POPI ACT POLICY:
PERSONAL INFORMATION IS DEFINED BY THE PROTECTION OF PERSONAL
INFORMATION ACT 4 OF 2013 AS FOLLOWS:
‘‘personal information’’ means information relating to an identifiable,
living, natural person, and where it is applicable, an
identifiable, existing juristic person, including, but not limited to—
(a) information relating to the race, gender, sex, pregnancy, marital
status, national, ethnic or social origin, colour, sexual orientation,
age, physical or mental health, well-being, disability, religion,
conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial,
criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address,
telephone number, location information, online identifier or other
particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly
of a private or confidential nature or further correspondence that would
reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information
relating to the person or if the disclosure of the name itself would
reveal information about the person;
WHAT IS THE PURPOSE OF THE PROTECTION OF PERSONAL INFORMATION ACT (POPI
ACT)
1. To give effect to the constitutional right to privacy, by
safeguarding personal information when processed by a responsible party,
subject to justifiable limitations that are aimed at—
1.1 balancing the right to privacy against other rights, particularly
the right of access to information; and
1.2 protecting important interests, including the free flow of
information within the Republic and across international borders;
2. regulate the manner in which personal information may be processed,
by establishing conditions, in harmony with international standards,
that prescribe the minimum threshold requirements for the lawful
processing of personal information;
3. provide persons with rights and remedies to protect their personal
information from processing that is not in accordance with this Act; and
4. establish voluntary and compulsory measures, including the
establishment of an Information Regulator, to ensure respect for and to
promote, enforce and fulfil the rights protected by this Act.
We are required by the Act to exercise due diligence in processing your
personal information and to ensure that it is used only for the purpose
of acting within our mandate. When we obtain any personal information
from you, we keep it safe and have certain measures in place ensuring
that it is not furnished or leaked to any third parties. We may use your
personal information for any legitimate business purposes relating to
our services and/or business activities We only furnish your personal
information to third parties where it is necessary to conduct our work
which falls within the ambit of our mandate. This is applicable to any
personal information that you furnish us with. We may use your personal
information for amongst other reasons the following:
• responding to your queries which was sent via any electronic means,
which includes but are not limited to, Whatsapp, e-mail, internet,
website or sms;
• Rendering professional services;
• Referring you to other service providers with your consent;
• On our website and services by analysing certain information
collected, including cookies and other related information which we may
use to improve certain service delivery;
• Sending you information and corresponding with you which may include
invitations to social events; and/or
• Complying with our regulatory or other legal obligations.
• We collect your personal information directly from you which includes
but are not limited to your name, email address or telephone number;
• We will only collect personal information from third parties where
such information is publicly available or for legitimate business
purposes.
• Using cookies through our website, which can be controlled by
yourself. Cookies only store information from your browser and cannot
access data on your computer.
We may transfer your information across the border of the Republic of
South Africa for purposes of cloud storage. Such information will be
encrypted and only accessible by our office and employees who need to
use your personal information in order to conduct their lawful business.
We protect and manage personal information that we hold about you by
using electronic and computer safeguards like firewalls, data
encryption, and physical and electronic access control
SHARING OF PERSONAL INFORMATION
For purposes of conducting our business operations, we may share your
personal information with our service providers. We only share such
information where the third party is also POPI compliant where the
personal information is regulated and secured.
SECURITY AND STORAGE
We will take all reasonable steps to ensure that your personal
information is protected. We protect and manage your personal
information by using electronic and computer safeguards like firewalls,
data encryption, alarm systems and physical and electronic access
control to our buildings. We only authorise access to personal
information to those employees who require it to fulfil their designated
responsibilities.
Where links on our website or e-mail refer you to third party websites
or establishments, we are not liable for any personal information
collected.
We keep personal information for as long as we need to achieve the
purpose for which it was collected and any other permitted linked
purpose.
If you are of the opinion that any personal information that we are in
possession of about you are excessive or has been unlawfully obtained or
that we are no longer authorised to have access to the information, you
may request that we destroy or delete it. We will consider if the
information requires correction, deletion or destruction and if we do
not agree that there are grounds for action, you may request that we add
a file note to the personal information stating that you disagree with
it.
CHANGES TO PERSONAL INFORMATION
We are required to take steps to ensure that the personal information we
have is accurate, complete, relevant, not misleading and up to date.
Should your personal information (or the personal information you
provide) change, you must inform us and provide us with all changes as
soon as reasonably possible to enable us to update the personal
information.
You have the right to contact us at any time requesting confirmation
that we have your personal information; access to the records containing
your personal information or a description of the personal information
that we have in our possession relevant to you; and the identity or
categories of third parties who have had, or currently have, access to
your personal information.
You also have the right to object to our handling of your personal
information on reasonable grounds where our justification for doing so
is our or your legitimate interests. When making a request we require
adequate proof of identity which will include providing a certified copy
of your identity or relevant registration document/s.
CHILDREN’S PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION
We do not intentionally collect or use personal information of children
(persons under the age of 19 years), unless with express consent of a
parent or guardian or if the law otherwise allows or requires us to
process such personal information.
SECURITY BREACH
We will report any security breach to the Information Regulator and to
the individuals or companies involved. If you want to report any
concerns about our privacy practices or if you suspect any breach
regarding your personal information, kindly notify us by sending an
email to
navorsing@mjsjordaan.co.za
If you believe we are using your personal information unlawfully, please
let us know via e-mail at
navorsing@mjsjordaan.co.za
|