THE JSE LIMITED
1. INTRODUCTION AND SCOPE
1.1. The JSE Limited ("JSE" or "we" or "us" or "our") is a licensed exchange operating in the Republic of South Africa, with our head offices located in Sandton, Johannesburg. The JSE is the responsible party (or controller, in some jurisdictions) of your Personal Information (as defined below).
1.2. The JSE strives to ensure that our use of the Personal Information of data subjects (a person to whom Personal Information relates) is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings and your experience.
2. THE PERSONAL INFORMATION THAT WE COLLECT ABOUT YOU
2.2. "Personal Information" refers to private information about an identifiable natural or juristic person. Personal Information does not include information that does not identify a person (including in instances where that information has been anonymised). The Personal Information that we collect about you may differ on the basis of the services that you receive from the JSE.
2.3. We may process various types of Personal Information as follows:
2.3.1. Identity Information, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and your qualifications;
2.3.2. Contact Information, which includes your billing addresses, delivery addresses, e-mail addresses and telephone numbers, as well as company secretarial information that has been disclosed in relation to you;
2.3.3. Financial Information, which includes bank account and payment card details, insurance information, financial statements, VAT registration numbers, information shared with us by your JSE member (if applicable), regulatory filings, fund information and investor statements;
2.3.4. Transaction Information, which includes details about payments made to or received from you, settlement instructions and company information, which may consist of financial activity, company information, trading exposure and regulatory disclosures;
2.3.5. Technical Information, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
2.3.6. Usage Information, which includes information as to your access to and use of the Website, products and services;
2.3.7. Marketing and Communications Information, which includes your preferences in respect of receiving marketing information from us and our third parties, and your communication preferences.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
3.1. We collect your Personal Information in three ways, namely:
3.1.1. through direct or active interactions with you;
3.1.2. through automated or passive interactions with you; and
3.1.3. from third parties, including third party service providers that we may appoint to, among other things, provide services to you.
3.2. Direct or active collection from you
3.2.1. We may require that you submit certain information to enable you to access portions of the Website, to make use of our services, to facilitate the conclusion of an agreement with us, or that is necessary for our fulfilment of our statutory or regulatory obligations. We also collect Personal Information directly from you when you communicate directly with us, for example via e-mail, telephone calls, feedback forms, site comments or forums.
3.2.2. If you contact us, we reserve the right to retain a record of that correspondence, which may include Personal Information.
3.3. Passive collection from your Access Device
3.3.1. We may passively collect certain of your Personal Information from the devices that you use to access and navigate the Website or to make use of our services (each an "Access Device"), by way of various technological applications, for instance, using server logs to collect and maintain log information.
3.3.2. The Personal Information that we passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Usage Information, your Marketing and Communications Information, or any other Personal Information which you permit us, from time to time, to passively collect from your Access Device.
3.4. Personal Information collected from third parties
3.4.1. The JSE receives Personal Information about you from various third parties and public sources, including:
184.108.40.206. JSE members (including both trading and clearing members);
220.127.116.11. fund managers;
18.104.22.168. third parties who provide Personal Information to data controllers, and who in turn provide this Personal Information to the JSE;
22.214.171.124. sponsors, designated advisors, debt sponsors and venture capital advisors;
126.96.36.199. issuers listed on the JSE; and
188.8.131.52. our information technology suppliers.
4. HOW WE USE YOUR PERSONAL INFORMATION
4.1. We use the Personal Information we collect to maintain and improve the Website itself and to improve the experience of its users, to facilitate the provision of our services to you and to fulfil our statutory and regulatory obligations.
4.2. We may also use your Personal Information to:
4.2.1. conduct trading and post-trade services;
4.2.2. comply with our regulatory reporting obligations, including submissions to the Financial Sector Conduct Authority (“FSCA”) and/or the Prudential Authority (“PA”) and/or the South African Reserve Bank (the "SARB");
4.2.3. comply with our statutory obligations, including submissions to the Companies and Intellectual Property Commission ("CIPC"), as well as engaging with the regulatory authorities;
4.2.4. interact with other market infrastructures;
4.2.5. facilitate publication on the Stock Exchange News Services ("SENS") and to enable users to access SENS announcements;
4.2.6. facilitate the provision of services to our customers, which may be provided by us or by third parties appointed by us, which includes, among other things, the virtual meeting production and attendance services provided by Digital Cabinet (Proprietary) Limited ("Digital Cabinet");
4.2.7. enable users to access third party software platforms or applications in order to receive services provided by such third party service providers;
4.2.8. conduct the JSE's recruitment and hiring processes, which includes the conducting of criminal record and credit checks, referrals, the capturing of a job applicant's details and the providing of status updates to job applicants;
4.2.9. retain and make information available to you on the Website;
4.2.10. create your user account and allow use of the Website;
4.2.11. establish and verify your identity on the Website;
4.2.12. operate, administer, maintain, secure and develop the Website and the performance and functionality of the Website;
4.2.15. to create user profiles and to analyse and compare how you and other users make use of the Website, including (without limitation) your habits, click-patterns, preferences, frequency and times of use, trends and demographic information;
4.2.16. provide you with marketing material that is relevant to you;
4.2.17. diagnose and deal with technical issues and customer support queries and other user queries;
4.2.18. protect our rights in any litigation that may involve you;
4.2.19. communicate with you and retain a record of our communications with you and your communications with us;
4.2.20. invite you to functions or events held at the JSE or facilitated by the JSE;
4.2.21. analyse and compare the types of Access Devices that you and other users make use of and your physical location; and
4.2.22. for other lawful purposes that are relevant to our business activities or regulatory functions.
