For the purposes of this summary, a reference to ‘we’ or ‘us’ is a reference to all Sable International group companies.
We operate a joint-controller system within the Sable International company group. This means that the data controller in respect of the processing of your personal information shall be us (Sable International Group Limited) together with any other of our group companies which are directly involved in the provision of services to you.
How we collect or obtain information about you
- when you provide it to us (e.g. by contacting us using our online contact form on our website, by making enquiries by email, telephone, letter or in person, by signing up to our e-newsletter).
- When you provide it directly to any of our group companies (e.g.by making enquiries by email, telephone, letter or in person)
- from your use of our website, using cookies and similar technologies, and
- occasionally, from third parties.
Information we collect
Name, contact details, payment information (e.g. your credit or debit card details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable), VAT number (if applicable), and identity-checking information such as passport number, national insurance or social security numbers.
Additional information we collect for specific services
In addition to the above, we also collect further information where you order specific services from us such as account numbers, financial history or records, credit-checking information, family tree information, medical information and criminal conviction information.
How we use your information
For administrative purposes (particularly group-wide record keeping), business purposes (particularly to contact you and process any requests or orders you place on our website), to improve our business and website, to fulfil our contractual obligations such as to provide you with any services you order, to advertise our services, to analyse your use of our website, and in connection with our legal rights and obligations.
Disclosure of your information within the Sable group
We share information you provide us with our other group companies in order to provide you with the services you request, to fulfil our contractual obligation, and to advertise our services. Our group companies also share some of your personal information with us for our internal administrative and business purposes such as processing payments record keeping and sending out our e-newsletter.
Disclosure of your information to third parties
Only to the extent necessary to run our business, to our third-party service providers, to fulfil any contracts we enter into with you and where required by law or to enforce our legal rights.
Do we sell your information to third parties (other than in the course of a business sale or purchase or similar event)
How long we retain your information
For no longer than necessary, taking into account any legal obligations we or any of our group companies have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business), the period of time within which claims may be filed in connection with the performance of our services, and certain additional factors described in the main section below entitled How long we retain your information. For specific retention periods in relation to certain information which we collect from you, please see the main section below entitled How long we retain your information.
How we secure your information
Using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology, only granting access to your information where necessary, only sharing within the Sable group the information necessary to perform our business functions or administer our business, encryption of personal data, encrypted email, pseudonymisation and/or anonymisation of information collected electronically from cookies or similar technologies, storing your information within the European Economic Area where possible (or subject to approved technical and organisational safeguards where this is not possible) and keeping within any group company service provider information which is only needed by that particular company.
Transfers of your information outside the European Economic Area
In certain circumstances we transfer your information outside of the European Economic Area, including to the following countries: South Africa, Australia, the United Kingdom and the United States of America. Where we do so, we will ensure appropriate safeguards are in place, including the third parties we use who transfer your information outside the European Economic Area have self-certified themselves as compliant with the EU-U.S. Privacy Shield, the relevant third country is subject to an adequacy decision, or the receiving entity is bound by the standard contractual clauses for transfer of personal data outside the EEA (‘SCCs’).
Use of automated decision making and profiling
We use automated decision making and/or profiling, including through our use of web analytics, cookies, web beacons or server logs analysis tools (profiling), through our use of targeting cookies to display advertisements to people who visit our website from other websites around the internet (e.g. using the Google AdSense network) (automated decision making). The companies within the Sable group also use profiling and/or automated decision making when deciding whether we are able to provide you with our professional services, such as when undertaking identity checks, anti-money-laundering and know-your-customer checks, as well as when checking your scores with credit-referencing agencies.
Your rights in relation to your information
- To access your information and to receive information about its use."
- To have your information corrected and/or completed.
- To have your information deleted.
- To restrict the use of your information.
- To receive your information in a portable format.
- To object to the use of your information.
- To withdraw your consent to the use of your information.
- Not to have significant decisions made about you based solely on automated processing of your information, including profiling.
- To complain to a supervisory authority.
