On occasion, Afriplex may also provide limited data to third parties that offer related products and services. These limited data include names, job titles, companies and business addresses, but do not include business phone numbers or business fax. Users may request AFRIPLEX to refrain from disclosing the data it collects to third parties by contacting AFRIPLEX at firstname.lastname@example.org or 021 872 4976 to express their preferences if they determine later that they do not wish to have the information shared.
A data subject is a natural person. Examples of a data subject can be an individual, a customer, a prospect, an employee, a contact person, etc.
Any information relating to an identified / identifiable individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, photo, email address, bank details, posts on social networking sites, medical information, IP address, or a combination of the data that directly or indirectly identifies the person.
Sensitive personal data:
The POPI Act and all other relevant legislation refer to sensitive personal data as “special categories of personal data.” The special categories of data include racial or ethnic origin, political opinions, religious or philosophical views, trade union membership, sexual orientation, and health, genetic and biometric data, where processed to uniquely identify an individual. Personal data relating to criminal convictions and offenses are not included, but similar extra safeguards apply to its processing.
Any organization, person, or body that determines the purposes and means of processing personal data, controls the data and is responsible for it, alone or jointly. Examples, when the data controller is an individual, include general practitioners, pharmacists, and politicians, where these individuals keep personal information about their patients, clients, constituents, etc. Examples of organizations can be data controllers, for profit or not for profit, private or government-owned, large or small, where those organizations keep personal information about their employees, clients, etc.
A data processor processes the data on behalf of the data controller. Examples include payroll companies, accountants, and market research companies.
Accountability is the ability to demonstrate compliance with the POPI Actand all other relevant legislation. The Regulation explicitly states that this is the organization’s responsibility. In order to demonstrate compliance, appropriate technical and organizational measures have to be implemented. Best practice tools such as privacy impact assessments and privacy by design are now legally required in certain circumstances.
Consent is any “freely given, specific, informed and unambiguous” indication of the individual’s wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed for one or more specific purposes. The affirmative action, or a positive opt-in, means that the consent cannot be inferred from silence, pre-ticked boxes, or inactivity. It should also be separate from terms and conditions and have a simple way to withdraw it. Public authorities and employers will need to pay special attention to ensure that consent is freely given.
Processing is any operation performed on personal data (sets), such as creation, collection, storage, view, transport, use, modification, transfer, deletion, etc., whether or not by automated means.
This is the data subject’s right to obtain from the data controller, on request, certain information relating to the processing of his/her personal data.
A third party is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data.
The transfer of personal data to countries outside the EEA or to international organizations is subject to restrictions. As with the Data Protection Directive, data does not need to be physically transported to be transferred. Viewing data hosted in another location would amount to a transfer for POPI purposes.
The POPI Act No.4 of 2013:
This means the Protection Of Personal Information Act, 2013 (Act No. 4 of 2013)
The Information Regulator’s Office:
is the authority in South Africa that is set to uphold the information rights in the public’s interest and data for privacy.
means Arno Roux CEO
Compliance Management System:
means a register of all systems or contexts in which personal data is processed by the company.
Data Protection Principles
The Company is committed to processing data in accordance with its responsibilities as outlined in the POPI Act and in accordance with relevant international legislation.
This means that your personal data will be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Types of Personal Data We May Collect
- While you use this website, we may collect your personal information, or you may provide it to us (for example by enquiring or subscribing to our newsletter). For example, your name, email address or telephone number.
- To send you a quote or invoice you, we might collect your publicly available personal information from the Internet. For example, your address or VAT registration number.
- We are required by law to verify the identity of our clients. So we may ask you to provide us with various personal information.
How We Use Your Personal Data
We may use your personal information to:
- respond to your enquires,
- send you a quote for our legal solutions,
- verify your identity,
- provide you with our services,
- improve our service to you by analysing it for trends,
- invite you to attend events we hold,
- send you updates on the latest legal developments, and
- send you marketing material (including electronic communications) relating to other solutions you might be interested in. You can unsubscribe from our newsletter at any time and thereafter we will not market to you.
Disclosure of Personal Information
We are not in the business of selling personal information and therefore we will not disclose your personal information to anyone except as provided in this policy.
- We may for marketing purposes disclose or transfer your personal information to our agencies.
- It may be necessary for us to disclose or transfer your personal information to suppliers, affiliates, partners or agents in order to provide you with our services.
- We will obviously need to disclose your personal information to employees of ours who require it to do their jobs. We make sure they are aware of and take their confidentiality obligations seriously. They are contractually bound to keep all confidential information confidential.
- There may be situations where the law requires us to disclose your personal information. In all other situations, we will not disclose your personal information without notifying you and enabling you to object.
Security of Personal Information
We take all reasonable and appropriate measures to keep your personal information secure. For example, we encrypt our laptops and our phones. However, we cannot guarantee the absolute security of it. We back-up all your personal information on a regular basis.
We will inspect all emails you contact us with via the email addresses that we provide on this website. We do this to check for viruses, and reserve the right to monitor and inspect all material and information transmitted over our system. We may also monitor whether you read emails that we send you.
Access to and Correction of Personal Information
- You have the right to ask for a copy of your personal data and to verify how we are processing it.
- Right to rectification: If you believe we have inaccurate or incomplete information about you, you have the right to ask us to correct or update it.
- Right to be forgotten: In certain circumstances, you have the right to ask us to remove or erase your personal data from our records.
- Right to object: You have the right to object to processing of your personal data. You also have the right not to be subjected to any automated decision making or profiling.
- Right to restriction of processing: You have the right to ask us to restrict processing of your personal data in cases where the data is inaccurate, or the processing of the data is unlawful. This does not restrict Afriplex from processing of your personal data for legal and regulatory requirements.
- Right to withdraw consent: If we process your personal data based on your consent, you can withdraw your consent at any point of time.
- Right to portability: You have the right to ask us to transfer your data to you, or any other third party.
You may access and correct, if necessary, your personal information that we hold by contacting us at email@example.com or on (021) 872 4976
Access to Documents
All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances:
- where disclosure is under compulsion of law;
- where there is a duty to the public to disclose;
- where the interests of the Company require disclosure; and
- where disclosure is made with the express or implied consent of the data subject.
Cookies are alphanumeric identifiers with small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive. Please note, a cookie in no way gives us access to your computer/device and cookies cannot access any other information on your computer/device.