4.3. The JSE will restrict its processing of your Personal Information to the original purpose for which it was collected, unless the JSE reasonably considers that it is necessary to process it for another purpose that is compatible with the original purpose.
5. COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US
Where the JSE is required to process certain Personal Information by law, or in terms of a contract that we have with you, and you fail to provide such Personal Information when requested to do so, the JSE may be unable to perform in terms of the contract we have in place or are trying to enter into with you. In this case, the JSE may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation.
6. SHARING OF YOUR PERSONAL INFORMATION
6.2. The JSE may share your Personal Information under the following circumstances:
6.2.2. with our employees, suppliers, service providers and agents to the extent that they require such Personal Information in the provision of services for or to us, which include hosting, development and administration, technical support and other support services relating to the Website or the operation of the JSE business. We will authorise any Personal Information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
6.2.3. to enable us to enforce or apply any other contract between you and us;
6.2.4. to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents, brokers and any other third party (including any entity listed on the JSE);
6.2.5. to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents, brokers or any other third party (including any entity listed on the JSE);
6.2.6. with governmental agencies, exchanges and other regulatory or self-regulatory bodies, if required to do so by law or there is a reasonable belief that such is necessary for:
184.108.40.206. compliance with the law or with any legal process;
220.127.116.11. the protection and defence of the rights, property or safety of the JSE, or our customers, employees, contractors, suppliers, service providers, agents, brokers or any third party (including any entity listed on the JSE);
18.104.22.168. the protection of the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
7. STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
7.1. We store your Personal Information on our servers or those of our service providers.
7.2. We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation.
7.3. If the location to which Personal Information is transferred and/or is stored does not have substantially similar laws to those of South Africa, which provide for the protection of Personal Information, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
7.4. Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.
8.1. We take reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration and destruction though the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information.
8.2. We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
8.3. Despite the above measures being taken when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.
8.4. The JSE has implemented procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which the JSE is legally required to do so and within the period in which such notification is necessary.
9. RETENTION OF YOUR PERSONAL INFORMATION
9.1. We may retain and Process some or all of your Personal Information if and for as long as:
9.1.1. we are required or permitted by law or a contract with you to do so;
9.1.2. it is for lawful purposes that are related to our performance of our functions and activities;
9.1.3. we reasonably require it for evidentiary purposes; or
9.1.4. you agree to us retaining it for a specified further period.
9.2. To determine the appropriate retention period for Personal Information, the JSE will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. The JSE will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
10. MAINTENANCE OF YOUR PERSONAL INFORMATION
10.1. In accordance with applicable legislation and the rules of the JSE, the JSE will take all necessary steps to ensure that the persons responsible for the maintenance of your Personal Information do so in a manner that ensures that it is accurate, complete, not misleading and is up to date.
10.2. It is your responsibility to advise the JSE or the persons responsible for the maintenance of your Personal Information should any of Personal Information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 17.1below.
11. YOUR RIGHTS
11.1. Data protection laws confer certain rights on you in respect of your Personal Information, which include the right to:
11.1.1. Request access to your Personal Information (commonly known as a “data subject access request”), thereby enabling you to receive a copy of the Personal Information retained about you.
11.1.2. Request the correction of your Personal Information, in order to ensure that any incomplete or inaccurate Personal Information is corrected.
11.1.3. Request erasure of your Personal Information, where there is no lawful basis for the retention or continued processing of it.
11.1.4. Object to the processing of your Personal Information for a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
11.1.5. Request restriction of processing of your Personal Information. This enables you to ask the JSE to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.
11.1.6. Withdraw consent previously given in respect of the processing of your Personal Information at any time which withdrawal of consent will not affect the lawfulness of any processing carried out prior to your notice of withdrawal. Withdrawal of consent may limit the ability of the JSE or a third party to provide certain products or services to you, but will not affect the continued processing of your Personal Information in instances in which your consent is not required.
The Website and the JSE's services are not targeted at children (a natural person under the age of 18 years) . We will not knowingly collect Personal Information in respect of children without express permission to do so from a competent person (any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child).
14. DIRECT MARKETING
14.1. When you register to use the Website, you will be required to provide your consent to agree to receive marketing communication from us.
14.2. You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communication from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
14.3. You may opt out of receiving direct marketing communication from us at any time by requesting us (in the manner set out in the communication or by contacting us at the contact details set out in clause 17.1) to desist from providing any direct marketing communication to you.
14.4. If you have chosen to opt out, we may send you written confirmation of receipt of your opt out request (which may be in electronic form), and will thereafter not send any further direct marketing communication to you. Please note that you may continue to receive communication from the JSE that is not marketing related, such as that which pertains to matters of a regulatory nature.
15. THIRD PARTY SITES
16. GOVERNING LAW
17. QUERIES AND CONTACT DETAILS OF THE JSE AND THE INFORMATION REGULATOR
17.1. Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the JSE Deputy Information Officer or the JSE Legal Division.
Registration Number: 2005/022939/06
One Exchange Square
2 Gwen Lane
Republic of South Africa
TeL: +27 11 520 7000
e-mail: DataPrivacy@jse.co.za; firstname.lastname@example.org
If you feel that the attempts by the JSE to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at www.justice.gov.za/inforeg. If you are located outside of South Africa, you may contact the appropriate regulator in your country of domicile.
The Information Regulator of South Africa contact details are as follows:
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.
P.O Box 31533, Braamfontein, Johannesburg, 2017
General enquiries: email@example.com.
Complaints (complete POPIA/PAIA form 5):
PAIAComplaints@inforegulator.org.za - should your PAIA request be denied or there is no response from a public or private bodies for access to records you may use this email address to lodge a complaint.
POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint.