BOUTIQUE COLLECTIVE INVESTMENTS (RF) PTY LTD

MANUAL PREPARED IN TERMS OF SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT

1            Preamble

Section 51 of the Promotion of Access to Information Act No.2 of 2000, (“the Act”), as amended by the Protection of Personal Information Act no. 4 of 2013 (“POPIA”) requires that Boutique Collective Investments (RF) (Pty) Ltd (“BCI”), as a private body must compile a manual giving information to the public regarding the procedure to be followed in requesting information from BCI for the purpose of exercising or protecting rights in accordance with data protection constraints.

2            Scope and Overview

BCI is a private company duly incorporated in the Republic of South Africa, with registration number 2003/024082/07, specialising in Collective Investments Schemes and a subsidiary of Apex Group Ltd.

2.2                  The following words or expressions bear the following meanings in this manual:

3            Company details

Boutique Collective Investments (RF) (Pty) Ltd (“ BCI”)

Registration Number: 2003/024082/07

Registered Address: Catnia Building, Bella Rosa Street, Bella Rosa Village, Bellville, Western Cape Street Address: Catnia Building, Bella Rosa Street, Bella Rosa Village, Bellville, Western Cape Telephone: +27 (0) 21 007 1500

Website: https://www.bcis.co.za/

4            The Official Guide

4.1                  The Information Regulator has, in terms of section 10(1) the Act, as amended, updated and made available the revised Guide on how to use the Act (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in the Act and POPIA.

4.2                  The Guide can also be obtained from the website of the Information Regulator (https://inforegulator.org.za)

4.3                  Any queries should be directed to:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O Box 31533, Braamfontein, Johannesburg, 2017 Website: https://inforegulator.org.za

Email: enquiries@inforegulator.org.za

5            Availability of Manual

5.1                  This manual is available for inspection by the general public upon request, during office hours and free of charge, at the offices of BCI.

5.2                  Copies of the manual may be made, subject to the prescribed fees.

5.3                  The manual is also posted on BCI’s website at https://www.bcis.co.za/

5.4                  A copy of the manual is available to the Information Regulator upon request.

6            Categories of Records Held by BCI

The categories of records held by BCI are listed in the table that follows, according to the respective divisions. A category of record in this Manual does not imply that a request for access to such a record would be granted. All requests for access will be evaluated on a case- by-case basis by the Information Officer. Information that is obtainable via our website is automatically available and thus there is no need to formally request this in terms of this Manual.

7            The Purpose of Processing Personal Information

7.1                  We may collect, transfer, share and otherwise process your personal information for, or relating to, the purposes of:

7.2                  Fulfilling and provision of our services, products, or offerings you have requested, and

7.3                  notifying you about important changes to these services, products, or offerings;

7.4                  managing your account or our relationship and complying with your instructions or requests;

7.5                  providing your personal information to our partners responsible for the management of the various portfolios;

7.6                  detecting and preventing fraud, money laundering and terrorist financing risk in the interest of security and crime prevention;

7.7                  assessing and dealing with complaints;

7.8                  operational, marketing, auditing, legal and record keeping requirements;

7.9                  verifying your identity;

7.10                  verifying the identifies of beneficial owners of entities; and

7.11                  carrying out marketing activities;

7.12                    BCI only processes personal information on any of the following legal basis;

7.13                  Consent;

7.14                  for the conclusion and performance of a contract;

7.15                  to comply with a legal obligation;

7.16                  to protect a legitimate interest of a data subject;

7.17                  for the proper performance of a public law duty; and/or

7.18                  for the pursuance of a legitimate interest of BCI or 3rd party.

7.19                  BCI will collect, use, and share your personal information in accordance with its Privacy Policy. This policy is available on our website or upon request.

8            Categories of Data Subjects and Personal Information processed by the Company

Categories of data subjects and personal information processed by the Company include the following:

9            Records available in terms of other legislation

Records are kept in accordance with such other legislation as is applicable to BCI which includes, but is not limited to, the following:

9.1                  Income Tax Act 58 of 1962

9.2                  Financial Advisory and Intermediary Services Act 37 of 2002

9.3                  Financial Intelligence Centre Act, 38 of 2001

9.4                  Value Added Tax Act 89 of 1991

9.5                  Occupational Health and Safety Act 85 of 1993

9.6                  Labour Relations Act 66 of 1995

9.7                  Basic Conditions of Employment Act 75 of 1997

9.8                  Broad-Based Black Economic Empowerment Act 53 of 2003

9.9                  Employment Equity Act 55 of 1998

9.10                  Prevention of Organised Crime Act 121 of 1998

9.11                  Protection of Constitutional Democracy against Terrorism and Related Activities Act No. 33 of 2004

9.12                  Protection of Personal Information Act no. 4 of 2013

9.13                  Medical Schemes Act 131 of 1998

9.14                  Skills Development Levies Act 9 of 1999

9.15                  Unemployment Insurance Act 63 of 2001

9.16                  Unemployment Insurance Contributions Act 4 of 2002

9.17                  Companies Act 71 of 2008

10            Information automatically available

10.1                  The following categories of records are automatically available for inspection, or photocopying without having to be requested in terms of the Act:

10.1.1                  Newsletters

10.1.2                  Booklets

10.1.3                  Pamphlets / Brochures

10.1.4                  Reports of a public nature

10.1.5                  Other information intended for public viewing.

10.2                  The only fee payable for access to the records listed in this clause 10 is a prescribed fee for reproduction.