We may occasionally collect what is commonly referred to as ‘sensitive information’ when you provide us with medical information relevant to any inheritance, wills or estate-planning services you request, in which case we do so strictly on the basis of your explicit consent. We do not otherwise process sensitive information, and do not otherwise submit sensitive information about you to us. For more information, please see the main section below entitled Sensitive Information.
3. Our details
The data controller
The data controller in respect of our website www.sableinternational.com, and the primary data controller in respect of the whole Sable International corporate group is Sable International Group Limited. ‘Sable International’ is a trading name of Sable International Group Limited. Our company registration number is 03635405 and our registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT. The data controller is the person which determines the purposes and means of processing your information. You can contact the data controller by writing to 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT or sending an email to email@example.com or via the contact form on our website.
We operate a joint-controller arrangement within the Sable group. This means that in most situations, two or more of our group companies together are jointly responsible for deciding how your personal information will be processed.
When you begin to engage one of the Sable International group companies to provide services to you, the joint data controllers in respect of your personal information shall be both (i) us, Sable International Group Limited and (ii) the company which you engage to provide the services. If you engage multiple companies from our group to provide additional services to you, each service provider shall be a joint controller in respect of your personal information.
Data Protection Officer
The data protection officer for the data controller is Mr Gary Kockott. You can contact the data protection officer by writing to Gary Kockott, Regent Square, Doncaster Road, Kenilworth, 7708, South Africa or sending an email to firstname.lastname@example.org.
4. The Sable International corporate group
- Sable International Group Limited (company number 03635405), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
- Sable International Holdings Limited (company number 03219009), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT..
- Sable International Limited (company number 06203868) whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
- Sable International FX Limited (company number 07070528), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
- Sable Private Wealth Management Limited (company number 04305265), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
- Sable Private Wealth (Pty) Limited (company number 2016/018525/07), a South African company, regulated by the Financial Sector Conduct Authority under licence number 48122, whose offices are at Block B1 Regent Square, Doncaster Road, Kenilworth, Western Cape, 7708, South Africa
- Sable International Australia Pty Ltd (company number 147429838), an Australian company whose offices are at 9 Yarra Street, South Yarra, Melbourne, Victoria 3141, Australia.
- Sable International FX Pty Ltd (company number 129881947), an Australian company whose offices are at 9 Yarra Street, South Yarra, Melbourne, Victoria 3141, Australia
- Sable Accounting Limited (company number 03517738), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
- Sable International Immigration Limited (company number 03665089), whose registered address is at 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
5. How we collect or obtain information about you
Information collected from you
We collect information about you when you provide it to us, such as through your use of our website and its features, when you contact us directly by email, phone, in writing, or via social media, when you order goods and services, when you use any of our other websites or applications or any other means by which you provide information to us.
General information we may collect about you
The types of information we collect about you which we collect either from our website or which is relevant to the majority of the services we provide includes information such as:
- your first, middle and last names;
- your email address;
- your home address
- your mobile phone number;
- your landline number;
- your payment information (e.g. your credit or debit card details) when you order services;
- your IP address;
- information about your browsing device (e.g. device and browser type);
- information about how you use our website (e.g. which pages you have viewed, the time you viewed them and what you clicked on);
- cookies and similar technologies;
- information about your mobile device (such as your geographical location);
- a list of our services which you are interested in;
- your business and company information (including company name, number and registered address); and
- your VAT number (or your business’s VAT number).
Specific information we may collect to provide our services
The types of specific additional information we collect about you in order to provide certain specific services to you includes information such as:
- financial information such as account identification numbers, sort codes, IBAN and SWIFT numbers;
- information about any property or other tangible assets you own;
- details of previous bank accounts you have held;
- previous addresses in which you have lived during the last 20 years;
- information about your family members and your family tree (in the case of estate planning, wills and inheritance services);
- health and medical information (only to the extent that it is relevant to estate planning, wills and inheritance services);
- any criminal convictions (in the case of visa/immigration applications);
- credit-referencing information (for financial products involving credit);
- information relating to your current and previous employment;
- information about any companies in which you hold share capital;
- copies of your passport, driving licence or other identity card (for identity checks); and
- scans of legal documents bearing your name or relating to assets you own such as title deeds, court documents, employment contracts, statutory declarations, other official documents, including, without limitation, visa or citizenship application forms, share certificates, credit notes, debentureshich or other legal securities you may hold or which are effective against assets you own, birth or death certificates of yourself or your relatives and marriage register entries, inter alia.
