Privacy Policy


NMG C and A Holdings (SA) (Pty) Ltd. (registration number 2002/0015082/07) (“NMG”, “we”, “our” or “us”) is committed to respecting your privacy and protecting information that identifies or is associated with you (“personal information”). This Privacy Notice applies to NMG and all its subsidiaries as well as our websites, platforms, and digital channels.

This Privacy Policy describes how we process your personal information. We recommend you read this Privacy Policy so that you understand our approach towards the use of your personal information. You do not need to provide us with your personal information, but please note that in such case we may not be able to provide you with our products or services or respond to your queries and requests.

Occasionally, we may need to make changes to our Privacy Policy. If there are important changes to our Privacy Policy, we will let you know.

Who we are

NMG offers the full set of solutions to meet the needs of employers, medical schemes, retirement funds, employees, and retirees. We provide clients with unbiased and professional advice on the provision and management of medical, life and disability insurance, and retirement solutions.

We help clients take a complete view of their employee benefits programme and ensure that the benefits encourage greater productivity, loyalty and whilst at the same time protecting the future financial security of the business.

The identity of the controller responsible for your personal information will depend on who you are and how you are engaging or interacting with NMG. If you are an individual using our website, the data controller is NMG. If you are a client (or representative of a client) or a member, the relevant data controller will depend on the NMG office you are engaging with.


NMG Consultants & Actuaries (Pty) Ltd.
Provides healthcare consulting, actuarial services and investment consulting services
NMG Administrators (Pty) Ltd.
Provides specialist retirement fund administration services that administers freestanding funds and umbrella funds.
NMG Employee Benefits (Pty) Ltd.
Provides independent employee benefits consulting advice.
NMG Consultants, Actuaries and Administrators (Pty) Ltd.
Provides specialist retirement fund administration services that administers freestanding funds and umbrella funds.
NMG Risk Managers (Pty) Ltd.
Provides Short Term Personal and Commercial Lines business.
NMG Financial Planning (Pty) Ltd
Provides individuals with financial planning solutions which from span healthcare, retirement, and investment, as well as budgeting, saving, money management advice, insurance, wills and estate planning, and more.
Cedar Employee Benefits (Pty) Ltd
Provides specialist retirement fund administration services that administers freestanding funds and umbrella funds.
NMG Healthcare Consultants (Pty) Ltd
Provides healthcare consulting services.
Whose personal information we collect

NMG collects personal information about the following data subjects:

  • Corporate entities: These include:
    • Our clients (such as participating employers), suppliers, service providers, and partners.
    • Pension and Provident Funds, their boards of trustees and officers.
    • Medical Aid Service Providers.
  • Individuals:
    • Members, beneficiaries, clients and their personnel, brokers, consultants, advisers, and others with whom we interact as part of our business.
    • NMG employees (current, former, and potential).
  • Processing of Children’s personal information

The Protection of Personal Information Act, 4 of 2013 (“POPIA”) affords additional protections for the processing of the personal information of children under the age of 18. NMG only processes the personal information of children where they are named as either dependents or as beneficiaries of the products and services that we provide in the normal course of our business. In all cases, we aim to ensure that we have the consent of the children’s parents or legal guardians to process their personal information and that their information is kept secure.

What personal information do we collect and how do we obtain it

The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.

The source of the personal information we collect depends upon our relationship. For example, where:

  • You are an individual visiting our website or are interested in our services, we receive information directly from you when you voluntarily submit information to us through our website or contact any of our personnel.
  • You are a member or beneficiary, we receive your personal information from the member’s employer and as supplemented by you by interacting with us directly.
  • You are a corporate entity, we receive your personal information directly from you in connection with our current, prospective, or former contractual relationship.
  • You are a prospective job candidate, we receive your personal information directly from you when you apply for a job with NMG or through a recruitment agency.
  • You are a guest at an event hosted by NMG, we may take photos and/or videos at specific events, such as year-end functions, client events etc for use in its internal and external promotional material. Staff, clients and members of public may appear on the resulting images.
How we use your personal information

We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. We will process your personal information only for the purposes for which it was collected or agreed with you, for example:

  • Perform services that are core to our employee benefits business, including retirement fund administration and consulting, healthcare consulting, actuarial services, financial planning, and investment consulting.
  • Retain and maintain your personal information in accordance with laws and regulations applicable to the services and products we provide or where prescribed by professional codes of conduct that apply to our business.
  • Monitor your usage of our websites, platforms, and other digital channels for audit purposes as well as to ensure optimal user experience.
  • To carry out our contractual obligations to our clients and suppliers.
  • For our internal audit and record keeping purposes or as mandated by applicable laws or by contract.
  • In connection with legal proceeding.
  • In connection with our internal business processes, including, without limitation, business or product development, and recruitment.
  • To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
  • To notify you about changes to our service or respond to your queries or comments.