11            Recipients or categories of recipients to whom personal information is supplied

BCI’s business and the services you request of us require transfers to many third parties and/or operators in accordance with the purposes listed above and as mentioned in our Privacy Notice and Data Protection Notice. A non-exhaustive list of potential transfers includes:

11.1                  Collecting and sending documents for external audits of client entities;

11.2                  Collecting and sending documents for external audits of Apex Group entities;

11.3                  Publications onto the public record, such as companies registries or beneficial ownership registers;

11.4                  Any person with legal or regulatory power that may require such disclosure on legal grounds;

11.5                  Service providers engaged by us to help us run our business and in order to effectively perform our Services

11.6                  To 3rd parties as agreed with a client or as required or expressly permitted by applicable law;

12            Sharing of AML Information with banks, custodians, brokers, advisors, auditors or portfolio managers

Brokers, Banks, Custodians, Advisors, Auditors and Portfolio Managers may require information on you for their own due diligence to comply with regulations, we share the information you provide to us with them for this purpose.

13            Transborder flow of Personal Information

13.1                  As a result of contracting with BCI your personal information will be processed in South Africa in accordance with POPIA. In addition, as an entity which offers goods and services into the European Union or elsewhere, where we process personal information of residents in the

Union subject to the GDPR. Your personal information may be processed by any of the Apex Group offices, inside and outside the European Union or South Africa. There are agreements in place between the Apex offices to protect your data to GDPR / POPIA compliant standards. Should you require further information please contact the Information Officer.

13.2                  Additionally your data may be entered into our accounting and/or billing systems, and our document management systems and your data may be processed by our sub-processors/sub- operators including our retail investment technology and third party service providers or outsourcing technology companies, including cloud services providers, in such cases, where data is processed outside of the European Union, the appropriate safeguards are in place. It may also be provided externally to banks, regulators, auditors, advisors (including, but not limited to, legal advisors), supervisory or governmental bodies as well as those appointed as directors and shareholders. At your request we will transfer your personal data to a new service provider.

14            Information security measures to protect Personal Information

14.1                  BCI is committed to developing appropriate safeguards to ensure that personal information is kept secure and confidential at all times, and is protected against reasonably anticipated threats to its security or integrity, and against unlawful and unauthorised access or use.

14.2                  Reasonable technical and organisational measures are implemented for the protection of personal information in the possession of the Company.

14.3                  The Company continuously implements and monitors technical and organisational security measures to protect personal information against unauthorised access as well as accident or wilful manipulation, loss or destruction.

15            Request Procedures

Any and all records shall only be made available subject to the provisions of the Act.

15.1                  Form Of Request

15.1.1                  When making a request to access a record, the requester must use the prescribed form (refer to Annexure B), addressed to the head of the body.

15.1.2                  The requester must provide sufficient detail on the request form to allow for the identification of the record and the requester. The requester should also indicate which form of access is required and specify a postal address or fax number in the Republic.

15.1.3                  The requester must identify the right that is sought to be exercised or protected and provide an explanation of why the requested record is required for the exercise or protection of that right.

15.1.4                  If a request is being made on behalf of another person, the requester must submit proof of the capacity in which the requester is making the request.

15.2                  Fees

15.2.1                  A requester who seeks access to a record containing personal information about the requester is not required to pay the request fee.

15.2.2                  Where fees are payable these are detailed in the request form.

15.2.3                  If the request is granted, a further fee will be payable for the search, preparation and reproduction of the record.

15.2.4                  The requester may lodge an application to the court against the tender or payment of the request fee or may lodge a complaint with the Information Regulator.

15.3                  Decision

15.3.1                  The Company will, within 30 days of receipt of a request, decide whether to grant or decline a request, providing reasons to that effect.

15.3.2                  The 30 day period within which the Company has to decide whether to grant or refuse a request may be extended for a further period of not more than 30 days if reasonably required under the circumstances.

15.3.3                  If the request for access is refused the requester may lodge an application to court or alternatively, lodge a complaint with the Information Regulator.

15.4                  Grounds for Refusal

15.4.1                  BCI has the right to refuse a request for information based on any of the following grounds:

(a)       Mandatory protection of the privacy of a third party who is a natural person, which would involve the unreasonable disclosure of personal information of that natural person;

(b)       Mandatory protection of the commercial information of a third party, if the record contains:

(i)               Trade secrets of that third party;

(ii)             Financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party; and

(iii)           Information disclosed in confidence by a third party, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition.

(c)        Mandatory protection of confidential information of third parties if it is protected in terms of any agreement or legislation;

(d)       Mandatory protection of the safety of individuals and the protection of property;

(e)       Mandatory protection of records which would be regarded as privileged in legal proceedings;

(f)         The information relates to the commercial activities of BCI , which may include:

(i)               Trade secrets of Apex Investment Consulting SA ;

(ii)             Financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of Apex Investment Consulting SA ;

(iii)           Information which, if disclosed, could put Apex Investment Consulting SA at a disadvantage in negotiations or commercial competition;

(iv)           A computer program which is owned by Apex Investment Consulting SA and which is protected by copyright.

(g)       The research information of BCI or a third party, if its disclosure would disclose the identity of the institution, the researcher or the subject matter of the research and would place the research at a serious disadvantage;

15.4.2                  A request for information that is clearly frivolous or vexatious, or which would involve an unreasonable diversion of resources will be refused.

16            Prescribed fees and forms in respect of Private Bodies

The prescribed fees and form for requests to private bodies, are attached to this manual, marked “Annexure A” and “Annexure B” respectively and are available on the website of the Information Regulator https://inforegulator.org.za/.

Manual Update

We will update this Manual from time to time, without prior notice. Any amendments will be posted on this page with an updated revision date.