(Issued in accordance with Section 5(a) and 18 of the Protection of Personal Information Act,4 0f 2013 (POPI)
Purpose of this Policy
The purpose of this Policy is to inform Data Subjects about how BunduTec processes their personal information in line with POPIA. We value your privacy and want to be transparent about the personal information we process when interacting with you. In its capacity as Responsible Party and/or Operator, we aim to comply with POPIA requirements and obligation. The current version of this policy will govern the respective rights and obligations between you and BunduTec each time you utilize our services. By utilizing our services, you consent that we may process and disclose your personal information as set out below.
1. About us and how to contact us
Responsible Party: BunduTec Pty Ltd Physical Address: Unit 4 Fairpark Centre, No Name Road, Fairleads Benoni 15-0 Contact Details: Marzanne Rautenbach Van Der Merwe 0638727667 / firstname.lastname@example.org
The following words and expressions in this policy bear the meanings assigned to them:
2.1 Data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal information under the control of BunduTec
2.2 Data Subject – The person whose personal information is processed.
2.3 Employees – any employee of BunduTec
2.4 BunduTec representatives – any employee, associate, contractor, or legal representative contracted by BunduTec and acting on behalf of them.
2.5 Operator – a company who executes certain functions on behalf of the company in terms of a contract or mandate, without coming under direct authority of the company.
2.6 Personal Information – Information relating to an identifiable living natural person and where it is applicable, and identifiable, and existing juristic person including but not limited to:
• Race, sex, gender, sexual orientation, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language, and birth of the person.
• Information relating to education, medical, finance, criminal or employment history.
• Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier.
• Biometric information of a person · Personal opinions, views, or preferences of a person.
• Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would the contents of the original correspondence.
• The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
• Organization Structure and business operations where the Data Subject is a juristic person.
2.8 Processing – any operation or activity or any set of operations, whether or not automatic means, concerning Personal Information, including: · The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, or use · Dissemination by means of transmission, distribution or making available in any other form or · Merging, linking, restriction, degradation, erasure, or destruction of information
2.9 Regulator – Information regulator established in terms of POPIA
2.10 Responsible Party – a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means of Processing Personal Information
2.11 Special personal Information – Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, sexual orientation, genetic information, biometric information, or criminal behaviour.
2.12 Third Party – any independent contractor, consultant, sub-contractor or other representative of BunduTec
3. Processing of information
3.1 BunduTec will collect personal information directly from Data Subjects and /or responsible parties unless an exception is applicable.
3.2 In the event of BunduTec collecting personal information from third parties, it will obtain the consent of the Data Subject, unless an exception is applicable
3.3 BunduTec will always collect personal information in a lawful manner and ensure that it protects the data subject’s privacy.
3.4 BunduTec will only process a Data Subject’s personal information (other than the special personal information) where: · The Data Subject (or a competent person where the Data Subject is a child) consents · Processing is necessary to carry out the actions for conclusion of a contract to which the Data Subject is party · Processing complies with an obligation imposed by law on the responsible party · Processing protects a legitimate interest of the data subject · Processing is necessary for pursuing the legitimate interests of the responsible party or of third party to whom the information is supplied.
3.5 BunduTec will only process a data subject’s personal information for specific and lawful purposes, as well as ensure that its processing is only in relation to the purpose for which it is obtained.
3.6 BunduTec may disclose personal information to third parties and will do so by entering into written agreement with Third Parties to ensure the third-party process personal information in line with the requirements of POPIA and as stipulated in this policy.
4. Storage of personal information
4.1 BunduTec will store personal information in an electronic and/or hard copy format on its own secure on-site servers, other technology via cloud services or technology of third-party providers they are contracted with.
4.2 BunduTec will take all steps appropriate and reasonable to protect data subject’s personal information. The security measures of BunduTec will include physical, technological, and procedural safeguards and will include amongst others:
• Keeping systems secure
• Storing data subject records securely
• Control access to BunduTec’ premises, systems and/or records
• Safely delete or destroying of data
4.3 BunduTec will take reasonable steps to ensure that data is as accurate, complete, and up to date as possible depending on the purpose for which it is collected or processed. The data subject however must ensure that updates or changes in personal information is communicated to BunduTec in writing as soon as reasonably possible after such a change occurred.
4.4 BunduTec will not retain personal information for longer than what it is necessary to obtain the purpose for which it was obtained in the first place unless:
• Longer retention of the information is required by law
• The responsible party requires the record for lawful purposes related to its functions or activities
• A contract between the parties requires the retention of such personal information
• Consent was given by the data subject or competent person where the data subject is a child
• Personal Information is kept for historical, statistical or research if personal information is secured by appropriate safeguards established to prevent use for any other purpose
5. Breaches of personal information (Data breach)
5.1 BunduTec will notify the Regulator the affected responsible party and the data subject as soon as reasonably possible in writing in the event of any data breach in the data applicable to the data subject’s personal information.
6. Access to personal information
6.1 The data subject may request in writing that BunduTec provides him/her/it, upon proof of identity and free of charge with the information related to the data subject and/or a description of the personal information and/or the identity of any third party who may have had access to their personal information.
6.2 Personal information belonging to another data subject can be obtained by following the procedures as set out by PAIA
6.3 A written request submitted to the company or Information Officer of the company via the postal, physical of email address may request:
• That the company provides him/her with the personal information related to the data subject as held by the company
• To update or rectify inaccurate personal information
• Object to processing and further processing or personal information by the company
• Withdraw consent to process and further process personal information where consent was previously given.
• Request the company to delete or destroy personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, misleading or unlawfully obtained.
7.1 A cookie is small text files that is sent from a website to the user’s device, such as a computer, smartphone, or tablet. The purpose of a cookie is to provide a mechanism to store user preferences, actions the user performed whilst browsing and collect anonymous statistics related to the website usage.
BunduTec reserves the right to change this policy from time to time and use reasonable efforts to inform data subjects of such changes.
Signed at Benoni on 11 November 2021
Marzanne Rautenbach Van Der Merwe CEO