Where we collect personal information for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we must keep it for legitimate business purposes or pursuant to applicable law.

You can opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt out.

Your rights

You have the following rights under POPIA in relation to your personal information:

Right of access
The right to obtain access to your personal information along with certain related information;
Right to be informed
The right to be informed of what information is being collected and from where, the purpose of processing, whether supply of your information is mandatory or voluntary, the consequences of failing to provide your personal information, how your information is kept safe, and your right to access, correct, or delete your personal information;
Right to rectification
The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete;
Right to erasure
The right to request that the responsible party corrects or deletes your personal information if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if the responsible party is no longer authorised to retain your personal information;
Right to object
The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing. Once you object to the processing of your Personal Information, we may no longer process said Personal Information unless we are required to process it in compliance with applicable laws or by contract.

If you wish to exercise one of these rights above, please contact us using the details set out at below.
You also have the right to lodge a complaint to the relevant data protection regulator.

The details of our Information Officer and POPIA Legal and Compliance Officer are as follows:

Information Officer
Craigh Chidrawi
Tel: 011 509 3000

POPIA Legal and Compliance Officer
Veronica Steyn
Tel: 011 509 3000

You have the right to ask us to update, correct or delete your personal information. We will take all reasonable steps to confirm your identity before making changes to Personal Information we may hold about you. We would appreciate it if you would take the necessary steps to keep your Personal Information accurate and up to date by notifying us of any changes, we need to be aware of.

Right to lodge a complaint

In terms of section 18. (h) (v) of POPIA you have the right to lodge a complaint to the Information Regulator (South Africa) (IRSA). The IRSA contact details are:

JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001

P.O Box 31533
Braamfontein, Johannesburg, 2017

Complaints email:

Disclosure of your personal information

NMG may share your Personal Information with the following categories of recipients:

  • Service providers: that enable us to fulfil our contractual obligations to you and/or our clients during business, which may include:
  • third-party recruitment services;
  • banks and other payment processors;
  • third parties that provide security, email security, data governance, archiving, research support and other IT and business support services;
  • email marketing platform provider and our website platform provider;
  • tracing agents; and
  • selected partner digital agencies and online job application providers; analytics and search engine providers that assist us in the improvement and optimisation of our website.
  • Our affiliates and companies in the same group of companies as us: our affiliates and subsidiaries (i.e., any organization or brand we own or control or any organization that owns or controls us and any subsidiaries it owns). These companies may use your personal information in the same way as we can under this Privacy Policy.
  • Third parties at your request: any third party you ask us to share your personal information with.
  • Purchasers and third parties in connection with a business transaction: personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of NMG assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliated NMG entity or third party, or in the event of a bankruptcy or related or similar proceedings.
  • Law enforcement, regulators and other parties for legal reasons: third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our client contractual terms or to protect the security or integrity of our service; and/or (c) exercise or protect the rights, property, or personal safety of NMG, our visitors, or others.

When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that Personal Information that we remain responsible for, is kept secure.

We will ensure that anyone to whom we pass your Personal Information agrees to treat your information with the same level of protection as we are obliged to.

Storing your personal information

We maintain appropriate security measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information you register on our website is transmitted across the Internet in an encrypted state and is stored in a secure data centre.

Cookies policy

We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer.

For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third-party websites for information regarding their use of cookies.

We will not use cookies to collect personally identifiable information about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.

You can also visit for details on how to delete or reject cookies and for further information on cookies generally. For information on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.

Cross-border transfers

NMG operates in South Africa, Namibia and Botswana. While the data protection and other laws of these countries differ, please be assured that we take steps to ensure that your privacy is protected, including restricting access, enabling encryption, and putting in place appropriate contractual provisions between the various NMG entities. Additionally, NMG personnel may access our systems remotely when working abroad (including from jurisdictions outside South Africa). Where they do so, they are required to use our data systems and access any personal information in accordance with NMG’s internal policies and procedures.

Furthermore, if we need to share your personal information with a third-party service provider, we will ensure we do so in compliance with relevant data protection legislation and will review our contracts regularly to ensure we are compliant.

To contact us with a complaint or inquiry

If you have any questions, complaints or problems related to the way we collect or use your information, if you wish to opt out of any contact list, or have a concern with our privacy policy in general, please contact us though our website or via e-mail

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram