fbpx

POPI

PROTECTION OF PERSONAL INFORMATION POLICY

(External)

Contents

  1. SCOPE. 3

  2. DEFINITIONS. 3

  3. OBJECTIVES. 3

  4. POLICY. 4

  5. PRINCIPLES OF PROTECTION OF PERSONAL INFORMATION.. 5

  6. DOCUMENT CONTROL. 9

  7. RECORDS. 10

ANNEXURE A:           CLIENT, SERVICE PROVIDER AND/OR SUPPLIER CONSENT. 11

 

1.      SCOPE

1.1.   Venture Workspace is obliged to inform its Data Subjects as to how their Personal Information is used, disclosed, and destroyed.

1.2.   Venture Workspace guarantees its commitment to protecting its Data Subjects’ privacy and ensuring their Personal Information is used appropriately, transparently, securely and in accordance with applicable laws.

2.     DEFINITIONS

a.       “Data Subjects” means employees, clients, and suppliers.

b.       “Personal Information” is all information that relates to an identifiable Data Subject. It carries the same definition as personal information contained in the Protection of Personal Information Act no 4 of 2013.

c.       “POPI” means Protection of Personal Information Act no 4 of 2013.

d.       “Company” means Venture Workspace of with registration number 2009/011456/07 of Ground Floor, Brookside Office Park, 11 Imam Haron (Old Lansdowne Rd), Claremont, 7708

e.       “This Policy” means this POPI Policy.

 

2.1.  Any other words used in this Policy which are defined in POPI carries the same meaning in this Policy as in the Act.

 3.      OBJECTIVES

3.1.   This Policy sets out how Venture Workspace deals with its Data Subjects’ Personal Information and in addition for what purpose said information is used for. This Policy is made available by way of internal communication and by request at our Company at [Company Address].

3.2.   The document to follow sets out and comprises:

i.         Venture Workspace Policy on the Protection of Personal Information; and

ii.       Consent Form to be signed by all Clients, Service Providers and Suppliers (Annexure A).

 

4.       POLICY

4.1.   In South Africa, the right to privacy is protected in terms of the common law and section 14 of the 1996 Constitution. As with all rights in the Bill of Rights, none are absolute, and can be limited in terms of laws of general application. While the Constitution provides for, among other rights, the right to privacy, the extent of the right to privacy may be limited by application of laws such as the Promotion of Access to Information Act, 2 of 2000 and the Regulation of Interception of Communications and Provision of Communication-related Information Act, 70 of 2002 (RICA).

4.2.   Other laws such as the Electronic Communications Act, 25 of 2002, the National Credit Act, 34 of 2005 and the Consumer Protection Act, 68 of 2008, all provide further protection for privacy and confidentiality.

4.3.   POPI requires all South African organisations which handle personal information, to comply with several important principles regarding privacy, disclosure, and trans-border flows of personal information to other countries. POPI places responsibilities on the Company to process personal information that it holds, in a fair and proper manner. The processing of such information includes the collection, organising, storage, disclosure, transmission and use of personal information.

4.4.   This Policy sets out Venture Workspace compliance to POPI.

 

5.       PRINCIPALS OF PROTECTION OF PERSONAL INFORMATION

5.1.   PERSONAL INFORMATION VENTURE WORKSPACECOLLECTS

5.1.1.      Venture Workspace may collect and process the Data Subject’s Personal Information as defined in POPI.

5.1.2.      The type of information will depend on the nature of the relationship with the Data Subject and the purpose for which the information is collected and used.

5.1.3.      Personal Information will be processed for those purposes only.

5.1.4.      Whenever possible, Venture Workspace will inform the relevant Data Subject what information they are required to provide to the Company and what information is optional.

