who provide IT  and system administration services; South African or other national governments and/or their respective  authorities pursuant to our adherence with anti-corruption and crime fighting legislation; and/or professional advisers acting as processors or joint controllers including  lawyers, bankers, auditors and insurers based in South Africa who provide  consultancy, banking, legal, insurance and accounting services as required. 

11.3. Your legal rights  

11.3.1. You have the right to: Request access to your personal data (commonly known as a “data subject  access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Request correction of the personal data that we hold about you. This enables  you to have any incomplete or inaccurate data we hold about you corrected,  

though we may need to verify the accuracy of the new data you provide to us. Request erasure of your personal data. This enables you to ask us to delete  or remove personal data where there is no valid reason for us continuing to  process it. You also have the right to ask us to delete or remove your personal  data where you have successfully exercised your right to object to processing  (see below), where we may have processed your information unlawfully or  where we are required to erase your personal data to comply with local law.  

Note, however, that we may not always be able to comply with your request  of erasure for specific legal reasons which will be communicated to you, if  applicable, at the time of your request. Object to processing of your personal data where we are relying on a  legitimate interest (or those of a third party) and there is something about  your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You  also have the right to object where we are processing your personal data for  direct marketing purposes. In some cases, we may demonstrate that we have  compelling legitimate grounds to process your information which override  your rights and freedoms. Request restriction of processing of your personal data. This enables you to  ask us to suspend the processing of your personal data in the following  scenarios: if you want us to establish the data’s accuracy; where our use of the data is unlawful but you do not want us to  erase it; where you need us to hold the data even if we no longer require  it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data, but we need to verify  whether we have overriding legitimate grounds to use it. Request the transfer of your personal data to you or to a third party. We will  provide to you, or a third party you have chosen, your personal data in a  structured, commonly used, machine-readable format. Note that this right  only applies to automated information which you initially provided consent  for us to use or where we used the information to perform on a contract with  you. Withdraw consent at any time where we are relying on consent to process  your personal data. However, this will not affect the lawfulness of any  processing carried out before you withdraw your consent. If you withdraw  your consent, we may not be able to provide certain Website access or  Services to you. We will advise you if this is the case at the time you withdraw  your consent. Please take note that regardless of your right to withdraw  consent under POPI, other South African legislation applies and may require  that we continue to process your data in order to comply with anti corruption, financial reporting, crime-fighting and/or other national  legislation, which you expressly understand and agree to.

Annexure A

With reference to Clause, see below:
AIB Glacier – South Africa
Aldes Business Brokers – South Africa
Allan Gray – South Africa
Charles Schwab – USA
Credo – South Africa
Currency Partners – South Africa
DB Law – South Africa
Definitive Capital – South Africa
Discovery Group – South Africa
Fund House – South Africa
Glacier – South Africa
Greenberg and Associates – South Africa
IFA Net- South Africa
Investec Group – South Africa
Just Annuity – South Africa
Liberty Group – South Africa
Momentum – South Africa
Nedbank Private Wealth – South Africa
Nedgroup Investments – South Africa
Ninety-One – South Africa
Optomise – South Africa
Praxis FM – Channel Islands
Sanlam – South Africa
Signal Asset Management – South Africa
Sovereign Trust – South Africa
Stein Accounting – South Africa
Westbrooke – South Africa