Privacy notice

More than R1 trillion accumulated
funds and reserves.

Who we are

The Government Employees Pension Fund (GEPF) is a defined benefit fund that manages pensions and related benefits on behalf of government employees in South Africa. Established in 1996, it is the largest pension fund in South Africa and one of the largest pension funds in Africa and the world.

The Government Employees Pension Fund (GEPF) will maintain the confidentiality of your personal information and comply with the Protection of Personal Information Act 4 of 2013 (POPIA) when processing your personal information. This notice applies to The Government Employees Pension Fund (GEPF), operating divisions, business units, licensed entities, management-controlled entities and activities.

The purpose of the notice

The purpose of this notice is to inform The Government Employees Pension Fund (GEPF) Members and pensioners about the type and use of personal information the company collects, the ways in which it is collected, the sharing, protection and storage thereof.

What is personal information?

The term ‘personal information’, as used in this notice, applies to information that may be used to identify an individual or a juristic person (i.e. for example a registered company).

POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The person to whom personal information relates is referred to as the “data subject”.

Examples of personal information include, but are not limited to, contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.

What type of personal information does Government Employees Pension Fund (GEPF)  collect?

Personal information collected by Government Employees Pension Fund (GEPF) can include a data subject’s name, contact, birth date, identity number, gender, employment details, marital, family, policy, bank account.

When personal information is collected, the company will indicate the purpose for the collection and whether the information required is compulsory or voluntary.

How does  Government Employees Pension Fund (GEPF)  collect personal information?

The company collects information either directly from the data subject, the employer or through financial services intermediaries. In certain instances, Government Employees Pension Fund (GEPF) may appoint third parties to collect information on its behalf. The source from which personal information was obtained, if not directly from the data subject, will be disclosed.

Use of personal information

After obtaining consent, the personal information collected or held by Government Employees Pension Fund (GEPF) may be used, stored, transferred or disclosed or shared for the following purposes:

  • Processing claims
  • Providing on-going administration services for the duration of the contract
  • Fulfilling a transaction on request of a data subject

Sharing of personal information

Government Employees Pension Fund (GEPF) will only share your personal information with third parties if you have consented to such disclosure. If consent has been obtained, the company may share your personal information with persons or organisations within and outside of Government Employees Pension Fund (GEPF).

Where Government Employees Pension Fund (GEPF) discloses personal information to intermediaries, other financial institutions, insurers or any other third parties, the third parties will be obliged to use that personal information only for the reasons and purposes it was disclosed for. Government Employees Pension Fund (GEPF) may be obliged to disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, or for the purposes of protecting the interest of clients, for example fraud prevention or to give effect to an agreement.

Securing personal information

Government Employees Pension Fund (GEPF) will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. The company will store all the personal information in secured environments, for example on secured servers in a protected data centre.

How you can review and correct your personal information

You can request to review your personal information contained in Government Employees Pension Fund (GEPF) records at any time to correct or update the information. If the purpose for which your personal information was requested initially does not exist anymore, for example you no longer have a contract with it, you may request information held by the company to be removed. However, Government Employees Pension Fund (GEPF) can decline your request to delete the information from its records if other legislation requires the continued retention thereof or if it has been de-identified.

Updating of this processing notice

Government Employees Pension Fund (GEPF) may update this notice periodically and an updated version may be requested, for example through a postal request or through an email notification addressed to the contact details provided below.

Employee Training on Cyber Security and Data Privacy

Employee Training on Cyber Security and Data Privacy forms part of ongoing compliance training. Cyber Security training is currently further required as a basic compliance training that all employees must complete. As part of the POPIA management programme, there is a specific focus on training, awareness as well as communication that will cover data privacy, data security and more detailed cyber security training as mandatory compliance training to all staff.

Centralised Cyber Security and Data Security Functions and Coordination

To deal with Cyber Security and Data Security two separate centralised functions exist within Government Employees Pension Fund (GEPF). The IT Security environment includes managing cyber security as a capability and the Data Management environment deals with the aspects of data privacy and extended data security which is enabled through IT security.

Government Employees Pension Fund (GEPF) ’s Privacy Policy

If you have any questions about this notice or Government Employees Pension Fund’s treatment of your personal information, please address an email to enquiries@gepf.co.za

HELP US STOP FRAUD

Fraud Helpline - 0800 203 900

Contact Us
Client Centre

GEPF Administration Office

Download App

Our app makes it easy for you to keep track of your policy and allows you to make any changes, at anytime of the day.

Important Links
GEPF Conference
Facebook Linkedin Youtube X-twitter

© 2024 GEPF. All rights reserved.

Breach Notification

NOTIFICATION OF SECURITY COMPROMISE AS PER SECTION 22 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 ("POPIA")

The GEPF experienced a security breach and the compromise of personal information held on the GPAA systems and records between February and March 2024. Data subjects were notified of the security breach and potential compromise of personal information on 20 March 2024.

The GPAA immediately shut down all its systems and initiated its Cyber Incident and Response Plan to mitigate the damage at the time of the security compromise. As a result, the compromise of personal information was isolated and curtailed. The GPAA initiated an investigation into the cause and extent of the security breach and committed to providing updates/outcomes of the investigation as soon as practically possible.

Although the investigation is still ongoing, the assessment recently revealed a compromise of personal information of a number of data subjects. The extent of the compromise of personal information is still being investigated and will be communicated on the conclusion of the investigation.

The GPAA has put various additional control measures in place to strengthen the security safeguards on its systems since the incident. The GPAA is working with security agencies to strengthen control measures and avoid future reoccurrences.

The GEPF and GPAA recognises the importance of safeguarding personal information and is working actively to prevent any recurrence of security compromises on the GEPF and GPAA systems.

We apologise for any inconvenience caused and assure you that every reasonable step has been taken to ensure that all GPAA systems and platforms are safe and protected from unauthorised and unlawful access.

The security compromise was reported to the relevant authorities, entities and regulators for further investigations, support and transparency.

Gepf Logo