Privacy Notice

 

1. WHO WE ARE

In this Privacy Notice, any reference to “the Miway Group”, “Miway ", "we", "us", or "our" refers to Miway Limited and its subsidiaries, associates, and its joint ventures operating in South Africa. Your privacy is important to the Miway Group.

Any reference to Santam Limited refers to the controlling company of the Santam Group.

Any reference to the Sanlam Group refers to Sanlam Limited and its subsidiaries, associates, and joint ventures.

 

2. WHY DO WE HAVE THE NOTICE

This Privacy Notice describes how the Miway Group as part of the Santam Group collects, uses, discloses, retains, and protects your personal information, in accordance with the Protection of Personal Information Act (POPIA) and other relevant laws.

The Privacy Notice applies to any website, application, form, document, product, or service which references this Privacy Notice. It also supplements any other privacy notices that may apply in respect of a Santam Group entity’s processing of personal information.

Personal information transmitted to Miway Limited will be treated in accordance with Miway’s Privacy Policy which can be accessed here.

 

3. HOW DO WE COLLECT INFORMATION

We collect personal information about you and any other person whose details you provide to us in accordance with the relevant laws, either:

  • Directly from you when you complete a product or service application form, electronically, telephonically, or by way of a hard copy;
  • Indirectly from you when you interact with us electronically by way of our website, apps, or social media channels, which may include the collection of metadata (data about data);
  • From employers and other contracted entities in the context of group insurance policies; and
  • Where relevant, from third-party sources, such as other entities within the Miway Group and the Santam Group, financial intermediaries that are representatives of the Miway Group and the Santam Group entities or have intermediary agreements with Miway Group and Santam Group entities, public databases, data aggregators, other financial institutions, credit bureaus, and fraud prevention agencies.

Where we require personal information to provide you with our products and services, your failure to provide us with the necessary information will result in the Miway Group being unable to provide you with our products and services. Where such services include financial advice, the appropriateness of the advice may be compromised if you do not provide complete and accurate information. You are responsible for informing the Miway Group if your information changes.

 

4. COLLECTION OF INFORMATION BY THIRD PARTIES

Owners or information system administrators of third-party websites that have links to the Miway website may collect personal information about you when you use these links. Miway does not control the collection or use of personal information by third parties and this Privacy Notice does not apply to third parties. The Miway Group does not accept any responsibility or liability for third-party policies or your use of a third-party app, platform, or service.

The Miway Group also uses certain social networking services such as Meta Platforms (Facebook), WhatsApp, Instagram, and X (Twitter) to communicate with the public and Miway Group clients. When you communicate with the Miway Group through these services, that social networking service may collect your personal information for its own purposes. These services may track your use of our digital channels on those pages where the links are displayed. If you are logged into those services (including any Google service) while using our digital channels, their tracking will be associated with your profile with those service providers. These services have their own privacy policies which are independent of the Miway Group’s privacy policies and practices. Please ensure that you fully acquaint yourself with the terms of any such third-party privacy policies and practices.

Miway will only provide data to third-party information exchange services, for example, credit bureaus with your consent.

 

5. WHAT INFORMATION DO WE COLLECT

POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. Your relationship with the Miway Group as part of the Santam Group determines the exact nature of the personal information the Santam Group processes, and the purpose for which such personal information is collected and used. The purpose for which your personal information is used can be found under “How we Use your Information” in this Privacy Notice. However, in many cases, if we are handling your personal information as part of our role as an insurer or as an agent for VAP providers, the personal information we may process includes the following:

  • Information about you – for example, your name, identity number, age, gender, date of birth, nationality, and occupation (medical history and any existing conditions of each person insured may be collected depending on the entity you are interacting with in the Miway Group and the respective insurance product). If you make a claim, we may also collect personal information from you about the claim and any relevant third parties. We acknowledge that information about your health is special personal information. Note that we will use that information strictly in accordance with applicable laws and for insurance purposes (including assessing the terms of the insurance contract, dealing with changes to the policy, and/or dealing with claims).
  • Contact information – in some cases, for example, we may receive your email, address, phone number, and postal address.
  • Online information – for example cookies and IP address (your computer’s internet address), if you use our websites, apps, and/or social media channels.
  • Financial information – we may process information related to payments you make or receive in the context of an insurance policy or claim. We may process information regarding you in the context of providing financial advice and/or intermediary services.
  • Contractual information – for example, details about the insurance policies you hold and with whom you hold them.
  • Health information, where applicable, or medical-related issues relevant to a policy or a claim you have made.

