Burstone Data Protection Statement



For purposes of this Statement:

“Affiliate(s)” of the Burstone Group means any ‘group’, any ‘entity’ or interest in an entity, any ‘associates’ or any subsidiaries of the holding company or of such entity controlled by or under control with such entity. For the purposes of this Agreement, “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies, or operations of an entity, whether through ownership of voting securities, by contract or otherwise.

“ApplicableLaws” means all local, foreign and international laws, regulations, treaties and codes that the Burstone Group is required to comply with, for example, the Protection of Personal Information Act 4 of 2013, the Financial Intelligence Centre Act 38 of 2001, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") and the Data Protection Act 2018

"Client", “you” or “your” refers to any prospective, new or existing client of any member of the Burstone Group.

"Burstone" or “we” means Burstone Group Limited, its subsidiaries and affiliates. To obtain more information on these subsidiaries please refer to the Burstone Group Limited’s annual financial statement located on our website under Investor Relations.

“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.

(b) information relating to the education or the medical, financial, criminal or employment history of the person.

(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other assignment to the person.

(d)The biometric information of the person.

(e) The personal opinions, views or preferences of the person.

(f) Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.

(g) The views or opinions of another individual about the person; and

(h) The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“Special Personal Information” means personal information concerning—

(a) The religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or

(b) The criminal behaviour of a data subject to the extent that such information relates to—

  1. the alleged commission by a data subject of any offence; or

  2. any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

“Subsidiary” shall bear the meaning ascribed to it in section 3 of the Companies Act No 71 of 2008

This Statement sets out how your personal information will be used by the Burstone Group and applies to any information, including personal and special personal information, you give to the Burstone Group, or which the Burstone Group may collect from third parties.

It is important that you read this Statement carefully before submitting any personal information to the Burstone Group.

The provisions of this Statement are subject to mandatory, unalterable provisions of Applicable Laws.

How to contact us

if you have any comments or questions about this Statement please contact the Burstone Information Officer, the Burstone Group, 4 Sandown Valley Crescent, Sandown, Sandton, 2196, South Africa or you may send an email to dataprotection.sa@burstone.com.

Amendment of this Statement

We may amend this Statement from time to time for any of the reasons listed below. We will notify you of any changes by placing a notice in a prominent place on the Burstone website or by sending you an email detailing the changes that we have made.

  • To provide for the introduction of new systems, methods of operation, business, services, products, property offerings or facilities.

  • To reflect an actual or expected change in market conditions or property practices.

  • To comply with changes to any legal or regulatory requirement.

  • To ensure that our Data Protection Statement is clearer and more favourable to you.

  • To rectify any mistake that might be discovered from time to time; and/or

  • For any other reason which the Burstone Group, in its sole discretion, may deem reasonable or necessary.

Privacy and security

The Burstone Group takes your privacy and the protection of your personal information very seriously, and we will only use your personal information in accordance with this Statement and applicable data protection legislation. It is important that you take all necessary and appropriate steps to protect your personal information yourself.

We have implemented reasonable technical and operational measures to keep your personal information secure.

The information which we may collect.

We may collect information not limited to the following:

  • In respect of a natural client, your full name, date of birth, place of birth, address, contact details, citizenship information, identity number and/or passport number, residential address, contact details, bank details, details about your employment, tax number, other financial information and where relevant, related party information (e.g., in respect of authorised person/s).

  • In respect of an entity client, incorporation/registration and/or trading name, incorporation/registration number, place of incorporation/registration and operation, industry/nature of business information, tax number, other financial information and related party information (e.g., in respect of authorised person/s and those who have been identified as having ownership and/or exercising control of your entity).

  • Records of correspondence or enquiries from you or anyone acting on your behalf.

  • Details of contracts, sales or leases you carry out with us.

  • Details of your credit history.

  • Sensitive or special categories of personal information, such as criminal behaviour and biometric information such as images, fingerprints and voiceprints.

We may collect other information about a client dependent on the nature of the business relationship being entered into. In this instance, we will inform the client of what information is collected for these specific purposes.