Cookies are data files which are sent from a website to a browser to record information about users of a website.
You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so may impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.
We use Google Analytics on our website to understand how you engage and interact with it. For information on how Google Analytics collects and processes data using cookies, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking by visiting: www.tools.google.com/dlpage/gaoptout. We use web beacons in our marketing emails and/or on our website. For information on how third parties use information gathered from our use of web beacons, please visit https://pixel.facebook.com/about/privacy/, www.iubenda.com/privacy-policy/83631461/cookie-policy and www.mailchimp.com/legal/privacy/. Some (but not all) browsers enable you to restrict the use of web beacons by either preventing them from sending information back to their source (e.g. when you choose browser settings which block cookies and trackers) or by not accessing the images containing them (e.g. if you select a “do not display images (in emails)” setting in your email server).
We use Facebook Pixel on our website to monitor and measure the success of our advertisements. For information on how Facebook collects and processes data using Facebook Pixel, please visit www.facebook.com/about/privacy. You can block Facebook Pixel by visiting www.youronlinechoices.com, selecting your country, clicking “Your Ad Choices”, then locating Facebook and selecting the “Off” option.
Information received about you from third parties
We do receive information about you from third parties. The third parties from whom we receive information about you will generally include your previous financial service providers, your employer, and occasionally your family members, trustees and/or beneficiaries (in the case of wills, inheritance and estate planning).
It is also possible that third parties with whom we have had no prior contact may provide us with information about you.
Information we obtain from third parties will generally be your name and contact details, but will include any additional information about you which they provide to us.
Legal bases for processing
Where a third party has passed on information about you to us (such as your name and email address) in order for us to provide services to you, we will process your information in order to take steps at your request to enter into a contract with you and perform a contract with you (as the case may be).
Where you have asked a third party to share information about you with us and the purpose of sharing that information is not related to the performance of a contract or services by us to you, we will process your information on the basis of your consent, which you give by asking the third party in question to pass on your information to us.
Where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances. For example, we would have a legitimate interest in processing your information to perform our obligations under a sub-contract with the third party, where the third party has the main contract with you. Our legitimate interest is the performance of our obligations under our sub-contract. Similarly, third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement.
Information obtained by us from third parties
In certain circumstances (for example, to verify the information we hold about you or obtain missing information we require to provide you with a service) we will obtain information about you from certain publicly accessible sources, both EU and non-EU, such as the electoral register, Companies House, online customer databases, business directories, media publications, social media, and websites (including your own website if you have one).
In certain circumstances will also obtain information about you from private sources, both EU and non-EU, such as credit-referencing agencies around the world, and in particular, Experian, Equifax and TransUnion in the United Kingdom.
Legal bases for processing
Where you have entered into a contract or requested that we enter into a contract with you, in certain circumstances, we will obtain information about you from public sources in order to enable us to understand your business and provide services to you or services to a sufficient standard. For example, we would obtain and/or verify your email address from your website or from a directory where you ask us to send you information by email but we do not possess the information or we need to confirm that we have recorded your email address correctly.
In certain circumstances, we will have a legitimate interest in obtaining information about you from public and private sources. For example, if you have infringed or we suspect that you have infringed any of our legal rights, we will have a legitimate interest in obtaining and processing information about you from such sources in order to investigate and pursue any suspected or potential infringement. We may also obtain data brokers to market to you under our legitimate interest of direct marketing.
6. How we use your information
We will use your information for one or more of the following purposes. The legal basis on which we use your information is set out and explained after each purpose:
Administrative and business purposes
- Improving our website and business, including personalising our website and services for you and other customers. This is necessary for our legitimate interest of better understanding our other customers’ and potential customers’ preferences and tailoring our website, products and services to their needs, preferences and desires.
