Protection Of Personal Information Act (POPI)
Hope Engravers CC understands that your privacy is important to you and that you care about how your personal information is used. We respect and value the privacy of all those that we have dealings with and use personal information in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Information About Us
Hope Engeavers cc.
registered in South Africa under company number 1988/000499/23
Main trading address: 280 Paul Kruger Street, Pretoria
VAT number: 4100120577
Information Officer: M Caromba
Email address: firstname.lastname@example.org
Telephone number: 012 3217000
Postal address: P.O Box 1399, Pretoria, 0001
What Does This Notice Cover?
This Privacy Notice explains how we use your personal information: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal information.
What Is Personal information?
Personal information is defined by the Protection of Personal Information Act (“POPIA”), as ‘any information relating to an identifiable living natural or existing juristic person’.
Personal information is, in simpler terms, any information about you that enables you to be identified. Personal information covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
We process personal information by both automated (electronically) and non-automated means (paper based as part of a filing system).
The personal information that we use is set out in Part 5, below.
What Are My Rights?
Under POPIA, you have the right to have your personal information processed according to 8 processing conditions that are summarized as follows:
Condition 1 – Accountability.
We must ensure that the conditions set out in Chapter 3 of the Act and all the associated measures are complied with.
Condition 2 – Personal information must be collected and processed lawfully in a reasonable manner that does not infringe on your rights. Personal information may only be processed if it is adequate, relevant, and not excessive.
Personal information may only be processed if you consent thereto, alternatively where it is necessary to do so for the conclusion or performance of a contract, an obligation in terms of law, to protect your legitimate interest/s, or to pursue our legitimate interest/s.
Personal information must as far as possible be collected directly from you.
Condition 3 requires that personal information must be collected for a specific explicitly defined and lawful purpose related to a function or activity of ours. Such personal information may not be retained any longer than necessary for achieving the purposes for which the information was collected and/or subsequently processed.
Condition 4 prohibits the further processing of your personal information unless such processing is compatible with the initial purpose of collecting the information.
Condition 5 requires us to take reasonable, practicable steps to ensure that your personal information is complete, accurate, and not misleading. Such personal information must also be kept up to date, taking into consideration the purpose of the personal information.
The nature and purpose of your personal information will dictate as to how often such information must be updated.
Condition 6 requires that we must, as far as it is practicable, inform you before your personal information is collected and the purpose of collecting and from where your personal information will be collected.
You are entitled to our details and must be made aware of the consequences of not disclosing personal information to us where it is required for a specific purpose.
You must also be made aware if your personal information is collected and processed as a requirement established in law.
As per Section 72 of the Act, you will be advised if your personal information will be transferred across the borders of South Africa.
Condition 7 requires that we must secure the integrity and confidentiality of your personal information by taking appropriate reasonable, technical, and organisational measures, to prevent the loss thereof or unlawful access thereto.
Condition 8 You have the right to establish whether your personal information is held by us and to have it corrected or destroyed if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or have been obtained unlawfully.
You further have the following rights, which we will always work to uphold:
The right to be informed about our or collection and use of your personal information. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
The right to access the personal information we hold about you. Part 10 will tell you how to do this.
The right to have your personal information rectified if any of your personal information held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
The right to be forgotten, in example the right to ask us to delete or otherwise dispose of any of your personal information that we hold. Please contact us using the details in Part 11 to find out more.
The right to restrict (i.e. prevent) the processing of your personal information.
The right to object to us using your personal information for a particular purpose or purposes.
The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal information, you are free to withdraw that consent at any time.
The right to not have your personal information processed for the purposes of direct marketing by means of electronic communication without your consent.
Rights relating to automated decision-making and profiling. We do not use your personal information in this way.
For more information about our use of your personal information or exercising your rights as outlined above, please contact us using the details provided in Part 11.
It is important that your personal information is kept accurate and up to date. If any of the personal information we hold about you changes, please keep us informed as long as we have that information.
Further information about your rights can also be obtained from the Information Regulator’s Office at https://www.justice.gov.za/inforeg.
If you have any cause for complaint about our use of your personal information, you have the right to lodge a complaint with the Information Regulator’s Office. We would welcome the opportunity to resolve your concerns ourselves, so please contact us first, using the details in Part 11.
What Personal information Do You Collect and How?
