Privacy Policy
Anna-B Jewellery
Compiled by
Vikkie Goodes
Version
1
Effective date
07/12/2021
Signature
KL
Download
Table of Contents
-
Personal Information Collected
-
The Usage of the Personal Information
-
Disclosure of Personal Information
-
Security Safeguards
-
Access and Correction of Personal Information
-
Amendments to this Policy
-
PAIA & POPI Manual Availability
-
Records that cannot be Found
-
The Prescribed Fees
1.Introduction
The Private Body is a private company which provides goods that is required to comply with the Protection of Personal Information Act 4 of 2013 (herein referred to as POPI).
POPI requires the Private Body to inform their Data Subjects as to the way their personal information is used, disclosed, and destroyed.
This POPI Privacy Policy describes the way the Private Body intends to meet its legal obligations and requirements in respect of the lawful processing of personal information as set in POPI.
POPI further requires the Private Body to make the Data Subject (in this case “You”) aware of how your personal information will be processed lawfully. By signing this POPI Privacy Policy and by providing your Personal Information You are acknowledging that You have been made aware of the specific purpose/s for processing your Personal Information. You further agree with the contents contained herein and hereby authorise the Private Body to process your personal information for the specific purpose/s and in the manner as set out herein below. This Policy is subject to change, whenever it is required.
2.The Scope of the Policy
This Policy applies to Data Subjects whose personal information is being processed by the Private Body in accordance with the requirements set out in POPI
3.Definitions
- “Consent” means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
- “Data Subject” means an individual or legal entity to whom the personal information relates. This includes but is not limited to existing and future employees, independent contractors, clients, service providers, sub-contractors, and any other stakeholders also referred to as “You” herein.
- “Information Officer” means the person who is responsible to encourage POPI compliance, within the Private Body by practically implementing the conditions for the lawful processing of personal information and creating the necessary awareness. The information Officer is also responsible to handle requests made by a Data Subject in relation to access to records or the correction, destroying or deletion of his/her/its personal information.
- “Personal information” means information relating to an identifiable, individual, or legal entity as defined by the POPI Act.
- “Private Body” means Anna- B Jewellery with registration number 2016/ 113732/07 with business address Office 4, 35 on Rose, Rose Street, Cape Town 8001.
- “Processing” means any operation or activity or any set of operations, whether by manual or automatic means that relates to the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination, transmission, distribution or making available in any other form or merging, linking as well as restriction, degradation erasure or destruction of personal information.
- “POPI” means the Protection of Personal Information Act 4 of 2021.
4. POPI Conditions
The Private Body is committed to Processing personal information lawfully and to comply with the following conditions as set in POPI:
- Accountability and Openness: The Private Body commits to comply with the requirements as set out in the POPI legislation and it further agrees to be transparent in its approach to adhering to the requirements of POPI. This includes but is not limited to keeping adequate documentation of all processing operations and making Data Subjects (like You) aware of all the details regarding the processing of your personal information.
- Processing limitation and Further processing limitation: The Private Body commits to only processing personal information for the specific purpose for which it was obtained in the first place. No personal information will be further processed, if it is for a purpose that is different from the original purpose of collection, unless You as the Data Subject provided further consent.
- Specific Purpose: The Private Body is required to keep accurate records and undertakes to not keep personal information for a period longer than specified or required. In cases where the specific purpose for the retaining of the personal information has expired or where the retention period has lapsed, the Private Body shall dispose of the personal information at the end of the retention period accordingly.
- Information quality: The Private Body shall ensure that accurate, clear, and relevant records be always kept of the Data subjects and undertakes to implement a procedure where Data Subject may request for their records to be corrected, updated, deleted, or destroyed upon submitting an appropriate request form as set out in the Private Body’s PAIA & POPI manual.
- Security safeguards: The Private Body will provide the necessary security measures to ensure that personal information is kept safe and to minimise the risks of data breaches like for example data loss, destruction, and unauthorised access.
- Data subject participation: The Data Subjects can request access to his/ her personal information records and may also request that their personal information records be corrected or deleted as set out in the POPI Act.
5.Personal Information Collected
The Private Body collects and processes Your personal information in relation to its goods and service offering.The type of personal information will depend on the need for which it is collected and will be processed for that specific purpose only. The Private Body shall inform You as to the personal information required and the information will be deemed optional.Examples of the personal information we collect include, but is not limited to:
- Business name
- Contact details of business
- Physical address for courier purposes
- Tax related information/ Business information + VAT Number
The Private Body also collects and processes your personal information of the Data Subjects for marketing purposes to ensure that its goods and services remain relevant.
The Private Body aims to have agreements in place with all its suppliers, third party service providers and processors to ensure compliance with POPI.
6.The Usage of the Personal Information
Your personal information will only be used for the specific purpose/s for which it was collected and as agreed to by You.
This may include:
- Providing goods
- Confirming, verifying, and updating Data Subject details – only so that the invoice complies with SARS requirements – business name/ address / VAT number
7.Disclosure of Personal Information
The Private Body may share Your personal information with any subsidiary, joint venture company, affiliate, and third-party service provider. The Private Body has agreements in place to ensure compliance with POPI and the protection of Your confidential and personal information.
The Private Body may also disclose Your personal information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary to protect the Private Body’s rights.
8.Security Safeguards
POPI requires that personal information must be adequately protected to prevent the personal information from being lost, destroyed, or illegally accessed by an unauthorised person.
The Private Body will continuously review its security controls and processes to ensure that personal information is secure.
The following procedures are in place to protect the personal information collected:
- The Private Body has appointed an Information Officer who is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI.
- Each new employee will be required to sign an Employment Contract containing relevant Consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.
- Every employee currently employed by the Private Body will be required to sign an addendum to their Employment Contracts containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.
- The Private Body stores archived hard copy personal information for 6 years as per SARS requirements, which is also governed by POPI, access is limited to authorized employees only.
- The Private Body’s suppliers, third party service providers, will be required to sign a Service Level Agreement confirming their commitment to the protection of personal information. This will be monitored and reviewed on a regular basis.
- All electronic files or personal information is securely stored and backed up to prevent unauthorized access by third parties and other data breach threats.
9.Access and Correction of Personal Information
You have the right to access your personal information held by the Private Body. You also have the right to ask that the Private Body update, correct or delete your personal information on reasonable grounds.Once You objected to the processing of your personal information the Private Body may no longer process the said personal information.The Private Body will take all reasonable steps to confirm Your identity before providing details of Your personal information or making changes to Your personal information.
The details of the Private Body’s Information Officer are as follows:
Name:Kathleen Dixon
Telephone:0723087805
Fax number: _______________________
Email: vikkie@annab.co.za
Physical address:309 Palmhof, 24 Union Street, Gardens
Postal address:309 Palmhof, 24 Union Street, Gardens
10.Amendments to this Policy
This Policy will be reviewed and amended, when required or at least once a year. You will be notified of any material changes to this Policy.
11.PAIA & POPI Manual Availability
You can obtain access to the Private Policy’s PAIA & POPI manual at its physical offices, via its website or by requesting a copy from the Information Officer.
12.Records that cannot be Found
If the Private Body searches for a record and it is believed that the record either does not exist or can not be found, the requester will be notified by way of an affidavit. This will include the steps that were taken to attempt to locate the record.
13.The Prescribed Fees
The prescribed fees are available on the Department of Justice and Constitutional Development’s website at www.doj.gov.za under regulations section.