Privacy notice

Last updated June 2021

Who we are

Momentum Metropolitan will maintain the confidentiality of your personal information and comply with the Protection of Personal Information Act 4 of 2013 (POPIA) when processing your personal information.

This notice applies to South African entities within the Momentum Metropolitan Holdings Limited of companies its subsidiaries, operating divisions, business units, licensed entities, management-controlled entities and activities.

Momentum Metropolitan comprises of companies that provide, among others, the following products and services:

  • Advisory Services
  • Advanced Analytics
  • Claims Processing
  • Claims Administration
  • Financial services
  • Fiduciary Services
  • Health benefits
  • Loyalty rewards and benefits
  • Insurance products
  • Investment management services
  • Insights and Research
  • Investment products
  • Medical schemes and pension fund administration
  • Managed care services
  • Retirement products
  • Savings Products
  • Payment products and services

The purpose of the notice

The purpose of this notice is to inform Momentum Metropolitan’s clients about the type and use of personal information the company collects, the ways in which it is collected, the sharing, protection and storage thereof.

What is personal information?

The term ‘personal information’, as used in this notice, applies to information that may be used to identify an individual or a juristic person (i.e. for example a registered company).

POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The person to whom personal information relates is referred to as the “data subject”.

Examples of personal information include, but are not limited to, contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.

What type of personal information does Momentum Metropolitan collect?

Personal information collected by Momentum Metropolitan can include a data subject’s name, contact, birth date, identity number, gender, employment details, marital, family, policy, location information, online identifier, bank account, medical or health information.

When personal information is collected, the company will indicate the purpose for the collection and whether the information required is compulsory or voluntary.

How does Momentum Metropolitan collect personal information?

The company collects information either directly from you, the data subject, the employer or through financial services intermediaries. In certain instances, Momentum Metropolitan may appoint third parties to collect information on its behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.

Use of personal information

After obtaining consent, the personal information collected or held by Momentum Metropolitan may be used, stored, transferred or disclosed or shared for the following purposes:

  • Providing quotations, for underwriting and processing insurance applications
  • Processing insurance claims
  • Providing on-going administration services for the duration of the contract
  • Fulfilling a transaction on request of a data subject
  • If permission is given, Momentum Metropolitan may use your personal or other information to tell you about products, services and special offers from the company or other subsidiaries of Momentum Metropolitan

Note: A full list can be obtained in the Privacy Policy

Sharing of personal information

Momentum Metropolitan will only share your personal information with third parties if you have consented to such disclosure. If consent has been obtained, the company may share your personal information with persons or organisations within and outside of Momentum Metropolitan.

Where Momentum Metropolitan discloses personal information to intermediaries, other financial institutions, insurers or any other third parties, the third parties will be obliged to use that personal information only for the reasons and purposes it was disclosed for. Momentum Metropolitan may be obliged to disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, or for the purposes of protecting the interest of clients, for example fraud prevention or to give effect to an agreement.

Securing personal information

Momentum Metropolitan will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

The company will store all the personal information in secured environments, for example on secured servers in a protected data centre.

How you can review and correct your personal information

You can request to review your personal information contained in Momentum Metropolitan’s records at any time to correct or update the information. If the purpose for which your personal information was requested initially does not exist anymore, for example you no longer have a contract with it, you may request information held by the company to be removed. However, Momentum Metropolitan can decline your request to delete the information from its records if other legislation requires the continued retention thereof or if it has been de-identified.

Updating of this processing notice

Momentum Metropolitan may update this notice periodically and an updated version may be requested, for example through a postal request or through an email notification addressed to the contact details provided below.

Managing Data Privacy at Momentum Metropolitan Board Level and Reporting Frequency

The Momentum Metropolitan Board Risk Capital and Compliance Committee (BRCC) is a sub-committee of the Board that is accountable to address and manage the risk of data privacy and cyber security. The BRCC follows the board cycle and convenes on a quarterly basis. The Momentum Metropolitan Group Chief Risk Officer (CRO) is the business representative on BRCC for data privacy, data security and cyber security. The Momentum Metropolitan Chief Risk Officer provides guidance and input regarding appropriate Risk Management.

Employee Training on Cyber Security and Data Privacy

Employee Training on Cyber Security and Data Privacy forms part of ongoing compliance training. Cyber Security training is currently further required as a basic compliance training that all employees must complete. As part of the POPIA management programme, there is a specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff. The POPIA management programme is actively managed at Momentum Metropolitan Group level with participation of all business entities and subsidiaries of Momentum Metropolitan.

Centralised Cyber Security and Data Security Functions and Coordination

To deal with Cyber Security and Data Privacy, two separate centralised functions exist within Momentum Metropolitan. The IT Security environment includes managing cyber security as a capability and the Data Management environment deals with the aspects of data privacy and extended data security and privacy which is enabled through IT security.

These two functions report into the Group Exco and is coordinated to work closely together to ensure coordinated efforts to best deliver on the relevant


Momentum Metropolitan’s Privacy Policy

Our Privacy Policy governs the manner in which Momentum Metropolitan treats your personal information, collected electronically when you use our website, to apply online for certain products and services, contact us electronically or register for one of the services we offer on the website.

If you have any questions about this notice or Momentum Metropolitan’s treatment of your personal information, please address an email to
[email protected]


We use cookies to optimise the user experience of our website. Want to know more? Read our Privacy Notice.

To enhance your user experience on our site, learn more about our supported browsers

Your browser's cookies are disabled. Enable cookies to ensure our website functions correctly. View our Privacy Notice.