Privacy Notice

The Mgazi Family Funeral Fund ("the Fund", "we", "us") is a private family mutual aid association. The Fund Committee acts as the data controller for personal data collected and processed in connection with Fund administration. All data processing is carried out in accordance with applicable data protection law, including UK GDPR where relevant.

We apply the principle of data minimisation — we collect only the personal data necessary to operate the Fund effectively. This includes:

Access to personal data is strictly controlled on a need-to-know basis. Each Committee role has access only to what is necessary to fulfil their function:

• Treasurer: Financial records, contribution ledger, and payout destination details
• Secretary: Member register, contact details, and meeting records
• Claims Officer: Claim-related documents and beneficiary details
• Chair & Trustees: Summary reports and claim approval records only

No member data is shared with unauthorised third parties. Payment processing data is handled exclusively by our payment gateway partners (Stripe, PayNow, PayFast) under their own privacy policies and applicable data protection obligations.

We may share your personal data only with the following parties, and only to the extent necessary:

• Payment processors (Stripe, PayNow, PayFast) — to process contributions and assistance payouts
• Legal or regulatory authorities — only where required by applicable law or a valid legal obligation
• Professional advisors — accountants or lawyers engaged by the Fund, subject to confidentiality obligations

We do not sell, rent, license, or trade member personal data to any third party — under any circumstances.

As the Fund operates across multiple countries — including the United Kingdom, South Africa, Zimbabwe, and others — personal data may be transferred internationally as part of normal Fund administration. We ensure appropriate safeguards are in place, including:

• Using payment processors that maintain adequate data protection standards
• Implementing role-based access controls regardless of geographic location
• Limiting cross-border data transfers strictly to what is necessary for Fund administration

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

• Encrypted data transmission via HTTPS/TLS for all communications
• Role-based access controls limiting data access to authorised personnel only
• Secure authentication with enforced strong password policies
• Regular review and audit of access permissions
• Secure storage of sensitive documents and records

In the event of a personal data breach, the following protocol is to be followed:

1. The breach must be reported to the Committee within 24 hours of discovery.
2. Affected members will be notified without undue delay once the scope and impact are assessed.
3. Where required by applicable law (e.g., UK GDPR), the relevant supervisory authority — such as the Information Commissioner's Office (ICO) in the United Kingdom — will be notified within 72 hours of discovery.
4. The breach, its effects, and all remedial actions taken will be fully documented.

The Fund platform uses essential cookies only — for user authentication and secure session management. No tracking, advertising, or analytics cookies are used by us. Third-party payment processors (Stripe, PayNow, PayFast) may use their own cookies when processing transactions, as described in their respective privacy policies.

This Privacy Notice may be updated periodically to reflect changes in our practices, legal obligations, or the services we provide. Members will be notified of any material changes. The most current version of this Notice is always available on the Fund platform.