- To supply you with Sable’s e-newsletter bulletin where you have signed up to this. This is on the basis that you have provided your specific consent to receive Sable’s e-newsletter bulletin from time to time by email.
- Protecting our business and our business interests, including for the purposes of credit and background checks, fraud and website misuse prevention and debt recovery. This is necessary for our legitimate interests of preventing criminal activity such as fraud or money laundering, for ensuring that our website and services are not misused. Where we carry out credit and background checks, we will only carry out such checks to the extent that we are permitted or authorised by law to do so and to the minimum extent necessary.
- Communicating with our business advisors and legal representatives. This is necessary for our legitimate interests of obtaining legal or professional business advice. In such circumstances, we will only share your information where it is necessary to do so, to the minimum extent necessary, subject to appropriate confidentiality restrictions and on an anonymised basis wherever possible.
- Within the Sable corporate group from time to time for internal administrative purposes, including client, customer and employee information. This will be necessary for our legitimate interest of running and managing our business. Where you have purchased goods or services from us or asked us to take certain actions to enter into a contract with you, this will be necessary for us to perform a contract with you or take steps at your request to do so.
- Sharing your information with third parties which are either related to or associated with the running of our business (including to third parties within our corporate group from time to time) such as our business partners, insurers, affiliates, associates, suppliers, independent contractors (including our third party advisors such as accountants, lawyers and notaries), email providers, IT and web development service providers and any contract counterparties involved in transactions you have asked us to perform for you. We will share your information with these parties where it is necessary for our legitimate interest of running and managing our business effectively, fulfilling our contractual obligations (e.g. to our insurers) or for our own direct marketing purposes. Where you purchase goods or services from us or request that we take steps to do so, we may also need to share your information with such third parties in order to perform a contract which we have entered into with you or to take steps, at your request, to enter into a contract with you. Where we share your information with such third parties, we will do so strictly on a need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.
- Processing or passing on your information to third parties, such as foreign exchange agents and payment service providers, including Mastercard, Datacash, GoCardless and Barclaycard in order to process your payments for the services you order from us. This is necessary for us to perform a contract we have entered into with you (or to take steps, at your request, to enter into a contract with you) and for that third party’s legitimate interest in processing your payment(s)
for the services you order from us.
- Ensuring physical, network and information security and integrity. This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks.
- To send you marketing communications. This is necessary for our legitimate interest of direct marketing and promoting our business. Where we are required by law to obtain your consent to market to you, however, the legal basis on which we process your information will be your consent rather than our legitimate interests.
Advertising and analytical purposes
- Providing statistical information to third parties such as Google Analytics, Olark, Facebook, Microsoft and CrazyEgg. This is necessary for our and third parties’ legitimate interests of processing information for research purposes, including market research, better understanding our respective customers, and tailoring our respective products and services to their needs. Your information will be shared with such parties on an anonymised basis.
- Displaying advertisements to you and analysing the information we receive in relation to those advertisements. This is necessary for our own and for third parties’ legitimate interests in direct marketing and advertising our and their products and services respectively, and for market research purposes.
Legal and enforcement of legal rights
- Enforcing our legal rights. This is necessary for our legitimate interest of protecting our business and enforcing our contractual and other legal rights.
- Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with a legal obligation to which we are subject, in the general public interest or for the legitimate interests of governmental bodies and competent authorities that prevent crime.
- In communication with any of our professional regulators. This is necessary for our legitimate interest of compliance with a legal obligation to which we are subject and in the general public interest.
- In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
- Complying with laws, regulations and other legal requirements. We may need to use and process your information in order to comply with legal obligations to which we are subject. For example, we may require your information pursuant to a statutory obligation to conduct anti-money-laundering checks or to disclose your information to a court following receipt of a court order or subpoena. We may also need your information to comply with ongoing legal obligations, such as tax laws and regulations to which we are subject (where you have placed an order for goods or services with us for example).
