Global Data Privacy Policy

Institutional Data Governance & Sovereignty Protocol

At CHERRY RAIN, we recognize that privacy is a cornerstone of institutional trust. This Privacy Policy outlines our rigorous framework for managing personal and corporate data in compliance with the Protection of Personal Information Act (POPIA), the General Data Protection Regulation (GDPR), and other applicable global standards.

SECTION 1: DATA CONTROLLER AND GOVERNANCE

CHERRY RAIN, with its principal place of business in Johannesburg, South Africa, acts as the Data Controller for the information collected via this website and during our technical review processes. Our Data Governance Committee ensures that all processing activities align with our core values of integrity and confidentiality.

SECTION 2: TAXONOMY OF COLLECTED DATA

We classify the data we collect into four primary categories:

  • 2.1 Professional Identity Data: Name, professional title, institutional affiliation, and corporate registration details.
  • 2.2 Transactional Metadata: Non-public data regarding debt instruments, proposed bond issuances, asset backing, and credit enhancement requirements.
  • 2.3 Digital Telemetry: IP addresses, browser fingerprints, session durations, and interaction patterns used for fraud prevention and infrastructure optimization.
  • 2.4 Compliance Data: Information required for mandatory Anti-Money Laundering (AML) and Know Your Customer (KYC) screening.

SECTION 3: LEGAL BASES FOR PROCESSING

We only process data where a valid legal basis exists under POPIA Section 11 or GDPR Article 6:

3.1 Contractual Obligation: To structure, price, and execute credit enhancement mandates.

3.2 Legal Compliance: To satisfy statutory reporting and regulatory audit requirements.

3.3 Legitimate Business Interest: To secure our systems against cyber threats and to communicate high-value insights to our professional network.

SECTION 4: TRANS-BORDER DATA FLOWS

Due to the global nature of the private credit and reinsurance markets, CHERRY RAIN may transfer data to jurisdictions outside the Republic of South Africa. In such cases, we utilize Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs) to ensure that the recipient provides an adequate level of protection, mirroring the requirements of POPIA Section 72.

SECTION 5: DATA SECURITY AND CRYPTOGRAPHIC PROTECTION

CHERRY RAIN implements an institutional-grade security stack:

  • Encryption: AES-256 for data at rest; TLS 1.3 for data in transit.
  • Access Control: Role-Based Access Control (RBAC) enforced via multi-factor authentication.
  • Monitoring: Continuous security logging and anomaly detection.

SECTION 6: DATA SUBJECT RIGHTS AND RECOURSE

Under POPIA and GDPR, you have the right to access, rectify, or request the deletion of your personal data. You also have the right to lodge a complaint with the Information Regulator (South Africa) or your local Data Protection Authority. For all privacy inquiries, please contact our Data Protection Officer at privacy@cherryrain.com.