BrightRock’s Privacy Policy

At BrightRock, we respect your privacy, and value your trust. We’ll always do our best to protect your information. In this policy, we tell you how we collect, use, disclose retain and protect your personal information as required by the Protection of Personal Information Act (POPIA) and other relevant laws and regulations. The Privacy Policy applies to any BrightRock website, application, form, document, product or service that refers to this Privacy Policy. It also supplements any other privacy clauses that deal with how BrightRock processes personal information.

We’ll protect your information collected when you are using our website

When you use our website, information about you is transmitted electronically. We respect your privacy and won’t share your information with third parties without your consent. We will do our best to protect your information, but we can’t guarantee the security of any information you transmit to us online. You do so at your own risk, and we aren’t liable for any damages you may suffer.

We use your information to make our site better

We use the information we collect about you to communicate with you.  We also use it to:

  • Improve our service;
  • Monitor the usage and performance of our website.

This information is aggregated, which means no-one will be able to identify you or your details.  However, if you tell us not to use your personal information, we won’t.

We receive information about your use of our site

We may use technology to gather information about your use of the website, including details of your operating system, browser version, domain name, and IP address. Your IP address is a string of numbers that tells us which server you are using but does not identify you. This information is sometimes called ‘clickstream data’ and we use cookies to collect some of this information. For more information on cookies and how to disable them in your browser, click here.

Take care when following links to our site

Where other parties have links to the BrightRock website, these websites’ administrators or owners may be able to collect your information when you click on these links. Please note that we don’t control the third party websites or their use of your information, and we aren’t liable for their use of your information.

We won’t share your information with third parties

We won’t give your personal information to any third party unless:

  • We ask you and you consent to our doing so
  • We’re required to share it by law;
  • We’re ordered by a regulatory authority.

We may share aggregated information (for example, demographic data) with our stakeholders and business partners without disclosing any personal details. Where BrightRock advertises on third party websites – for example, through banner advertisements – these third parties may use information about our clients. But this information will always be aggregated and the third party will not be able to identify you from it. If you don’t want us to use your personal information in this way, you can let us know.

Don’t share your login details

Some areas of our website require financial advisers to register and log in with a username and password. We comply with legislation and use sophisticated encryption and security software to protect these areas of the site. You must keep your login details confidential to protect the confidential information and electronic transactions.

How we process your information when you apply for a policy or service from us

BrightRock needs personal information relating to both individuals and juristic persons (legal entities, such as businesses or trusts) to carry out our business and organisational functions. The people or entities whose information we collect are referred to as data subjects.

BrightRock determines the manner in which this information is processed and the purpose for which it is processed. As such, BrightRock is a responsible party for the purposes of POPIA and will ensure that the personal information that we collect of any data subject is:

  • Processed lawfully, fairly and transparently. This includes providing data subjects with appropriate information when collecting their information, in the form of privacy or data collection notices. BrightRock must also have a legal basis (for example, the data subject’s consent) to process personal information;
  • Processed only for the purposes for which it was collected;
  • Not processed for a secondary purpose, unless that processing is compatible with the original purpose;
  • Adequate, relevant and not excessive for the purpose for which it was collected;
  • Accurate and kept up to date;
  • Will not be kept for longer than necessary;
  • Processed in accordance with integrity and confidentiality principles. This includes physical and organisational measures to ensure that personal information, in both physical and electronic form, is subject to an appropriate level of security when stored, used and communicated by BrightRock. The purpose of these security measures is to protect the data against access and acquisition by unauthorised persons and accidental loss, destruction or damage;
  • Processed in line with the rights of data subjects, where applicable.

Your rights when it comes to how we collect and process personal information

All data subjects have the following rights:

  1. We must notify you, as a data subject, that your personal information is being collected by BrightRock. You also have the right to be notified in the event of a data breach;
  2. You have the right to know whether BrightRock holds personal information about you, and to access that information. Any request for information must be handled in line with the provisions of this privacy policy and BrightRock’s PAIA manual;
  3. You may request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully-obtained personal information;
  4. You may object to BrightRock’s use of their personal information and request the deletion of such personal information (BrightRock will delete this information in line with our record-keeping requirements);
  5. You may object to the processing of personal information for the purposes of direct marketing by means of unsolicited electronic communications; and
  6. Complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of their personal information.

If you’ve got questions

If you’ve got any questions, please feel free to send an email to

This privacy policy was last updated in June 2021.

Want us to get in touch?

Fill in your details below, and we’ll call you back.