KNIFE CAPITAL GROUP POPIA PRIVACY AND DATA PROTECTION POLICY

1. INTRODUCTION

The Knife Capital Group is committed to protecting personal information in accordance with the Financial Advisory and Intermediary Services (FAIS) Act, the Protection of Personal Information Act, 2013 (POPIA), and the Promotion of Access to Information Act, 2000 (PAIA). This policy ensures compliance with the eight data protection principles outlined in POPIA and safeguards the data of clients, employees, and stakeholders.

2. PURPOSE

Data privacy and data protection is important to each FSP in the Knife Group and this Policy sets out the POPIA principles in line with existing FAIS requirements to ensure the safekeeping of all Data by the Knife Group FSPs and Persons/Employees/Parties (as applicable). This Policy applies to all Data obtained via products, services, websites, events operated by any Knife Group FSP or by any other means.

3. DEFINITIONS

• Information: means any Data relating to the Data Subject and include reference to personal information.
• Data Subject: means the person to whom the personal information relates and can include Clients, staff and/or Company information.
• Processing: Any use by any means of a Data Subject’s Information.

4. THE 8 POPIA PRINCIPLES

1. Accountability: The Knife Group has appointed an Information Officer who will be responsible for ensuring that the 8 POPIA information principles are implemented and enforced in each Knife Group FSP.
2. Processing Limitation: Only necessary Information should be collected, directly from the person to whom the Personal Information relates and with their consent and the processing should be for a lawful purpose.
3. Purpose specification: Personal Information should be collected for a specific purpose and the Data Subject must be made aware of the purpose for which it was collected.
4. Further processing limitation: Further processing of Personal Information must be compatible with the purpose for which the information was collected.
5. Information quality: Reasonable steps must be taken to ensure that all Information collected is accurate, complete, not misleading and up to date.
6. Openness: The Party collecting the Information must be transparent and inform the applicable regulator if it is going to process the Information and ensure that the Data Subject has been made aware.
7. Security Safeguards: The integrity of the Information under the control of a party must be secured through technical and operational measures.
8. Data Subject Participation: Data Subjects have the right (free of charge) to request confirmation of the information held and may request for it to be amended/deleted.

5. PRACTICAL IMPLICATIONS OF THE POPIA DATA PROTECTION PRINCIPLES

Appointment of the Information Officer:

Each Knife Group FSP has appointed an Information Officer who is a senior person in that Knife Group FSP, responsible for ensuring compliance and safekeeping of information. Contact details: Tel: 021 555 1933 | Email: keet@knifecap.com

Information Purpose:

The Knife Group FSP collects necessary Information from Data Subjects for purposes such as:

• Rendering suitable services (e.g. financial and administrative services)
• Improving services and product offerings
• Providing relevant information and resources
• Appointing suitable service providers
• Ensuring legal compliance

Access to Information:

• Data Subjects may request their Information and may be charged a fee.
• Information will not be shared without consent, unless legally required.
• The PAIA Manual outlines the access process and exceptions.

Collection of Information:

• Collected directly, from public sources, or through technology (e.g. cookies).
• Includes name, address, contact info, payment details, etc.
• Used for marketing and research (with consent).
• Usage data like IP address, location, browser, and search queries may be collected.
• Cookies are used to personalize services and enable functionality.

Retaining of Information:

Information is retained for relevant purposes and destroyed after needs are met, unless regulatory retention periods apply. Client/Employee information is stored for 5 years.

Correcting/Amending/Updating/Deletion of Information:

Data Subjects must inform the Knife Group FSP of any changes. Requests to amend or delete data must go through the Information Officer, with identity verification.

Information Security:

• Reasonable precautions taken to prevent loss, misuse, or unauthorized access.
• No sharing/selling of data unless agreed upon or required by law.
• Security measures include restricted access, monitoring, virus protection, etc.
• Data may be processed/stored outside SA but is protected appropriately.
• Some services may be password-protected; users are advised to log out after sessions.
• The Knife Group FSP is legally obliged to protect Information and prevent unauthorized access.