The processing of your information to comply with legal obligations to which we are subject applies to legal obligations of other countries where they have been integrated into the legal framework of the United Kingdom, for example in the form of an international agreement which the United Kingdom has signed. Where the legal obligations of another country have not been so integrated, we will process your information to comply with such obligations where it is in our legitimate interest to do so.
Use of your information only where we have your consent
Where we process your information on the basis of your consent, you can withdraw your consent to such processing at any time by emailing us at email@example.com or writing to us at Sable International, 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT
Our use of automated decision-making, including profiling
We use automated decision-making, including profiling. Automated decision-making is decision-making by technological means (i.e. by a machine) without human involvement. Profiling is any form of automated processing of your information to evaluate personal aspects about you, in particular to analyse or predict things like your performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
We automate some of our decision-making and profiling functions in order to improve the efficiency of our business, to expedite the delivery of any orders placed by you, to improve the consistency with which we deliver our products or services, to reduce our administrative costs, to update our records, to organise our customer database to improve the services we offer you, to monitor your interaction with our business, to evaluate the viability of any services you have requested and to undertake identity checks and credit checks.
This is important because it means that many actions and decisions we take (such as whether we enter into a contract with you, the amount of any credit we are able to offer you, or the storage, use and transfer of your information, as well as specific communications that we may send you) are performed automatically by machines and algorithms rather than humans.
Your information will be used by these systems to determine how we interact with you, and also to collect aggregate anonymised data relating to our collective customer base. This is significant because the outcome of your interactions with us will in certain circumstances be based on the information you provide to us (and information we receive from third parties) and not the choices of any individual. Depending on the outcome of the automated decision making or profiling activity, we may not be able to offer you certain services
You have the right to request that we do not use automated decision-making in relation to your information by emailing us at firstname.lastname@example.org.
7. Data sharing within the Sable group
We do share information within Sable’s corporate group for the purposes of allowing us to provide a better and more efficient service to you, to enable us to organise our records through our centrally-managed CRM system, and to carry out basic business administrative functions such as enquiry allocation, e-newsletter bulletin dispatch and customer service management.
The information that we do share within the Sable group includes the information listed under the section entitled ‘General information we may collect about you’, above, and not information which is not relevant to the other services we provide.
In addition, entities in the Sable group do cross reference the information we hold about you for the purposes of undertaking regulatory, compliance or best-practice procedures such as identity checking, know-your customer (KYC) and anti-money-laundering (AML) checks.
8. How long we retain your information
This section sets out how long we retain your information. We have set out specific retention periods where possible. Where that has not been possible, we have set out the criteria we use to determine the retention period.
Server log information: we retain information on our server logs for two (2) years.
Service information: when you engage us to provide our services, we retain that information for six years following the end of the financial year in which those services were completed and/or you otherwise ceased to be a customer of Sable, in accordance with our legal obligation to keep records for tax purposes.
Correspondence and enquiries: when you make an enquiry or correspond with us for any reason, whether by email or via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for six (6) further month(s), after which point we will delete your information.
E-Newsletter: we retain the information you used to sign up for our e-newsletter for as long as you remain subscribed (i.e. you do not unsubscribe) or if we decide to cancel our e-newsletter service, whichever comes earlier.
Criteria for determining retention periods
In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:
- the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
- whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
- whether we have any legal basis to continue to process your information (such as your consent);
- how valuable your information is (both now and in the future);
- any relevant agreed industry practices on how long information should be retained;
- the levels of risk, cost and liability involved with us continuing to hold the information;
- how hard it is to ensure that the information can be kept up to date and accurate; and
- any relevant surrounding circumstances (such as the nature and status of our relationship with you).
9. How we secure your information
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
- only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
- only storing on Sable’s central CRM system the minimum amount of your information which is needed for all the services we are providing you, and minimising the sharing of personal information which might be relevant to only one group company;
- using secure servers to store your information;
- verifying the identity of any individual who requests access to information prior to granting them access to information;
- using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website; and
- only transferring your information via closed system or encrypted data transfers.
