For a full copy of Blue Quadrant Capital Management (Pty) Ltd’s POPIA Policy manual and related forms required to request access and/or change personal client information please email



  1. Definitions
  • Data Subject: means the person to whom the personal information relates.
  • Responsible Party: means the entity which determines the purpose of and means for processing Personal Information.
  • Operator: means the company or a person who processes personal information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of the Responsible Party.
  • Personal Information: means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
    • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    • information relating to the education or the medical, financial, criminal or employment history of the person;
    • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
    • the biometric information of the person;
    • the personal opinions, views or preferences of the person;
    • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • the views or opinions of another individual about the person; and
    • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
    • Special Personal Information includes:
    • religious or political beliefs
    • race or ethnic origin
    • trade union membership
    • political opinions
    • health, sexual life
    • criminal behaviour.
  • Processing: means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
    • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    • dissemination by means of transmission, distribution or making available in any other form; or
    • merging, linking, as well as restriction, degradation, erasure or destruction of information.
  • Direct Marketing: means the use of personal information for the purposes of direct marketing by means of any form of electronic


  1. Processing of Personal Information within FSP


The FSP is Processing the Personal Information of its Data Subjects as follows:

Purpose of processing: •                      Rendering of financial services to clients

•                      Provisioning of value-added services to clients

•                      Marketing of services to potential clients

•                      Proposals to Clients on service offerings

•                      Maintain accounts and records

•                      Support and manage employees

•                      Crime detection, prevention, investigation and prosecution

•                      Fraud prevention & detection

•                      Market research and statistical analysis

•                      Compliance with regulatory requirements

•                      Due diligence assessments

•                      Client relationship management

•                      Purposes expressly agreed or authorized by the Client or Employees

•                      Purposes notified to the Client or Employees



Data subject categories:


Includes Natural and Juristic

Includes Natural persons and Legal entities:

•                      Clients and their clients

•                      Shareholders

•                      Board members

•                      Directors

•                      Employees

•                      Consultants

•                      Complainants

•                      Enquirers

•                      Trustees

•                      Employers and employees of other organisations

•                      Associated companies

•                      Holding companies and Subsidiary Companies in the group

•                      External companies / contractors

•                      Suppliers and service providers

•                      Individuals who have indicated an interest in financial products

•                      Regulators

Types/ classes of information processed •                      Personal details

•                      Financial Products

•                      Compliance records

•                      Business operations

•                      Compliance assessment outcomes

•                      Opinions

•                      Communications



•                      Education & employment details

•                      Financial details


Who the information may be shared with Its sometimes necessary to share Personal Information with individuals and/or with other organisations. Where this is necessary, Blue Quadrant Capital Management is required to comply with all aspects of POPIA. The following are types of organisations the Blue Quadrant Capital Management may need to share some of the Personal Information it processes. Only where it is necessary or required Personal Information may be shared with:

•                      Associates/ Representatives of the person whose Personal Information we are processing

•                      Employment and recruitment agencies

•                      Financial organisations

•                      Regulatory authorities

•                      Police / courts where necessary

•                      Business associates

•                      Suppliers and service providers

•                      Industry bodies

•                      Ombudsman

•                      Legal Advisors, Compliance Officers, advocates or attorneys

•                      Auditors

•                      Tax Consultants

•                      IT Services Providers


Cross border flows of Personal Information It may be necessary to share Personal Information of Data Subjects with third parties in other countries subject to compliance with POPIA. This will only be done if one of the following requirements are met:

•                      the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that—

·                     effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person, as set out in POPIA; and

·                     includes provisions, that are substantially similar to this section, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country;

•                      the Data Subject consents to the transfer;

•                      the transfer is necessary for the performance of a contract between the data subject and the company in question, or for the implementation of pre- contractual measures taken in response to the data subject’s request;

•                      the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the company in question and a third party; or

•                      the transfer is for the benefit of the Data Subject, and—

·                     it is not reasonably practicable to obtain the consent of the data subject to that transfer; and

·                     if it were reasonably practicable to obtain such consent, the Data Subject would be likely to give it.

Information Security measures in respect of Data •                      Access control to Data to prevent unauthorised access by individuals

•                      Media control to prevent unauthorized manipulation by Media

•                      Data memory control to prevent unauthorised alteration of Data

•                      User control to ensure measures to prevent unauthorised disclosure and access by unauthorised persons

•                      Access control to only allow certain authorised individuals access to Data

•                      Transmission control to enable the verification and tracing of locations with required permissions/ authorisation to which Data are transferred

•                      Transport control to prevent Data from being read, altered or intercepted by unauthorised persons

•                      Organisation control to ensure compliance with POPIA and this Manual