5.1.5.      Examples of the Personal Information collected by Venture Workspace include but are not limited to:

5.1.5.1.    Data Subjects’ identity/registration number, name, surname, address/e-mail address, telephone numbers, postal code, marital status, gender, ethnic or social origin, employment history;

5.1.5.2.    Any other information required by the Company to achieve the specified purpose.

 

5.2.   PURPOSE OF COLLECTING PERSONAL INFORMATION

5.2.1.      Venture Workspace collects and processes Data Subjects Personal Information for the purpose of:

·         for marketing the Company;

·         for its administrative needs;

·         management of employees, customer and supplier relations;

·         for audit and record keeping purposes;

·         legal proceedings;

·         compliance with internal policies and procedures, legal and regulatory requirements or when it is otherwise allowed by law;

·         confirming, verifying and updating Data Subjects’ details;

·         for the detection and prevention of fraud, money laundering or other malpractice;

·         conducting market, supplier, or customer satisfaction surveys.

5.2.2.      Venture Workspace  has agreements in place with all suppliers, insurers, and third-party service providers to ensure there is a mutual understanding with regard to the protection of Personal Information.

 

5.3.   LAWFUL BASIS OF COLLECTING PERSONAL INFORMATION

5.3.1.      Companies handle what the Act classifies as ‘special information’, detailing employee information such as ethnicity, race, and biometric data in some instances. This data is subject to strict controls, and therefore, companies need to adhere to the Act and protect this information efficiently:

5.3.1.1.    Purpose Limitation – Personal data may only be used for the specific purpose for which it has been initially collected. Subsequent use for other purposes must be compatible with this primary purpose.

5.3.1.2.    Proportionality – Processing of personal data may not be excessive in relation to the objective pursued by the company. Data may be collected only to the extent required.

5.3.1.3.    Direct Collection – Personal data must generally be collected directly at the data subject.

5.3.1.4.    Transparency – The data subject must be aware what personal data is processed for which purpose and who is responsible for it.

5.3.1.5.    Data Quality – Personal data must be collected correctly. Appropriate measures must be taken so that irrelevant or incomplete data is corrected or deleted.

5.3.1.6.    Security – Appropriate technical and organizational measures must be taken to protect personal data against unauthorized access, accidental loss or destruction and other forms of unlawful processing. Data may be accessible only by persons who have a “need to know”.

5.3.1.7.    Deletion – Personal Data that is no longer required must be deleted. The period of time data after which data is to be deleted shall be defined and the actual deletion must be ensured. The storage for an indefinite period is not permissible.

 

5.4.   PROCESSING OF PERSONAL INFORMATION

5.4.1.      Personal Information may only be processed if certain conditions are met which are listed below:

a.       The Data Subject consents to the processing – consent is obtained directly from the Data Subject.

b.       The Personal Information is subject to a contract concluded between the parties or such information is in the public domain.

c.       Processing complies with an obligation imposed by law on the Company in respect of but not limited to:

·         Protection of Personal Information Act 4 of 2013;

·         Electronic Communications Act 25 of 2002 as amended;

·         Promotion of Access to Information Act 2 of 200 as amended;

·         Income Tax Act 58 of 1962 as amended ;

·         Value Added Tax Act 89 of 1991 as amended;

·         Companies Act 78 of 2008 as amended;

·         Any other act or regulation the Company may be governed by.

  1. Processing protects a legitimate interest of clients and, employees so that the Company can respond to their needs on a timeous basis and provide them with a beneficial service.

  2. Processing protects a legitimate interest of suppliers so that the Company can provide them with business opportunities on a timeous basis and relevant information.

  3. Processing protects a legitimate interest of Employees to enable the Company to provide them with the necessary services and protection.

 

 

5.5.   DISCLOSURE OF PERSONAL INFORMATION

5.5.1.      We may disclose Data Subjects Personal Information:

a.       To our suppliers and third-party service providers when necessary to perform any service. We have agreements in place to ensure that they comply with confidentiality and privacy conditions;

b.       Where we have a duty or a right to disclose in terms of applicable legislation, the law or where it may be necessary to protect our rights.

