1. Who We Are
The Mgazi Family Funeral Fund ("the Fund", "we", "us") is a private family mutual aid association. The Fund Committee acts as the data controller for personal data collected and processed in connection with Fund administration.
2. What Data We Collect
We follow the principle of data minimisation — we collect only what is necessary to operate the Fund. This includes:
Member Registration Data
- Full name, date of birth
- Contact details (email, phone number)
- Country of residence
- Proof of identity (ID document, selfie for verification)
- Family relationship information
- Contribution tier and payment preferences
Beneficiary Data
- Beneficiary names and contact details
- Relationship to the member
- Payout destination details (bank account, mobile wallet)
Financial Data
- Contribution payment records and transaction references
- Claims submitted, approved, and paid
- Payment gateway references (we do not store full card numbers)
Claims Documentation
- Death certificates
- Funeral invoices and receipts
- Executor/beneficiary proof documents
3. Why We Process Your Data
We process personal data for the following purposes:
| Purpose | Legal Basis |
|---|
| Administering membership and contributions | Consent / Contractual necessity |
| Processing and verifying claims | Contractual necessity / Legitimate interest |
| Preventing fraud and verifying identity | Legitimate interest |
| Complying with legal or regulatory obligations | Legal obligation |
| Communicating about the Fund (reminders, updates) | Consent / Legitimate interest |
| Generating financial reports and statements | Legitimate interest |
4. Who Has Access to Your Data
Access to personal data is restricted on a need-to-know basis:
- Treasurer: Financial records, contribution ledger, payout details
- Secretary: Member register, contact details, meeting records
- Claims Officer: Claim-related documents, beneficiary details
- Chair & Trustees: Summary reports and approval records
No member data is shared with unauthorised third parties. Payment processing data is handled by our payment gateway partners (Stripe, PayNow, PayFast) under their own privacy policies.
5. Data Sharing
We may share your data only with:
- Payment processors (Stripe, PayNow, PayFast) — to process contributions and payouts
- Legal or regulatory authorities — only where required by law
- Professional advisors — accountants or lawyers engaged by the Fund, under confidentiality obligations
We do not sell, rent, or trade member data.
6. International Transfers
As the Fund operates across multiple countries (UK, South Africa, Zimbabwe, and others), personal data may be transferred internationally. We ensure appropriate safeguards are in place, including:
- Using payment processors with adequate data protection standards
- Implementing access controls regardless of geography
- Limiting cross-border data transfers to what is necessary for Fund administration
7. Data Retention
| Data Type | Retention Period |
|---|
| Financial records (contributions, payouts) | 7 years minimum |
| Member registration data | Duration of membership + 3 years |
| Beneficiary records | Duration of membership + 7 years |
| Claims documentation | 7 years from claim closure |
| Meeting minutes | Indefinite (governance record) |
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your data (subject to retention obligations)
- Restriction: Request limitation of processing in certain circumstances
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact the Fund Secretary via the platform or at the contact details provided upon registration.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encrypted data transmission (HTTPS/TLS)
- Role-based access controls
- Secure authentication and password policies
- Regular review of access permissions
- Secure storage of sensitive documents
10. Data Breach Procedures
In the event of a personal data breach:
- The breach must be reported to the Committee within 24 hours of discovery
- Affected members will be notified without undue delay
- Where required by law (e.g., UK GDPR), the relevant supervisory authority (e.g., the ICO in the UK) will be notified within 72 hours
- The breach, its effects, and remedial actions taken will be documented
11. Cookies & Platform
The Fund platform uses essential cookies for authentication and session management. No tracking or advertising cookies are used. Third-party payment processors may use their own cookies as described in their privacy policies.
12. Changes to This Notice
This Privacy Notice may be updated from time to time. Members will be notified of material changes. The latest version is always available on the platform.
13. Contact
For privacy-related enquiries or to exercise your data rights, contact the Fund Secretary via the platform or at the contact details provided upon registration.