Privacy Policy

Personal Information

We collect and process the following categories of personal information in the course of providing our credit intelligence and screening services:

Identification Data

Full names, South African ID numbers, date of birth, gender, and photographs where required for verification purposes.

Contact Information

Physical addresses, postal addresses, email addresses, and telephone numbers of applicants, tenants, landlords, and agents.

Credit and Financial Data

Credit bureau reports, credit scores, payment histories, outstanding debts, judgments, defaults, adverse listings, debt-to-income ratios, and affordability assessments.

Employment and Income Information

Employer details, employment status, salary and income information, payslips, bank statements, and employer contact details for verification purposes.

Property and Rental Data

Property ownership records sourced from the Deeds Office, rental history, previous tenancy records, eviction history, and lease agreement details.

Documentary Evidence

Copies of ID documents, proof of address, bank statements, payslips, and any other documents submitted during the screening process.

We process personal information for the following legitimate purposes:

Screening and Verification

To conduct credit bureau checks, tenant screenings, landlord vetting, and identity verification services as requested by our clients.

Reporting

To compile comprehensive screening reports and credit intelligence assessments for clients who have requested such services.

Fraud Prevention

To detect and prevent fraudulent applications, falsified documents, identity theft, and rental scams in the South African property market.

Service Delivery

To communicate screening results, process service requests, and provide ongoing support to our clients.

Legal Compliance

To comply with our obligations under the National Credit Act (NCA), the Protection of Personal Information Act (POPIA), the Financial Intelligence Centre Act (FICA), and other applicable South African legislation.

Quality Improvement

To improve the accuracy, efficiency, and quality of our screening services and reporting methodologies.

We may share personal information with the following categories of third parties in the ordinary course of our business:

Credit Bureaus

We access and share data with registered South African credit bureaus including but not limited to TransUnion, Experian, Compuscan, and XDS to obtain credit reports and verify creditworthiness.

Deeds Office

We access the South African Deeds Office records to verify property ownership and validate landlord claims.

Employers

We may contact employers directly to verify employment status, income, and the authenticity of submitted payslips and employment records.

Clients Who Requested Screening

Screening reports are provided to the client (landlord, property manager, or tenant) who initiated and paid for the screening service. Reports contain the personal information of the subject of the screening.

Legal and Regulatory Authorities

We may disclose personal information when required by law, court order, or regulatory directive from bodies such as the Information Regulator, the National Credit Regulator, or the Financial Intelligence Centre.

Service Providers

We use trusted third-party service providers for data hosting, communication, and payment processing. These providers are contractually bound to process data only as instructed and in compliance with POPIA.

Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Screening Records

Screening reports and supporting documentation are retained for a period of five (5) years from the date of the screening, in accordance with the National Credit Act and POPIA record-keeping requirements.

Client Account Data

Client account information, including communication records and billing information, is retained for the duration of the business relationship plus five (5) years thereafter.

Marketing Consent Records

Records of consent for direct marketing are retained for the period during which consent remains active, plus one (1) year after withdrawal of consent.

Secure Deletion

Upon expiry of the applicable retention period, personal information is securely deleted or anonymised in a manner that prevents re-identification of the data subject.

In terms of the Protection of Personal Information Act (Act 4 of 2013), you have the following rights regarding your personal information:

Right of Access

You have the right to request access to your personal information held by Somor CredIntel. You may request a copy of the personal information we hold about you, subject to reasonable administrative procedures.

Right to Correction

You have the right to request the correction of inaccurate, incomplete, or outdated personal information. We will make the necessary corrections within a reasonable timeframe upon receipt of a valid request.

Right to Deletion

You have the right to request the deletion of your personal information, provided that such deletion does not conflict with our legal obligations to retain certain records. Deletion requests will be assessed on a case-by-case basis.

Right to Object

You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation, unless such processing is required by law.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Right to Complain

You have the right to lodge a complaint with the Information Regulator (South Africa) if you believe that your personal information has been processed in violation of POPIA.

We implement comprehensive technical and organisational measures to safeguard your personal information against unauthorised access, alteration, disclosure, or destruction:

Encryption

All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using industry-standard AES-256 encryption.

Access Controls

Strict role-based access controls ensure that only authorised personnel can access personal information, and only to the extent necessary for their job functions.

Audit Logging

All access to personal information is logged and auditable. We maintain detailed records of who accessed what data and when.

Secure Infrastructure

Our systems are hosted in secure data centres with physical security measures, fire protection, and environmental controls. Regular security assessments and penetration testing are conducted.

Employee Training

All employees receive regular training on data protection, POPIA compliance, and information security best practices.

Somor CredIntel is committed to full compliance with the Protection of Personal Information Act (Act 4 of 2013). We process personal information lawfully, fairly, and transparently. We collect only the minimum personal information necessary for the specified purposes. We ensure that personal information is accurate, complete, and up to date. We protect the integrity and confidentiality of personal information through appropriate security measures. Our Information Officer is registered with the Information Regulator and is responsible for ensuring ongoing POPIA compliance within the organisation.

For any privacy-related queries, requests for access to your personal information, or to submit a complaint regarding our handling of your data, please contact us:

Email

info@somorcredintel.co.za

Phone

+27 (0) 11 000 0000

Address

Johannesburg, South Africa

Information Regulator

You may also lodge a complaint with the Information Regulator at inforeg@justice.gov.za or visit www.justice.gov.za/inforeg.html.