Privacy Policy

This policy explains how Brown Financial Services collects, uses, stores, shares and protects your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and other applicable South African law.

1. Who we are

Brown Financial Services ("Brown", "we", "us" or "our") is the responsible party for the processing of your personal information as contemplated in POPIA. References in this policy to "you" or "your" are to any natural or juristic person whose personal information we process.

Questions, requests or complaints relating to this policy may be sent to our Information Officer at busi@brownfs.co.za.

2. Scope

This policy applies to personal information collected through the brownfs.co.za website, our products, customer engagements and any other interaction you have with us, whether online, in writing or in person.

3. Personal information we collect

Depending on how you interact with us, we may collect the following categories of personal information:

• Identification data — full name, identity or passport number, date of birth and nationality.
• Contact data — email address, mobile number, physical and postal address.
• Financial and transactional data — bank account details, payment instrument information, transaction history and credit-related information where relevant to a product.
• Verification data — information required for know-your-customer (KYC), anti-money-laundering (AML), sanctions screening and counter-terrorist-financing checks.
• Device and usage data — IP address, browser type, device identifiers, pages viewed, referring URLs and similar telemetry collected automatically when you visit our website.
• Correspondence — the content of messages you send us and records of our responses.

We do not knowingly collect personal information from children under the age of 18 without the consent of a competent person.

4. How we collect personal information

• Directly from you when you contact us, apply for a product or subscribe to updates.
• Automatically from your device when you visit our website, via cookies and similar technologies.
• From third parties such as credit bureaux, identity-verification providers, payment partners, regulators and publicly available sources, where lawful and necessary.

5. Purposes and lawful basis for processing

We process personal information only for specific, explicitly defined and lawful purposes, and only where one of the grounds for lawful processing in section 11 of POPIA applies. The main purposes are:

• Providing products and services — to assess applications, deliver products you have requested and administer your relationship with us (performance of a contract).
• Compliance with law — to meet obligations under POPIA, the Financial Intelligence Centre Act (FICA), the Financial Advisory and Intermediary Services Act (FAIS), the Companies Act, tax law and regulatory directions (legal obligation).
• Fraud prevention and security — to detect, prevent and investigate fraud, financial crime and unauthorised access (legitimate interest and legal obligation).
• Communication — to respond to enquiries and provide service-related notices (performance of a contract or legitimate interest).
• Improvement and analytics — to analyse website usage and improve our products (legitimate interest, subject to your cookie preferences).
• Direct marketing — only where you have given consent, or where you are an existing customer and the marketing relates to similar products and you have not opted out, in line with section 69 of POPIA.

6. Sharing of personal information

We do not sell personal information. We may share it with:

• Operators who process personal information on our behalf under written agreement, including hosting, payment, identity-verification, analytics and customer-support providers.
• Product partners where necessary to deliver a product you have requested, such as Tesha or other Brown-branded offerings.
• Regulators, courts and law enforcement where we are required or permitted by law to disclose information.
• Professional advisors including auditors, legal counsel and insurers, under duties of confidentiality.

7. Cross-border transfers

Some of our operators are located outside South Africa. Where we transfer personal information across borders we do so only in accordance with section 72 of POPIA — typically because the recipient is subject to laws, binding corporate rules or a written agreement that provides an adequate level of protection, because you have consented, or because the transfer is necessary for the performance of a contract with you.

8. Retention

We retain personal information only for as long as is necessary to fulfil the purpose for which it was collected, or for longer where required by law (for example, FICA and tax legislation typically require retention for at least five years after the end of the relationship). When the retention period expires we delete, destroy or de-identify the information in a secure manner.

9. Security

We take appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of personal information in our possession or under our control, including access controls, encryption in transit, segregation of environments and ongoing monitoring. We also require our operators to implement appropriate security safeguards by contract.

In the event of a security compromise affecting your personal information, we will notify you and the Information Regulator as soon as reasonably possible, in line with section 22 of POPIA.

10. Cookies and similar technologies

Our website uses a limited number of cookies to make the site work, remember your preferences and understand how the site is used. You can control cookies through your browser settings. Disabling non-essential cookies may affect some functionality but will not prevent you from reading this policy or contacting us.

11. Your rights

Subject to POPIA and other applicable law, you have the right to:

• be notified that we hold personal information about you;
• request access to the personal information we hold about you;
• request that we correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully;
• object, on reasonable grounds, to the processing of your personal information;
• object to direct marketing and withdraw consent at any time where processing is based on consent;
• submit a complaint to the Information Regulator.

To exercise any of these rights, contact our Information Officer at busi@brownfs.co.za. Requests for access or correction should be made on the prescribed PAIA/POPIA forms where applicable.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The "Last updated" date at the top of this page shows when it was last revised. Material changes will be communicated through our website or by direct notice where appropriate.

13. Contact

Brown Financial Services
Email: busi@brownfs.co.za
Web: brownfs.co.za