Rihlat Muzdahira Website Privacy and POPIA Notice
1. Document Identity and Ethical Framework
Rihlat Muzdahira (Pty) Ltd (the "Firm") is a "Responsible Party" as defined by the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"). This notice is issued in compliance with Section 18 of POPIA and the Promotion of Access to Information Act, No. 2 of 2000 ("PAIA").
Corporate Identity:
- • Company Name: Rihlat Muzdahira (Pty) Ltd
- • Registration Number: 2024/186243/07
- • FSP Number: 54971 (Authorised Financial Services Provider regulated by the FSCA)
- • Physical Address: First Floor, Fussel House, 48 Athol Oaklands, Melrose Arch, Gauteng 2076
Ethical Stance and Shariah Integrity:
As articulated by our CEO, Paul Marais, Rihlat Muzdahira upholds excellence, ethics, and faith-based integrity as the foundational pillars of sustainable success. We believe ethical finance is a catalyst for positive community transformation. Consequently, we treat your personal information with the same level of Shariah-compliant integrity that governs our investment funds. Transparency and accuracy in data processing are not merely regulatory mandates but are essential to our fiduciary duty and Shariah supervisory oversight.
2. Scope of Data Subjects
In accordance with South African law, this notice protects the privacy of both:
- • Natural Persons: Living human beings.
- • Juristic Persons: Existing legal entities, including companies, trusts, and partnerships, whose trade secrets and financial data are afforded protection under POPIA.
The scope of this notice extends to investors, participants in en Commandite partnerships (ECP), distribution partners, job applicants, and service providers.
3. Categories of Personal Information Collected
The Firm restricts processing to information that is strictly adequate, relevant, and not excessive for its intended purposes.
- • Identity and Contact Data: Names, ID or passport numbers, nationality, ethnic origin (for BEE compliance), and contact details.
- • Financial Data: Banking details, financial statements, and tax information.
- • Shariah-compliant Fund Participation Data: Specific documentation related to participation in Asset & Vehicle Finance, Commodity & Trade Finance, and Property Finance funds.
- • Compliance and Risk Data: Sanctions screening, Politically Exposed Person (PEP) status, beneficial ownership, and "Source of Funds" documentation required for transparency.
- • Technical Data: IP addresses and online identifiers collected via the Firm's website.
- • Special Personal Information: Criminal history or race is processed only where required by law (e.g., FICA or Employment Equity).
4. Purpose and Lawful Basis for Processing
Provision of certain information, such as FICA documentation, is a statutory requirement. Failure to provide mandatory FICA records (ID, Proof of Address, Source of Funds) will result in an immediate statutory bar from onboarding as an investor.
| Reason for Processing | Lawful Basis (POPIA Section 11) |
|---|---|
| Investor onboarding and execution of ECP Agreements for specific funds (Asset & Vehicle, Commodity & Trade, Property Finance) | Contractual Necessity |
| Compliance with the Financial Intelligence Centre Act (FICA) and FAIS | Legal Obligation |
| Governance and Shariah Supervisory Oversight | Legitimate Interests of the Responsible Party |
| Direct Marketing to existing customers (similar services) | Legitimate Interest (Opt-out available) |
| Direct Marketing to new prospects | Consent (Strict Opt-in) |
| Website optimization via cookies | Consent |
5. Information Sharing and Third-Party Operators
The Firm may engage third-party "Operators" to process data. These include IT providers, external compliance officers, auditors, and legal advisors.
Safeguards: Under Section 21 of POPIA, the Firm ensures that written agreements are in place with all operators. These agreements mandate that the operator implements technical and organizational measures equivalent to those of the Firm.
Cross-Border Transfers: In accordance with Section 72 of POPIA, data is only transferred outside of South Africa if the recipient country maintains similar privacy laws, or if the transfer is governed by binding corporate rules or agreements that provide an adequate level of protection.
6. Information Security Measures
We implement rigorous technical and organizational safeguards to protect the integrity of your data:
- • Access Control: Role-based access and password-protected systems.
- • Data Integrity: Encryption of electronic records and secure physical storage.
- • Disposal: Encrypted digital wiping and secure shredding for physical documents.
Security Breach Response (Section 22): Should there be reasonable grounds to believe personal information has been accessed by an unauthorized person, we will notify the Information Regulator and the affected data subjects as soon as reasonably possible. Notification will be conducted via email, mail, or conspicuous publication on our website, in accordance with the Regulator's guidelines.
7. Data Retention and Destruction
In accordance with statutory mandates, records are retained for the following periods:
- • FICA/KYC Documents: Minimum of 5 years (statutory requirement).
- • Contracts and Investment Records: 7 to 10 years for audit and fiduciary purposes.
- • POPIA Request Logs: 5 years.
Once the retention purpose is fulfilled, data is destroyed via secure shredding or an encrypted digital wipe to prevent recovery.
8. Fundamental Rights of the Data Subject
Under Section 5 of POPIA, you have the following nine fundamental rights:
- Right to Access: To confirm if we hold your data and request a record of it.
- Right to Correction: To request the update or correction of inaccurate information.
- Right to Deletion: To request the destruction of data held unlawfully or no longer required.
- Right to Objection: To object to processing on reasonable grounds.
- Right to Object to Direct Marketing: To opt-out of marketing communications.
- Right to Object to Automated Decision-Making: To not be subject to decisions based solely on automated profiling.
- Right to be Notified of Collection (Section 18): To be informed that your information is being collected.
- Right to be Notified of a Security Compromise (Section 22): To be informed if your data is breached.
- Right to Lodge a Complaint: To contact the Information Regulator regarding our practices.
9. Cookie and Tracking Technology Policy
Our website utilizes cookies to distinguish between essential and non-essential functions.
- • Essential Cookies: Required for site functionality and security. These do not require consent.
- • Non-Essential Cookies: Used for analytics and marketing. We require your explicit, opt-in consent before these are placed on your device. You may adjust your preferences or withdraw consent at any time via our Privacy Banner.
10. Contact Information
For Rihlat Muzdahira (Pty) Ltd: By law, the Chief Executive Officer Paul Marais is the default Information Officer. Operational inquiries should be directed to:
- • Information Officer: Paul Marais
- • General Compliance: compliance@rihlat.co.za
For the South African Information Regulator:
- • Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.
- • Email (Inquiries): enquiries@inforegulator.org.za
- • Email (Complaints): POPIAComplaints@inforegulator.org.za
- • Website: www.inforegulator.org.za