Where you provide us with the personal information of third parties you should take steps to inform the third party that you need to disclose their details to us, identifying us. We will process their personal information in accordance with this Statement.

How we collect information

You may provide personal information to us either directly or indirectly (through an agent acting on your behalf or an introducer), by requesting further information about our products, offerings and services, whether in writing, through our website, over the telephone or any other means.

We may also collect your personal information from your appointed agent, any regulator, fraud prevention agency or other third party or public resource that may hold such information.

In instances where it is necessary for us to conduct a credit search for us to provide an offering to you, we may conduct searches at credit bureaus. Details of our searches will be kept by the credit bureau and will be available to other businesses that conduct searches with that agency for the purposes of meeting our regulatory obligations, credit assessments, debt recovery, management of your service, prevention of money laundering and fraud and statistical analysis.

Use of information collected.

We may use, transfer, and disclose your personal information for the purposes of:

  • Providing you with the services, products or offerings you have requested, and notifying you about important changes to these services, products or offerings.

  • Managing your contractual arrangement or relationship and complying with your instructions or requests.

  • Detecting and preventing fraud, financial crime and/or safeguarding the interest of national security.

  • Verifying your identity or the identity of your related parties (e.g., authorised persons and those who have ownership and/or exercise control of your entity).

  • Assessing and dealing with complaints and requests.

  • Assessing your affordability.

  • Operational, marketing, auditing, legal, regulatory and record-keeping requirements.

  • Conducting financial crime-related screening against relevant lists.

  • Verifying your identity or the identity of the beneficial owner.

  • Obtaining credit reports or those of any other security provider from one or more credit reporting agency in connection with any agreement between you and the Burstone Group and where you direct us to do so, where applicable.

  • Using external data-check mechanisms when considering providing you with services, offerings and products, and verifying any information provided by you or by the authorised signatory.

  • Transmitting to a registered credit bureau any information about our agreement with you, termination and non-compliance with the terms thereof.

  • Complying with Applicable Laws, including lawful requests for information received from local or foreign law enforcement, government and tax collection agencies.

  • Conducting market research and providing you with information about the Burstone Group's products, offerings or services from time to time via email, telephone or other means (for example, events).

  • Ensuring that where you have unsubscribed from certain direct marketing communications, we do not send such direct marketing to you again.

  • Engaging with third parties, including other members of the Buratone Group for reasons set out in this Statement or where it is not unlawful to do so.

  • Monitoring, keeping record of and having access to all forms of correspondence or communications received by or sent from the Burstone Group or any of its employees, agents or contractors, including monitoring and recording telephone communications between you and the Burstone Group to be used in the event of any dispute arising between you and the Burstone Group; and

  • Improving or evaluating the effectiveness of the Burstone Group's business or products, services or offerings.

  • Enabling your attendance at webinars, webcasts, events or competitions that Investec has arranged or sponsored.

We may from time to time contact you about services, products, and offerings available from the Burstone Group we believe may be of interest to you, by email, phone, text, or other electronic means, unless you have unsubscribed from receiving such communications by sending an email to allunsubscribe@burstone.com.

Disclosure of your information

Your personal information may be shared with other members of the Burstone Group, our agents and sub-contractors, and selected third parties who process the information on our behalf.

We may disclose your personal information to members of the Burstone Group in order to:

  • Assess and monitor any of your applications for Burstone opportunities and services, including the risk involved to comply with Applicable Laws.

  • Determine which opportunities and services of Investec that may be of interest to you and/or to send you information about such opportunities and services, unless you object or choose not to receive such communications.

  • Provide proposals to you which include details of existing opportunities or services you may hold within the Burstone Group.

  • Expedite the provision of opportunities and services.

  • Fulfil our obligations relating to buying, selling and letting of land and/or premises.

  • Keep your usual contact within the Burstone Group informed of the progress of any new opportunities and services, and vice versa.

  • Have a better understanding of your circumstances and needs in order to provide and improve Burstone’s opportunities and services.

We may also disclose your personal information to third parties.