We may if necessary collect and hold some or all of the personal information set out in the table below, using the methods also set out in the table. We do collect ‘special personal information’ where so required by law’ and / or personal information relating to children, younger than 18 years of age, in so far as it relates to the children of our employees and for the purposes of medical insurance.
Special personal information may include information relating to race, ethnical origin, health, biometric information and criminal behaviour of a data subject.
The personal information of children may include the name, surname and date of birth or identity number of the child.
How Do You Use My Personal information?
Under POPIA, we must always have a lawful basis for using personal information. We may use your personal information for one or all of the following purposes:
• The administration of our business.
• Supplying our products and / or services to you.
• Managing payments for our products and / or services.
• Communicating with you.
• Supplying you with information by electronic communication if you have agreed thereto (you may opt-out at any time by using the details in Part 11)
• With your permission we may also use your personal information for marketing purposes, which may include contacting you by email and / or telephone and / or text message with information, news, and offers on our products and / or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under POPIA, and you will always have the opportunity to opt-out.
• We do not use automated decision making or profiling methods.
We will only use your personal information for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal information for that purpose. If we do use your personal information in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 11.
If we need to use your personal information for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so or obtain permission from you to do so.
In some circumstances, where permitted or required by law, we may process your personal information without your knowledge or consent. This will only be done within the bounds of POPIA and your legal rights.
How Long Will You Keep My Personal information?
We will not keep your personal information for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal information will therefore be kept for:
• as long as it serves the purpose it was collected and intended for,
• such periods as prescribed in any legislation applicable to our business,
• any period agreed to in a contract,
• the purposes of fulfilment of a contract, or
• any period you may have agreed to.
How and Where Do You Store or Transfer My Personal information?
We will endeavour to store your personal information in South Africa. This means that it will be fully protected under POPIA.
We may however transfer your personal information across the borders of South Africa for the purposes of storage, performance of a contract, an obligation in terms of international law or for internal purposes. These are referred to as “third countries”. We will take additional steps in order to ensure that your personal information is treated just as safely and securely as it would be within South Africa and under POPIA as follows:
We will only store or transfer personal information in or to countries that are deemed to provide an adequate level of protection for personal information.
The security of your personal information is essential to us, and to protect your information, we take a number of important measures, including the following:
• Limiting access to your personal information to those employees, agents, contractors, and other third parties with a legitimate need to know and, where applicable, ensuring that they are subject to duties of confidentiality.
• Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal information) including notifying you and the Information Regulator’s Office where we are legally required to do so.
• We have identified all reasonable and foreseeable internal and external risks and introduced safeguards to mitigate such risks.
• Continuous maintenance and updating of such safeguards to secure your personal information.
Do You Share My Personal information?
We will not share any of your personal information with any third parties for any purposes, subject to the following exception/s.
• For the purposes of inter alia fulfilment of an application, contract, rendering of a service or goods.
• If we sell, transfer, or merge parts of our business or assets, your personal information may be transferred to a third party. Any new owner of our business may continue to use your personal information in the same way(s) that we have used it, as specified in this Privacy Notice.
• In some limited circumstances, we may be legally required to share certain personal information, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If any of your personal information is shared with a third party, as described above, we will take reasonable steps to ensure that your personal information is handled safely, securely, and in accordance with your rights.
We may make use of third-party service providers to process personal information on our behalf. To protect such personal information, we will enter into a formal written agreement with the service provider. In terms of such agreement the service provider will be required to process personal information in accordance with conditions as prescribed by us, including measures to protect the security and integrity for such personal information.
How Can I Access My Personal information?
If you want to know what personal information we have about you, you can ask us for details of that personal information and for a copy of it (where any such personal information is held). This is known as a Subject Access Request (“SAR”).
All SARs should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use (SAR Form 1). You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There may be a fee charged for a Subject Access Request, especially if your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your data subject access request within one month. Normally, we aim to provide a complete response, including a copy of your personal information within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How Do I Contact You?
To contact us about anything to do with your personal information and the protection of your personal information, including to make a data subject access request, please use the following details (for the attention of The Information Officer):
Email address: email@example.com
Telephone number: 012 321 7000
Postal Address: P.O Box 1399, Pretoria, 0001
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal information protection.
Any changes will be made available on our company website.