In certain instances, we may need consent to process your personal information. If you give us your consent for a specific context, you are free to withdraw this consent at any time. Please note that where you have withdrawn your consent, this will not affect the processing that took place prior to such withdrawal, and it will not affect the processing of your personal information where consent is not required.

You may refuse to provide us with your personal information for purposes of direct marketing, however, the supply of certain personal information may be mandatory in order to comply with regulatory and contractual requirements.

 

6. HOW WE USE YOUR INFORMATION

We have certain regulatory obligations to process your personal information. We are also required by various laws to maintain a record of our dealings with clients.

For us to provide clients with the financial products and services they have requested and to notify them of important changes to such products and services, we may need to collect, use and disclose the personal information of clients, their representatives, controlling persons of entities, business contacts, staff of clients and service providers to third parties, including the Miway Group.

To the extent permissible under applicable laws, the Miway Group may use your information:

  • Where you have requested us to do so, to provide you with our financial products and services, and maintain our relationship with you;
  • Where relevant, to provide you with financial advice and intermediary services;
  • To consider, conclude, and administer your insurance application, which includes underwriting the risk to be insured;
  • To execute a transaction in accordance with your request;
  • To assess, check, and process claims;
  • To meet our contractual obligations with you or take steps necessary for the conclusion of a contract with you;
  • To comply with legislative and regulatory requirements, including codes of conduct and requirements, or requests of our regulators (including but not limited to the Financial Sector Conduct Authority and Prudential Authority);
  • To undertake credit reference searches and/or verification;
  • For the detection and prevention of unlawful activity, fraud, money laundering, and loss, including as part of party due diligence required under applicable laws and in terms of Miway Group policies;
  • For purposes of online login and authorisation;
  • Where relevant, to execute the Miway Group’s and Santam Group’s strategic initiatives;
  • Perform any risk analysis or for purposes of providing risk management services to you or our business in general;
  • Record and/or monitor and have access to your telephone calls (i.e. voice recordings), correspondence, and electronic communications to/with us (or any of our employees, agents, or contractors) to accurately carry out your instructions and requests, to use as evidence and in the interests of crime prevention;
  • In order to maintain the security of our digital channels and systems;

For data analysis, statistical analysis, and research purposes;

  • For behavioural data analysis, tracing, and profiling;
  • For audit and record-keeping purposes;
  • For purposes of proof and/or use in legal proceedings;

To enhance your experience when interacting with the Miway Group and to help us improve our offerings to you;

  • Provided you have consented, Miway Limited may share with other entities in the Miway Group and the Santam Group, with the aim of offering you the opportunity to take up some of the financial products to fulfil your needs, provided that you have not objected to receiving such marketing;
  • Conduct market research and provide you with information about our products and services from time to time via email, telephone, or other means (for example, invite you to events);
  • Process your marketing preferences (where you have unsubscribed from certain direct marketing communications, keeping a record of your information and request to ensure that we do not send such direct marketing to you again);
  • Prevent or control the spread of any disease; and
  • For any further processing required that is compatible with the above.

 

7. SHARING YOUR INFORMATION

Entities within the Miway Group will only share your personal information with third parties, including the Santam Group, if there is a legitimate interest to do so, upon a legitimate interest assessment conducted by the relevant Miway Group entity. We may disclose the personal information you provide to us to:

  • Our third-party service providers and other Miway Group and Santam Group entities who are involved in the delivery and/or administration of financial advice, products, and services;
  • Other third parties in relation to the purposes set out under the previous section (How we use your information);
  • Other insurers, public bodies, and law enforcement (either directly or through shared databases) for fraud detection and prevention; and
  • Reinsurers who provide reinsurance services to the Miway Group and to each other. Reinsurers will use your personal information to decide whether to provide reinsurance cover, assess and deal with reinsurance claims and to meet legal obligations.

