iStamp – Section 18 POPIA Notice

Section 18 Notice

Processing of Personal Information

iStamp (Pty) Ltd

Effective Date: 13 February 2026

1. Responsible Party

iStamp (Pty) Ltd (“iStamp”, “we”, “us”) is a product house that designs, distributes, and administers a bundled funeral cover and savings product.

iStamp is not an insurance risk carrier and does not accept deposits from the public. Insurance risk is underwritten by licensed insurers, and savings balances are facilitated through regulated Banking-as-a-Service partners.

For purposes of the Protection of Personal Information Act, 2013 (“POPIA”), iStamp acts as the Responsible Party.

2. Categories of Personal Information

  • Full names, identity numbers, and demographic details;
  • Contact information (email, phone number, physical address);
  • Beneficiary and dependant details;
  • Payment information and premium records;
  • Savings wallet balances and transaction history;
  • Claims documentation and supporting records;
  • FICA verification information;
  • System and usage data.

3. Purpose of Processing

  • Administering funeral cover products;
  • Facilitating savings wallets through licensed partners;
  • Collecting premiums and processing payments;
  • Handling claims and customer support;
  • Customer onboarding and verification;
  • Meeting regulatory and compliance obligations;
  • Fraud prevention and operational risk management.

4. Lawful Basis for Processing

  • Performance of a contract;
  • Compliance with legal obligations;
  • Legitimate interests;
  • Consent where required.

5. Mandatory vs Voluntary Information

Certain information is mandatory for onboarding and compliance. Failure to provide mandatory information may prevent product activation.

Voluntary information will only be used for the purpose supplied.

6. Disclosure to Third Parties

  • Licensed insurers underwriting funeral cover;
  • BaaS partners facilitating savings balances;
  • Payment processors and debit order providers;
  • Regulatory authorities where required;
  • Service providers under written agreements.

Personal information is not sold.

7. Security Safeguards

Appropriate technical and organisational safeguards are implemented to protect personal information.

8. Retention

Information is retained only as long as required for contractual, regulatory, and operational purposes.

9. Data Subject Rights

  • Request access to personal information;
  • Request correction or deletion;
  • Object to processing where permitted by law;
  • Lodge a complaint with the Information Regulator: enquiries@inforegulator.org.za