QUINCE CAPITAL (PTY) LTD POPIA NOTIFICATION

• This is a notice by Quince to inform its customers, suppliers and employees (“data subjects”) that Quince recently experienced a cyberattack on its systems.
• Pursuant to this, this notice serves as notification for purposes of section 22 of the Protection of Personal Information Act, No. 4 of 2013 (POPIA) to Quince’s data subjects. Quince has notified the information regulator as required in terms of POPIA.
• Keeping the personal information of our data subjects secure is of the utmost importance to Quince and we took steps to address and contain the incident as soon as we discovered the incident.
• We also promptly engaged a computer forensic investigator to perform an investigation and we have already taken numerous additional security measures designed to prevent this from happening again in the future.
• The identity of the unauthorised person/s who may have accessed or acquired any Quince data is unknown to Quince.
• At this stage we are unable to identify the extent to which personal information may have been accessed and as there exists the possibility that the personal information of the data subjects may have been accessed, out of an abundance of caution, we are notifying all our data subjects of the breach in order to ensure that they are able to take the necessary precautions to avoid any potential adverse consequences from this breach and to be on the alert for any possible scams or fraudulent activity.
• Quince values the privacy of the data subjects whose personal information it processes, and deeply regrets that this incident occurred. For further information and assistance please contact Annette Sannasi (annetteg@quincecapital.co.za).