Transmission of information to us by email
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
10. Transfers of your information to other countries and safeguards used
We may need to transfer your information outside of the country in which we collected or obtained it, including outside the European Economic Area or to an international organisation from time to time. Where we transfer your information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:
- data protection policies adhered to by the data controller/s and other companies and entities within the Sable corporate group from time to time, which comply with applicable laws, known as “binding corporate rules” or “BCRs”;
- standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner’s Office and approved by the European Commission in accordance with relevant law;
- a code or codes of conduct produced by an association or other body approved by the Information Commissioner’s Office;
- an approved certification mechanism (such as the EU-US Privacy Shield); or
- where authorised by the Information Commissioner’s Office, contractual clauses between the data controller or processor and the data controller, processor or recipient of the information in the third country or international organisation.
You can access these safeguards by emailing email@example.com or writing to Sable International, 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT.
11. Your rights in relation to your information
Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by writing to Sable International, 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT or sending an email to firstname.lastname@example.org:
- To request access to your information and information related to our use and processing of your information.
- To request the correction or deletion of your information.
- To request that we restrict our use of your information.
- To receive information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller (including a third party data controller).
- To object to the processing of your information for certain purposes (for further information, see the section below entitled Your right to object to the processing of your information for certain purposes).
- To withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
- The right not to be subject to a decision based solely on automated processing, including profiling which produces legal affects concerning you or similarly significantly affects you.
- The right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation.
For the purposes of the United Kingdom, the supervisory authority is Information Commissioner’s Office (ICO), the contact details of which are available here: www.ico.org.uk/global/contact-us/.
For the purposes of South Africa, the supervisory authority is the Information Regulator, the contact details of which are available here: www.justice.gov.za/inforeg/
For the purposes of Australia, the supervisory authority is the Office of the Australian Information Commissioner, the contact details of which are available here: www.oaic.gov.au/
Further information on your rights in relation to your personal data as an individual
The above rights are provided in summary form only and certain limitations apply to many of these rights. For further information about your rights in relation to your information, including any limitations which apply, please visit the following pages on the ICO’s website:
- https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/; and
You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here: www.ec.europa.eu
Verifying your identity where you request access to your information
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information
How we verify your identity
Where we possess appropriate information about you on file, we will attempt to verify your identity using that information.
If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.
We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.
12. Your right to object to the processing of your information for certain purposes
You have the following rights in relation to your information, which you may exercise in the same way as you may exercise by writing to Sable International, 13th Floor, One Croydon, Addiscombe Road, Croydon, England, CR0 0XT or sending an email to email@example.com.
- to object to us using or processing your information where we use or process it in order to carry out a task in the public interest or for our legitimate interests, including ‘profiling’ (i.e. analysing or predicting your behaviour based on your information) based on any of these purposes; and
- to object to us using or processing your information for direct marketing purposes (including any profiling we engage in that is related to such direct marketing).
You may also exercise your right to object to us using or processing your information for direct marketing purposes by:
- clicking the unsubscribe link contained at the bottom of any marketing email we send to you, including the Sable e-newsletter bulletin, and following the instructions which appear in your browser following your clicking on that link; or
- sending an email to firstname.lastname@example.org asking that we stop sending you marketing communications or by including the words “OPT OUT”.
For more information on how to object to our use of information collected from cookies and similar technologies, please see the section entitled How to accept or reject cookies in our cookies policy, which is available here.
13. Consequences of not providing your information to us
Where you wish to purchase products or services from us, we require your information in order to enter into a contract with you. We may also require your information pursuant to a statutory obligation (in order to be able to send you an invoice for products and services you wish to order from us, for example).
If you do not provide your information, we will not be able to enter into a contract with you or to provide you with those products or services.
14. Sensitive Personal Information
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
Except in the case of medical information which may be relevant to wills, inheritance and estate planning services, we do not otherwise knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. If such information has not been provided in connection with wills, inheritance and estate planning services, we will use and process your sensitive personal information for the purposes of deleting it.
No medical information provided to us will be shared within the Sable group or stored on our central CRM system.
We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.
Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.
16. Children’s Privacy
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.
It is possible that we could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 18, please do so by sending an email to email@example.com.