Where applicable, Miway will process and share your personal information with other companies within the Miway Group and the Santam Group for the purpose of facilitating your membership and providing benefits to a loyalty or rewards programme. Your personal information may also be shared with third-party suppliers from time to time for the purpose of facilitating and providing benefits to you by way of a loyalty or rewards programme or when needed to fulfil our contractual obligations to you.

The Miway Group will not sell, rent, or trade your personal information to any third party. The Miway Group may share information about you with advisers that are Miway Group and Santam Group representatives or have intermediary agreements with the Miway Group subject to obtaining your consent. Miway may also share information within the Miway Group and the Santam Group where it is in Santam’s legitimate interest to do so.

The Santam Group will disclose information when lawfully required to do so:

  • To comply with any relevant legislation;
  • To comply with any legal process; and
  • By any regulatory authority (for example, the Financial Sector Conduct Authority or Prudential Authority).

On occasion, the Miway Group may – for legitimate purposes - share aggregated information with its stakeholders and business partners (for example, demographic data) in a manner that does not identify the persons to whom the information applies. However, the Miway Group will not disclose your personal information to third parties unless there is a valid processing ground as set out in section 11 of POPIA.

Section 11(1) states that personal information may only be processed if:

  • the data subject consented; or
  • processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party; or
  • processing complies with an obligation imposed by law on the responsible party; or
  • processing protects a legitimate interest of the data subject; or
  • processing is necessary for the proper performance of a public law duty by a public body; or
  • processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.

 

8. TRANSFER ACROSS BORDERS

Some of the persons to whom we disclose your personal information may be situated outside of the Republic of South Africa (RSA) in jurisdictions that may not have similar data protection laws to the RSA. In this regard, we may send your personal information to service providers outside of the RSA for storage or processing on the Miway Group’s behalf. We will not send your information to a country that does not have information protection legislation similar to that of the RSA unless we have ensured that the recipient agrees to effectively adhere to the principles for processing information in accordance with POPIA.

 

9. SECURITY OF INFORMATION

The Miway Group protects the integrity and confidentiality of your personal information. The Miway Group has implemented appropriate technical and organisational information security measures to keep your information secure, accurate, current, and complete. The Miway Group will take reasonable steps to safeguard the security of the information you transmit to us online.

Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other lawful requirements, we ensure that they are contractually bound to apply the appropriate security practices.

Your personal information will be held and used for as long as permitted for legal, regulatory, fraud prevention, and legitimate business purposes.

 

10. RIGHT OF ACCESS TO INFORMATION

The Promotion of Access to Information Act (PAIA) coupled with POPIA offers a data subject the right to access information held by a public or private body in certain instances. This right can be exercised in accordance with the procedure outlined in the relevant Miway Group entity PAIA manual. The PAIA manual applicable to Miway Limited only can be found here.

 

11. CORRECTION OF YOUR INFORMATION

In accordance with POPIA, you have a right to correct any of your personal information held by the various entities within the Miway Group. This right should be exercised in accordance with the procedure outlined in their respective PAIA manuals.

 

12. OBJECTION TO PROCESSING YOUR OWN INFORMATION

In accordance with POPIA, you may object to our processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing.

 

13. MARKETING

In terms of section 69 (1) and (2), but subject to section 69 (3) of POPIA, the processing of your personal information for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless written consent to the processing is given by you. We may only approach you once for your consent.

“Processing” is as defined in section 1 of POPIA.