 

5.6.   INFORMATION SECURITY

5.6.1.      Venture Workspace information and communication technologies and systems are critical to the Company’s operations. The reliance on such technologies and information (data) housed in such technologies are of significant importance to the Company.

5.6.2.      In order to ensure continuity and efficient recovery in the event of a failure of such technologies and resulting loss of said data, the Company has and will continue to engage specific service providers to implement recovery solutions.

5.6.3.      These security measures are subject to the service providers undertaking to maintain the confidentiality of any personal information as defined in POPI.

5.6.4.      Venture Workspace is legally obliged to provide adequate protection for the personal information it holds and to stop unauthorised access and use of Personal Information. The Company will, on an ongoing basis, continue to review its security controls and related processes to ensure that its Data Subject’s Personal Information is secure.

5.6.5.      When Venture Workspace contracts with third parties, it imposes appropriate security, privacy, and confidentiality obligations on them to ensure that Personal Information that it remains responsible for, is kept secure.

 

5.7.   ACCESS AND CORRECTION OF PERSONAL INFORMATION

5.7.1.      Data Subjects have the right to access the Personal Information the Company holds about them.

5.7.2.      Data Subjects also have the right to request the Company to update, correct or delete their Personal Information on reasonable grounds.

5.7.3.      Once a Data Subject objects to the processing of their Personal Information, the Company may no longer process said Personal Information.

5.7.3.1.    Where a Data Subject objects to the processing of their Personal Information it may affect the validity of any and all other agreements between the parties where such processing is a material requirement in such agreements.

5.7.4.      The Company will take all reasonable steps to confirm the Data Subject’s identity before providing details of their Personal Information or making changes to their Personal Information.

 

6.    DOCUMENT CONTROL

Amendments to this Policy will take place on an ad hoc basis. Data Subjects are advised to check the Policy periodically to inform themselves of any changes. Where material changes take place Data Subjects will be notified directly.

 

 

REVISION NUMBER

PAGE

NUMBER/S

CHANGE EFFECTED

DATE OF ISSUE

 

 

 

 

 

 

 

 

 

 

 

 

 

7.    RECORDS

 

RESPONSIBLE PERSON

RECORDS

WHERE FILED

ELECTRONIC OR HARDCOPY

RETENTION TIME

ACCESS

DISPOSAL

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ANNEXURE A:    CLIENT, SERVICE PROVIDER AND/OR SUPPLIER CONSENT

Consent for the Processing of Personal Information by Venture Workspace from Clients and/or Suppliers

I am duly authorised to act on behalf of the Company, Service Provider and/or Supplier and acknowledge that I have read and understood The Company’s Protection of Personal Information Policy as well as this consent form, and that I understand the contents thereof.

In accordance therewith, I consent to the processing of the Client, Service Provider and/or Supplier’s Personal Information (as appropriate and necessary) by the Company, service providers and third-party contractors.

I further consent explicitly to Personal Information being shared with such agents, third party contractors and service providers of the Employer and processed in accordance with this Policy.

I acknowledge that:

  • Personal Information will be collected only for lawful purposes and that the Personal Information will be retained only so long as such purposes exist;

  • No further processing will take place that is not related to these purposes;

  • Venture Workspace shall endeavor to keep such information complete, accurate up to date with the assistance of the Client, Service Provider and/or Supplier;

  • The Company shall provide appropriate safeguards to protect the Personal Information; and

  • The Company will contact the Client, Service Provider and/or Supplier in the event that its Personal Information is compromised.

 

The consent on behalf of my company extends explicitly to include the Personal Information of any of my staff, agents, or representatives/service providers.

 

Accepted by Client, Service Provider and/or Supplier

 

Signature:                                                                               Name:                                              ________________

Date:                                                                 ________   Title:                  ______________________

Company Reg No/ID:                                                     _________________

 

Contact details:

Telephone: (     ) _____________Email: ___________________________

All enquiries and further requests are to be similarly directed.