We collect, process and store information of data subjects as a usual course of our business. We need to continue doing so whilst being compliant with POPI (the Protection of Personal Information Act). We are fully compliant with POPI and this statement serves as our disclosure to Data Subjects and other interested parties, in broad terms, of how we achieve that. Data Subjects are defined as a natural or legal person whose information is collected, processed or stored.
• As a company that provides data subjects with a service or with data interaction for a lawful reason, we need to gather certain information to be able to do so and in a certain manner.
• The information we collect will depend on the reasons for which it is collected and used. This might differ in our various interactions. We will only collect information that we need for that particular purpose as agreed upon and no more than necessary. We’ll also tell Data Subjects what information they need to provide to us and what information is optional.
• We have a fully developed POPI compliance framework in place which comprises impact assessments and a POPI Policy, among others.
• We will usually obtain information from a Data Subject directly via various different means but may from time to time also obtain publicly available information.
• Data Subject information may be processed by third parties like regulators, our software providers or other suppliers to ensure Data Subjects get great service and may be transferred cross border, for instance where we use cloud services to store data or if one of our own service providers are situated overseas.
From time to time, we may collect some of the information below of natural or legal persons, which is defined as personal information in terms of POPI. However, our specific interaction with the Data Subject will detail what information we need exactly:
• information relating to the education or the medical, financial, criminal or employment history of the person;
• any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
• the biometric information of the person;
• the personal opinions, views or preferences of the person;
• correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
• the views or opinions of another individual about the person; and
• the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
• information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
• personal information concerning a child.
Data subjects have a right not to share the information as set out above but in that instance, we cannot offer Data Subjects our services. They may contact us to enquire what information of theirs we hold. They also have the right to correct their information or to request us to delete the information, unless the law states that we must hold the information. They have a right to revoke this consent. If a Data Subject would like to contact us in relation to Data Subject information, please see our contact details on our website.
Anyone can approach us on our contact details on our website where you found this notice to speak to our Information Officer or to submit any data queries or complaints.
You have the right to lodge a complaint to the Information Regulator at: complaints.IR@justice.gov.za or search their office on the internet at www.justice.gov.za/inforeg/ .
By visiting our website and communicating electronically with us, the Data subject consents to the processing, including transfer of his Personal information as set out in this Notice.