Where you provide your personal information to a Miway Group or Santam Group entity in the context of a sale of one of our products or services, you agree to such Miway Group or Santam Group entity sending you information on news, trends, services, events and promotions for our own similar products and or services, always subject to your right to opt-out of receiving such direct marketing at the time your information is collected and on each subsequent marketing communication thereafter. Each entity within the Miway Group and the Santam Group maintains its own opt-out procedure. You may object to receiving direct marketing from Miway at any time by contacting Miway on 0860 64 64 64 email informationofficer@miway.co.za or sending a request to Personal Information Request.

Where you choose to exercise your right to opt out of direct marketing, please allow up to 3-5 business days for the Miway Group and the Santam Group to effect that change.

 

14. CLICKSTREAM DATA

In the interests of better customer service, the Miway Group may collect anonymous information from visitors to its websites. For example, the Miway Group keeps track of the domains from which people visit its website and also measures visitor activity on its website. In the process, the Miway Group ensures the information cannot be used to identify you. This information is sometimes known as "clickstream data". The Miway Group or its analytics vendors (including Google Analytics) may use this data to analyse trends and statistics and to provide better customer service.

The information, referred to as traffic data, which may be collected includes:

  • Your IP address;
  • The search terms you have used;
  • The pages accessed on the website and the links you’ve clicked on;
  • The date and time you visited the website;
  • The referring website (if any) through which you clicked through to our website; and
  • The type of website browser you use.

As mentioned, the traffic data is aggregated and not personally identifiable and our website analysis will also respect any ‘do not track’ setting you might have on your web browser.

 

15. COOKIES

A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g. a computer or smartphone) when you access a website. It allows the website to recognize your device and store some information about your preferences or past actions.

What cookies doe we use

Some cookies which we use are essential to the functioning of our website. Some cookies help us with the performance and design of our website. This allows us to measure how many times a page has been visited, whether a page has been visited on the website through an advertisement or by other means. Other cookies help us to remember your settings which you may have selected or assist with other functionality when you browse and use our website. This helps us to remember what you have selected, so on your return visit - we remember your preferences. On certain pages of the website, we use cookies to help us understand your interests as you browse the internet, so we can tailor and render to you more personalised content and services in the future. This assists us in delivering relevant advertising to you during various advertising campaigns we may run from time to time through participating third-party sites.

In addition, we also use cookies on certain pages of our website to communicate with third-party data suppliers to extrapolate your digital behaviour. This helps us to understand and target more relevant advertising in the future. The information we receive is all aggregate and anonymous, but will include statistics such as demographics, online behaviour, product interests and lifestyle.

How do I disable cookies

If you do not want to receive a cookie from the website, you have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not. However, please be aware that if you do turn off 'cookies' in your browser, you will not be able to fully experience some of the features of the website. For example, you will not be able to benefit from automatic log-on and other personalisation features.

 

16. CHILDREN

Miway is committed to complying with all applicable laws aimed at the protection of children, and particularly the protection of their personal information.

 

17. UPDATES

This Privacy Notice was last updated in February 2025. This section will be updated whenever the Privacy Notice is materially changed. Please check the website regularly to ensure that you are aware of the latest version of this Privacy Notice.

 

18. QUESTIONS OR COMPLAINTS REGARDING THIS NOTICE

Questions, comments, and requests regarding this Privacy Notice may be directed to informationofficer@miway.co.za for clarification.

If you have a complaint or concern regarding the processing of your personal information, your complaint may be submitted to informationofficer@miway.co.za and/or complaints@miway.co.za.

 

19. PARTICULARS OF MIWAY LIMITED

Miway Limited is an authorised financial services provider (FSP 33970), a licensed non-life insurer and controlling company for its group companies.

Our head office’s registered address is 48 Sterling Road, Samrand Business Park, Kosmosdal Ext 12, Centurion, 0157

For more information on the Miway Group, please visit our website www.miway.co.za.

 

20. INFORMATION REGULATOR

Whereas we would appreciate the opportunity to first address any complaints regarding our processing of your personal information, you have the right to complain to the Information Regulator, whose contact details are:

The Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O Box 31533, Braamfontein, Johannesburg, 2017

Complaints email: complaints.IR@justice.gov.za

General inquiries email: inforeg@justice.gov.za