17. California Do Not Track Disclosures
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about Do Not Track, please visit www.allaboutdnt.org
At this time, we do not respond to Do Not Track browser settings or signals. [In addition, we use other technology that is standard to the internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to the website. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.] For information on how to opt out from tracking technologies used on our website, see our cookies policy which is available here.
18. Copyright, credit and logo
19. Personal data relating to criminal convictions
Requests for erasure of personal data will be dealt with in accordance with Article 17 of the GDPR.
Special category data
Personal data refers to any information by which a living individual can be identified. Individual identification can be information alone or in conjunction with other information. Certain categories of personal data have additional legal protections when being processed. These categories are referred to in the legislation as “special category data” and data concerning:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Sex life or sexual orientation
Criminal offence data
The processing of criminal offenses data also has additional legal safeguards. Criminal offence data includes information about criminal allegations, criminal offences, criminal proceedings and criminal convictions.
Special category and criminal offence data we process about you:
Sable International collects, processes and shares special category and criminal offence data where it is necessary in order to carry out our functions. Sable International will share this data with third parties only where strictly necessary.
Sable International may also obtain and process this data for other statutory and legal obligations for example, including, but not limited to:
- Responding to data subject access requests under data protection legislation.
- In connection with our duties under the Equality Act 2010.
20. Data deletion and retention policy
Sable International has developed this policy to highlight and ensure compliance with information and data security requirements. In addition, records management, through the proper control of the content, storage and volume of records, reduces the vulnerability to legal challenge and financial loss and promotes best value in terms of human and space resources through greater co-ordination of information and storage systems.
Sable International is also required to align its procedures and processes with records, data and information protection laws. The policy applies to all who receive, create, have access to, manage, store and dispose records, including electronic records.
It is the policy of Sable International to manage its records in an accountable, effective and efficient manner through the implementation of a records management programme that takes into account related objectives such as orderly classification of records, retention and disposal, accessibility, security and confidentiality, training performance and quality management.
Sable International is committed to protecting records and documents that contain sensitive information of the company, customers, employees, suppliers and contractors.
To this end –
- All records received or created by Sable International shall be managed, protected and disposed of in line with the regulatory framework applicable to this policy.
- Sable International shall follow sound procedures for the creation, maintenance, retention and disposal of all records, including electronic records.
- The records management procedures of Sable International comply with legal requirements.
- Sable International shall follow sound procedures for the security, privacy and confidentiality of its records.
- Sable International shall have performance measures for all records management functions and will review compliance with these measures.
Purpose of Policy
Records management policy outlines the principles, practices and procedures for the Management of Sable International records..
The purpose of this policy is to:
- Regulate documents and records management practices within Sable International and align them with relevant legislation
- Provide direction to employees on the registration, creation, approval, receipt, access, organisation, storage, use and disposal of documents, information and records
- Ensure that Sable International is protected by complying with the records and information management legislation
- Ensure confidentiality, privacy, security, integrity, accessibility and retrievability of all employees’ information and records among others, to ensure the safety of all important and sensitive documents and information. The policy further ensures ease of access to records and information. This will ensure efficient and effective execution of its functions. The policy further ensures continuity in the event of a disaster and protects the rights and interests of employees, clients, and other present and future stakeholders.
This policy is developed based on the following principles that govern and support record management, record keeping and data retention practices:
- Documents and records must be managed properly from creation to disposal.
- Sable International follows sound procedures and practices for the creation, receiving, maintenance, retention and disposal of all records and data, including electronic records.
- Sable International will follow sound procedures for the security, privacy and confidentiality of its data, records, as well as personal information at its disposal.
- Identification, assessment and management of records, data and information security risks.
- Monitoring of compliance with policy and reporting of areas of concern and / or non – compliance.
- Implementing safe disposal methods for data and documents containing company, customer and supplier sensitive and personal information.
- Valuable documents and records must be secured at all times.
- Documents and records must be accessible to authorised employees for business purposes.
- Sable International records and documents must be securely stored and preserved in a proper manner.
