POPIA PRIVACY POLICY

Muslimfin Family Office
(Compliance administered by Fairbairn Consult (Pty) Ltd, FSP 9328)

1. Introduction & scope

We respect your privacy. This policy explains how Muslimfin Family Office (we/us) collects, uses, stores, discloses and protects personal information in line with the Protection of Personal Information Act 4 of 2013 (“POPIA”). Fairbairn Consult acts as our appointed compliance partner and Information Officer for POPIA matters.

2. Responsible parties & contact

Data controller / responsible party: Muslimfin Family Office

Compliance / Information Officer: Fairbairn Consult (Pty) Ltd — email: [email protected]

Postal & physical address:

Fairbairn Consult

Mutualpark,
91 Jan Smuts Drive,
Pinelands,
7405

Information Regulator: see https://www.justice.gov.za/inforeg/ (and contact details below)

3. Personal information we collect

We collect only what we need for the services we provide. Typical categories:

Identity (name, ID/passport, date of birth)

Contact (address, phone, email)

Financial & transactional data (banking details, investments, assets, liabilities)

Beneficiary and family data (spouse, dependants)

Interaction data (correspondence, meeting notes)

Website & technical data (cookies, IP address, device and usage data)

We also process special categories only where lawful (e.g., where required for regulatory, tax, estate or trust services) and with appropriate safeguards.

4. Lawful basis and purpose of processing

We process personal information to: deliver agreed financial and family office services; manage client relationships; comply with laws (including tax, anti-money-laundering, and sanctions screening); detect and prevent fraud; and communicate service updates and offers (where consented or where permitted by law). We rely on lawful bases in POPIA such as consent, the performance of a contract, compliance with legal obligations, and legitimate interests balanced with your rights.

5. Use, sharing and recipients

We may share personal information with:

Fairbairn Consult as compliance/Information Officer;

service providers and professional advisors (lawyers, auditors, banks, insurers);

regulatory bodies, tax authorities and law enforcement when required by law;

other Old Mutual Group entities where relevant;

other third parties where you have consented or it is otherwise lawful and necessary.

When sharing, we require contractual and technical safeguards (confidentiality, access controls, and where applicable, data processing agreements).

6. International transfers

Where personal data is transferred across borders (e.g., to service providers outside South Africa), we will only do so where: (a) the recipient applies an adequate level of protection; (b) appropriate safeguards are in place (contractual clauses, binding corporate rules or similar); or (c) another lawful basis applies. We document transfers and take reasonable steps to ensure your data remains protected.

7. Retention & deletion

We retain information only as long as necessary for the purpose collected, to comply with legal obligations, or for legitimate business purposes. Retention periods are documented internally (e.g., client files retained for minimum statutory periods, tax records longer as required). On request we may anonymise, archive or securely delete personal information subject to legal obligations or legitimate retention needs.

8. Security measures & breach response

We implement a layered security approach: physical controls, network & application security, encryption where appropriate, role-based access, logging and monitoring, regular security assessments and staff training.
In the event of a security compromise or data breach, we will:

Contain and investigate the incident.

Notify the Information Regulator as required and, where necessary, notify affected data subjects with details and recommended mitigation steps; and

Remediate and report internally. (See the Information Regulator’s security-compromise guidance for required content of notifications.)

9. Data subject rights & how to exercise them (POPIA)

You have the right to:

Request confirmation whether we hold personal information about you, and to request a record or description of such information;

Request correction, deletion or destruction of inaccurate, irrelevant, excessive, out-of-date or unlawfully obtained information;

Object to processing in certain circumstances;

Request that processing be restricted.

Be informed when we have shared your personal data with third parties; and

Lodge a complaint with the Information Regulator.

How to make a request: send a written request to [email protected], including your name, contact details, proof of identity, and a clear description of the request. We will verify identity and respond within a reasonable time. POPIA requires access “within a reasonable time”, and the law and regulator guidance inform our operational target and process.

10. Automated decision-making & profiling

Where we use automated processing that materially affects you, we will provide meaningful information about the logic involved, and you may request review. We limit fully automated decisions and ensure human review where required.

11. Children & minors

We do not intentionally collect personal information from minors (under 18) except where a competent person has provided lawful consent. If you believe we have collected such data in error, contact compliance to request deletion or correction.

12. Cookies & analytics

We use cookies and analytics (e.g., Google Analytics) for site performance and user behaviour. We anonymise IPs where possible and have IP-anonymisation enabled on Google Analytics through Fairbairn Consult’s configuration. See the Cookie Policy on our site for details.

13. Contact & complaints

For POPIA requests or complaints: [email protected].
If unsatisfied, you may refer your complaint to the Information Regulator: [email protected] or [email protected]