  • To financial institutions who have received payments made by you for that institution to identify you as a payer of the funds.

  • To a person and/or entity authorised to receive such information for purposes of prevention, detection and reporting of fraud, financial crime and criminal activities.

  • To any regulator or supervisory authority, including those in foreign jurisdictions, if the Burstone Group is required to do so in terms of Applicable Laws.

  • To any person who has agreed to provide security for your indebtedness.

  • To a prospective buyer or seller of any of our businesses or assets and/or obligations.

  • To a person who acquires substantially all the assets and/or obligations of a member of the Burstone Group.

  • To any person if we are under a duty to disclose or share your personal information in order to comply with any Applicable Laws, or to protect the rights, property or safety of the Burstone Group, Clients or other third parties.

  • To any surety, guarantor, potential surety or potential guarantor for the obligations of a client under any finance document who requests such information to evaluate any actual or potential liability under such suretyship or guarantee.

  • To your agent or any other person acting on your behalf informing them of the outcome of your application and whether we have agreed to provide you with the service or offering you have requested We may also disclose information about you and your relationship with the Burstone Group (including details of a related investment) throughout the term of that relationship; and/or

  • Independent public accountants and auditors and authorised representatives of internal control functions such as audit and legal.

We may transfer your information to another member of the Burstone Group, an agent, sub-contractor or third party who carries on business in another country, including one which may not have data protection laws like those of the Republic.

If you do not wish us to disclose this information. to third parties, please contact us at the contact details set out above. We may, however, not be able to provide products, offerings or services to you if such disclosure is necessary for the provision of such products, offerings or services.

Retention of your information

Generally, we will retain your information in accordance with retention periods set out in Applicable Laws, unless we need to retain it for longer for a lawful purpose. (For example, for the purposes of complaints handling, legal and regulatory processes and proceedings and combatting financial crime.)

Access to, correction and deletion of your personal information

You may request details of personal information which we hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). Fees to obtain a copy or a description of personal information held about you are prescribed in terms of PAIA. Confirmation of whether we hold personal information about you may be requested free of charge. If you would like to obtain a copy of your personal information held by the Burstone Group, please review our Promotion of Access to Information Act Manual located at https://www.burstone.com/.

You also have the right to contact relevant credit bureaus to have the credit record(s) disclosed and to correct any inaccurate information.

You may request the correction of personal information the Burstone Group holds about you. Please ensure that the information we hold about you is complete, accurate and up-to-date. If you fail to keep your information updated, or if your information is incorrect, the Burstone Group may limit the opportunities and services offered to you or elect not to enter into an agreement with you.

You have a right in certain circumstances to request the destruction or deletion of and, where applicable, to obtain restriction on the processing of personal information held about you. If you wish to exercise this right, please complete the applicable form in Appendix 1 and email it to dataprotection.sa@burstone.com.

You have a right to object on reasonable grounds to the processing of your personal information where the processing is carried out in order to protect our legitimate interests or your legitimate interests unless the law provides for such processing. If you wish to object to the processing of your personal information, please complete the applicable Form in Appendix 2 and email it to dataprotection.sa@burstone.com.


Should you believe that the Burstone Group has utilised your personal information contrary to Applicable Laws, you undertake to first attempt to resolve any concerns with the Burstone Group.

If you are not satisfied with such a process, you may have the right to lodge a complaint with the Information Regulator, using the contact details listed below:

Tel: 0100235200

Email: POPIAComplaints@inforegulator.org.za


Cookies are information that is used to track visitor use of a website and to compile statistical reports on website activity. If you wish to restrict or block cookies, you can do this through your browser settings. If you require more information on cookies, see the Cookies Policy on Burstone’s website https://www.burstone.com

Burstone Group operate globally and has a client base in the United Kingdom and Europe. If you have any questions about the data protection practices in the above-mentioned jurisdictions, please use the following contact details:

  • Burstone UK and Europe: The Board of Directors, 3rd Floor, 12 Little Portland Street, London W1W 8BJ. Email: dataprotection.europe@burstone.com.