POPI COMPLIANCE STATEMENT
The right to privacy is an integral human right recognised and protected in the South African Constitution and the Protection of Personal Information Act 4 of 2013 (“POPIA”).
POPIA aims to promote the protection of privacy by providing guiding principles that are intended to be applied to the processing of personal information in a context-sensitive manner.
Through the provision of quality goods and services, the organisation is necessarily involved in the collection, use and disclosure of certain aspects of the personal information of clients, customers, employees and other stakeholders.
A person’s right to privacy entails having control over his or her personal information and being able to conduct his or her affairs relatively free from unwanted intrusions.
2. COMMITMENT TO COMPLIANCE WITH POPI
Given the importance of privacy, Pyper Turner is committed to effectively managing personal information in accordance with POPIA’s provisions. To meet the requirements of POPI, Pyper Turner has drafted a POPI Manual which includes:
- Development and implementation of Information processing plan and procedures, including the safeguards of personal information required under POPI
- Development and implementation of a compliance monitoring plan
- Appointment of Information Officer
- Delegation of duties to staff and training on their duties
- Development of disclosures and client POPI engagement processes
- Documentation of relationships with third parties on the sharing of personal information and/or service agreements for the outsourcing of certain POPI obligations
3. INFORMATION OFFICER
Pyper Turner has appointed EJ Turner as its Information Officer. All correspondence to the Information Officer may be submitted via e-mail to: firstname.lastname@example.org
4. PRIVACY STATEMENT
Pyper Turner is committed to processing personal information in accordance with the below principles when collecting, recording, storing, disseminating, and destroying personal information, and responding to government requests for our users’ data:
- We shall not contact/solicit you unless you have given us your consent to do so or unless required as part of an existing relationship with you.
- We shall process your personal information for a specific, lawful reason and only adequate, relevant information which is limited to the purposes for which they are processed and which relates to the functions or the activity of the organisation.
- If you cancel your services with Pyper Turner, we will delete or otherwise de-identify your personal information after the minimum storage periods required under our risk and statutory record-keeping periods have expired.
- We take measures to ensure data is kept safe and prevent loss of, damage to, or unauthorized destruction of personal information, and unlawful access to or processing of personal information.
Pyper Turner collects information directly from you where you provide us with your details. In addition to the aforementioned, we shall, subject to your consent, or to execute our service agreement with you, obtain further information required from third parties and other sources where necessary. Pyper Turner does not collect and process special personal information unless it is a requirement by law to process such information as part of our service delivery, in which case we shall obtain consent from you before collection thereof. We do not knowingly collect personal information from children (under 18 years of age) without the permission of their parent/s or guardian.
Pyper Turner and its employees may disclose personal information: to other services providers involved in the rendering of services or the provision of products to the clients; to services providers, it is in engaged with such as accountants, compliance officers, administration etc.; if Pyper Turner has a duty or a right to disclose same in terms of law or certain industry codes; or if it is necessary to protect Pyper Turner’s legal rights and interests. We undertake to review and update our security measures in accordance with future legislation and technological advances. Access to client data from within our organisation is limited to essential staff or specialist contractors that are required to access our systems for client service or maintenance purposes, who are bound by the requirements of the legislation and are required to maintain safety and security measures. Pyper Turner will not transfer personal information to a third party in a foreign country without ensuring that it complies with the provisions of POPI.
5. REQUEST TO ACCESS PERSONAL INFORMATION PROCEDURE
In terms of POPI, data subjects have the right to:
- Request what personal information the organisation holds about them and why.
- Request access to their personal information.
- Be informed on how to keep their personal information up to date.
Access to information requests can be made by email, addressed to the Information Officer. The Information Officer will provide the data subject with a “Personal Information Request Form”.
Once the completed form has been received, the Information Officer will verify the identity of the data subject before handing over any personal information. All requests will be processed and considered against the organisation’s PAIA Policy.
The Information Officer will process all requests within a reasonable time.
6. POPI COMPLAINTS AND OBJECTIONS PROCEDURE
A client has a right to object to the use of personal information, however in certain instances failure to provide us with personal information may result in the inability to deliver said services or products to you, or you shall receive limited services.
Data subjects have the right to complain in instances where any of their rights under POPIA have been infringed upon. The organisation takes all complaints very seriously and will address all POPI related complaints in accordance with the following procedure:
- POPI complaints must be submitted to the organisation in writing. Where so required, the Information Officer will provide the data subject with a “POPI Complaint Form”.
- The Information Officer will provide the complainant with a written acknowledgement of receipt of the complaint.
- The Information Officer will carefully consider the complaint and amicably address the complainant’s concerns. In considering the complaint, the Information Officer will endeavour to resolve the complaint in a fair manner and accordance with the principles outlined in POPIA.
- Where the data subject is not satisfied with the Information Officer’s suggested remedies, the data subject has the right to complain to the Information Regulator.
The Information regulator’s contact details are as follows:
Complaints email: complaints.IR@justice.gov.za
General enquiries email: email@example.com