- The purpose of this policy is to provide guidelines to all company employees on how to treat specific types of information, what confidentiality levels apply to what information classes, and especially what information may be shared with external parties.
- Sable International personnel are encouraged to use good judgment in securing Sable International Confidential information to the proper extent - if an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager.
Storage and caring for records
- All Sable International records shall be kept in storage areas or facilities that are appropriate for the type of medium as per the file plan.
- A record must only be kept in paper-based format in cases where it is deemed extremely necessary to keep it in its original form.
Access and security
- Records shall at all times be protected from unauthorised access, movement and tempering with, to sustain their authenticity and reliability.
- No employee may remove documents and records that are not available in the public domain from Sable International offices or storage facilities without the explicit and written permission of Management.
- No staff member shall provide information and records that are not in the public domain to the public without written approval of the Managing Director as per the PAIA.
- Specific guidelines for requesting information are contained in the Promotion of Access to Information Manual that is maintained by the Information Officer.
- Personal information shall be maintained in terms of the Protection of Personal Information.
- No staff shall disclose any personal information of any member of staff, client or other stakeholder of Sable International to any other person without prior written approval of the Management.
- Security classified documents shall be protected against or from unauthorised disclosure.
- Records storage area shall at all times be protected from or against unauthorised access. In this regard the following measures shall apply:
- Records storage areas and records storage facilities shall be locked when not in use.
- Access to server rooms and storage areas for electronic records media shall be managed through appropriate access control.
Managing email records
- E-mails that are evidence of the business transactions of Sable International are public records and shall be managed and kept for as long as they are required for functional and/or historical purposes. .
- A record must only be kept in paper-based format in cases where it is deemed extremely necessary to keep it in its original form.
Email of departing staff members
- Staff are required to perform a clean-up of all non-business related email messages in the email system prior to separating from Sable International or transferring to another organisation.
- The records management function in collaboration with the Human Resources department, applies clearance procedures to all staff resigning from Sable International to ensure that records and emails are identified and filed so that they can be searched for, retrieved and retained for as long as needed.
Clean desk practices
The following principles govern and support Sable International clean desk practices:
- Filing / Safekeeping / locking up of confidential information and documents when unattended.
- Approval of clean desk procedures and processes by the relevant Executive Manager, and implementation thereof by Sable International Management and staff.
- Availability of lockable storage and shredding facilities for use by all employees.
- Identification, assessment and management of data and information security risks.
- Monitoring of compliance with the Policy and reporting of areas of concern and / or non –compliance.
- Minimising the printing of hard copy documents and encouraging the use of electronic documentation alternatives.
- Reporting of incidents and information security near misses.
- Training of staff to ensure awareness on the Policy and its attendant procedures and processes.
- Implementing safe disposal methods for documents containing company, customer, staff and supplier sensitive and personal information.
- Proper operation and security practices relating to information technology devices including computers, laptops, I-pads, cellular phones, memory sticks and other. This includes security of data stored in the software, locking the computers off when one is not in the office or at his or her desk, and switching off of computers at the end of the work day.
- Implementation of internal controls by Management to ensure that such controls are operating effectively to deter, and detect areas of, non – compliance with the Policy.
- All staff being alert and actively participating in proper document and information management and security.
- All persons are responsible to ensure that no Sable International documents are left behind at meeting, conference and other related venues.
Disposal of records
- No Sable International records (including e-mail) may be destroyed, erased or otherwise disposed of without prior written request to the Executive Manager responsible for records management.
- All destruction of records must be approved by the Executive Manager responsible for records management to ensure that archival records are not inadvertently destroyed.
- Non-archival records which are needed for purposes of litigation, promotion of administrative justice actions and promotion of access to information purposes may not be disposed of until such time that the Executive Manager have indicated in writing that the destruction hold can be lifted.
Roles and Responsibilities of the Information Officer
The FSP’s information Officer is Gary Kockott
The Information Officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy.
Implementation of Policy
This Policy shall be deemed effective as 01 June 2021 No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This Policy has been approved and authorised by:
Name: Gary Kockott
Position: Managing Director