Protection of Personal Information Policy


The Protection of Personal Information Act No 4 of 2013 (“the Act”) is aimed at giving effect to the constitutional right to privacy by safeguarding personal information and regulates how personal information must be processed. 36ONE Asset Management (Pty) Limited (”36ONE / we / our”) regards the lawful and correct treatment of personal information as important to the achievement of its business objectives. 36ONE is legally obliged to protect any personal information we hold for our clients, our suppliers and our employees.

This POPI Policy explains how we will obtain, use and disclose your personal information, as is required by the Protection of Personal Information Act (The Act). This policy sets out:

  • Who we are
  • What information we collect
  • How we use your information
  • To whom we disclose your information
  • How we safeguard your information
  • Your rights to access and correcting your information
  • Changes to this policy
  • How to contact us


  • “Data Subject or Client” means the person to whom personal information relates;

  • “Direct Marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of—
    (a) promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
    (b) requesting the data subject to make a donation of any kind for any reason

  • “Information Officer” of, or in relation to, a—
    (a) public body means an information officer or deputy information officer as contemplated in terms of section 1 or 17 of The Act; or
    (b) private body means the head of a private body as contemplated in section 1, of the Promotion of Access to Information Act;

  • “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
    (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well being, disability, religion, conscience, belief, culture, language and birth of the person;
    (b) information relating to the education or the medical, financial, criminal or employment history of the person;
    (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
    (d) the biometric information of the person;
    (e) the personal opinions, views or preferences of the person;
    ( f ) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    (g) the views or opinions of another individual about the person; and
    (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

  • “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
    (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    (b) dissemination by means of transmission, distribution or making available in any other form; or
    (c) merging, linking, as well as restriction, degradation, erasure or destruction of information;


36ONE Asset Management (Pty) Ltd (“36ONE / we / our”) is a private company and an authorized financial services provider (FSP No 19107).

The objective of this policy is to protect 36ONEs’ information assets from threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimise business damage, and to maximise business opportunities, as well as to ensure the continued protection of our client’s personal information.

This policy sets out the manner in which 36ONE deals with personal information and stipulates the purpose for which said information is used. The Policy is made available on the company website,, and by request from the company’s Information Officer.


We collect information directly from you where you provide us with your personal information, for example when you purchase a product or services from us or when you submit enquiries to us or contact us.

36ONE collects and processes client’s personal information pertaining to the client’s financial needs. A client may be a retirement fund, its management and trustee board, an individual, and an employer. For purposes of this Policy, clients include potential and existing clients.

The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, we will inform the client as to the information required and the information deemed optional.

Examples of personal information we collect include, but is not limited to:

  • The Client’s Identity number, name, surname, postal and physical address, postal code, marital status, and number of dependents;
  • Description of the client’s, business, assets; financial information, tax number, banking details, etc.
  • Any other information required by 36ONE, suppliers, insurers and asset managers in order to provide clients with an accurate analysis and assessment of their financial needs.

36ONE collect and processes our client’s personal information for marketing purposes (i.e. our newsletter) only once the client has provided consent to do so.


We will use your personal information only for the purpose of rendering financial services to you and for the purpose for which it was collected or agreed with you, for example:

  • to effectively process your investment transactions;
  • to communicate to you in respect of your funds invested with 36ONE;
  • to detect and prevent fraud;
  • to comply with auditing and record-keeping requirements;
  • to comply with legal and regulatory requirements;
  • to identify and verify your identity;
  • to share information with service providers with whom 36ONE has a business agreement to process such information on 36ONE’s behalf or to those who render services to 36ONE.


36ONE may engage with other organisations to provide support services. Third Parties are obliged to respect the confidentiality of any personal information held by 36ONE. 36ONE shall not disclose your personal information to any product or third-party service providers unless agreements are in place to ensure that all service providers comply with these confidentiality and privacy terms.

We may disclose your information where we have a duty or right to disclose your information in terms of applicable legislation, or where it is necessary to protect our legal rights.


We are legally obliged to provide adequate protection for our Client’s personal information. We will, on an ongoing basis, continue to review our security controls and related processes in order to ensure your personal information is secure.

Our security policies and procedures cover:

  • Physical security;
  • Computer and network security;
  • Access to personal information; Secure communications;
  • Security in contracting out activities or functions;
  • Retention and disposal of information;
  • Acceptable usage of personal information;
  • Governance and regulatory issues;
  • Monitoring access and usage of personal information;
  • Investigating and responding to security incidents.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.

We strive to ensure the security, integrity and privacy of any personal information submitted by a client or prospective client. We will review and update our security measures in accordance with future legislation and technological advances. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure, however, we will endeavour to take all reasonable steps to protect the personal information, which a client submits to the us. We will always set the highest standards to ensure the integrity of our systems. 36ONE will not be held responsible for the loss, destruction, or disclosure of a client’s personal information due to a force majeure event.


Clients have the right to access the personal information 36ONE holds about them. Clients also have the right to ask 36ONE to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, we may no longer process said personal information. We will take all reasonable steps to confirm our clients' identity before providing details of their personal information or making changes to their personal information.

The details of 36ONE’s Information Officer are as follows:


Name Grant Mann
Telephone nuumber +27 10 501 0250
E-mail address


FSP Name 36ONE Asset Management (Pty) Ltd
Registration Number 2004/035570/07
Postal Address Private Bag 10361, Sandton, 2146
Physical Address 140 West Street, Sandton, 2196
Office Telephone Number +27 10 501 0250

Our Client’s also have the right to ask us to update, correct or delete personal information. You may do this by contacting 36ONE on the company contact details listed above and requesting the correction or deletion of any information we hold. We will take all reasonable steps to confirm your identity before making changes to personal information we may hold about you.


Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once a year. Clients are advised to access 36ONE's website periodically to keep abreast of any changes. Where material changes take place, clients will be notified directly, or changes will be stipulated on our website.


If you have questions about this policy or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us at the following number: +27 10 501 0250.