Privacy and Data Policies.
1. The POPI Act
For the POPI Act, the Company is deemed to be an organization that engages in all aspects of business. It follows that personal information could be processed in some of the following categories:
Stakeholders, i.e. shareholders
Governing bodies, i.e. directors
Statutory bodies, i.e. SARS
Public viewers, i.e. websites
Hostile invaders i.e. hackers
A list of the processors, persons privy to the processing is:
The following general information is collected from the parties above:
All labor related information
All client information relating to accounting, products, services in common
All vendor information relating to accounting, products, services in common
Information stakeholders could be interested in
Information governing bodies could be interested in
All Statutory information on which the Company is to report / act upon
Information destined for marketing and sales in future
Purpose for holding information
The Company vows to protect the information as prescribed by the POPI Act. As far as the Company understands, all personal information is private and attended to according to the POPI Act.
The Company will at all times measure the risk of breach of the POPI Act and actively manage same on a daily basis.
2. Data Collection and Use
We collect and process personal information only for legitimate business purposes and with the consent of the data subjects. The information collected may include but is not limited to names, contact details, financial information, and any other data required to provide our services or fulfill our contractual obligations.
3. Lawful Basis for Processing
We process personal information on the lawful bases as specified under POPIA and GDPR, which may include consent, contract performance, legal obligations, and legitimate interests. Data subjects will be informed of the specific purpose of data processing when their information is collected.
4. Data Security
We employ appropriate technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures are designed to comply with both POPIA and GDPR requirements.
5. Data Minimization and Accuracy
We only collect and retain personal information that is necessary for the purpose it was collected. We ensure the accuracy of the data we hold and update it when necessary. Data subjects have the right to request corrections to their personal information.
6. Data Transfer
We may transfer personal information to third-party service providers or business partners as necessary to fulfill our contractual obligations or provide our services. Such transfers are conducted under GDPR-compliant mechanisms, such as Standard Contractual Clauses or approved adequacy decisions.
7. Data Subject Rights
Data subjects have the right to access their personal information, rectify inaccuracies, erase their data (subject to legal requirements), restrict processing, and object to processing. We will respond to data subject rights requests in accordance with the timelines specified in POPIA and GDPR.
8. Data Retention
Personal information will be retained for as long as necessary to fulfill the purposes for which it was collected, and to comply with legal and regulatory requirements. Data that is no longer required will be securely deleted or anonymized.
9. Data Breach Notification
In the event of a data breach that poses a risk to individuals' rights and freedoms, we will notify the relevant supervisory authorities and affected data subjects as required by POPIA and GDPR.
10. International Data Transfers
If personal information is transferred to countries outside the European Economic Area (EEA) or South Africa, we will ensure adequate safeguards are in place to protect data subjects' rights and comply with the requirements of POPIA and GDPR.
11. Privacy by Design and Impact Assessments
We implement privacy by design principles and conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with our data processing activities.
For any inquiries or concerns related to data privacy, please use the Contact form on our website or email us at firstname.lastname@example.org.
Last updated on 4 July 2023.