Privacy Notice
This template is intended to assist you to draft your own Privacy Notice. Netcash does not provide legal advice and it is up to you to ensure that all your legal agreements comply with South African law. We highly recommend that you consult an attorney. Netcash will not be responsible for any damage that you suffer or any third party suffers relating to this template.
It is up to you to replace the words in brackets which look like this [insert words here] with the right information. Do not publish this notice without replacing all the [words in brackets].
Please delete this notice once you are finished replacing all the [words in brackets].
Contents
1Organisation Details (‘we’ or ‘us)1
3Deputy Information Officer. 2
6Personal Information we Collect and what we Use it For. 2
7Children’s Personal Information. 4
8Our Newsletter and Marketing. 4
9Third Party Services and Use of Personal Information. 5
11Transferring Personal Information to Third Parties and Overseas. 5
12How to Update, Correct, Delete and Object to our using your Personal Information. 5
15How to Complain to the Information Regulator. 6
16Changes to this Privacy Notice. 6
17Form 1: Request for access to a Record in terms of PAIA.. 7
18Form 2: Objection to processing of personal information in terms of POPIA.. 11
19Form 3: Form for the Request to Delete or Correct Personal Information in Terms of POPIA.. 13
[deputy information officers are optional]
This Privacy Notice deals with data protection and the Protection of Personal Information Act (“POPIA”) which comes into force on the 1st July 2021. The aim of POPIA is to protect a person personal information and privacy. This Privacy Notice is designed to set out what we do with the personal information and what the rights of data subjects are.
We have drafted a PAIA manual which can be found here: [URL for PAIA manual]
[This list is an example only and depends on the purposes of processing personal information in your company – adapt as required]
Categories of Data Subjects |
Types of personal information collected |
Special Personal Information |
Purposes for processing personal information |
Recipients or categories of recipients of personal information |
Trans-border information flow |
Natural Person Customers |
Names; contact details; physical and postal addresses; date of birth; ID number; Passport number; Tax related information; nationality; gender; confidential correspondence |
n/a |
Concluding contracts, performing in terms of the contract, marketing to customers, debt recovery, compliance with legislation |
Internal use for customer management Data management company |
Pseudonymised customer personal information quality managed in Israel |
Juristic Person Customers |
Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners. |
n/a |
Concluding contracts, performing in terms of the contract, marketing to customers, debt recovery, compliance with legislation |
Internal use for customer management Data management company |
Pseudonymised customer personal information quality managed in Israel |
Employees |
Gender; Marital Status; Age; Home Language, Education information; Financial Information; Employment History; ID number; Physical and Postal address; contact details; Opinions. |
Ethnicity, Criminal behaviour; Well-being. |
Staff administration Complying with tax laws and other legislation |
Internal use Human resources specialist services (South Africa) |
n/a |
Suppliers Natural person |
Names; contact details; physical and postal addresses; date of birth; ID number; Passport number; Tax related information; nationality; gender; confidential correspondence. |
BBBEE status |
Staff administration Procurement of goods |
Internal use Compliance with laws |
n/a |
Suppliers Juristic persons |
Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners |
BBBEE status |
Staff administration Procurement of goods |
Internal use Compliance with laws |
n/a |
[choose the correct statement]
Our products and services are not designed to appeal to children (under the age of 18). As such, the products and services are not directed at children nor do we knowingly collect or maintain information from children.
[or]
We may collect child personal information from our employees, but then only for the purposes of assisting employees with [name purposes] relating to their dependants.
[or]We collect child personal for our goods and services. This information is collected for the following purposes:
If you are an existing customer then you might receive our marketing material, provided that you can always unsubscribe from receiving this at any time. If you are a new customer we will ask your consent to send you the newsletter.
When you subscribe or sign up to receive our newsletter or marketing material, we will ask you for the information necessary to enable us to process your request and to send you information regarding our products and services. You can unsubscribe from the newsletter or marketing material at any time by clicking on the link at the bottom of the communication.
Each marketing email we send will contain instructions on how to unsubscribe in the event that you do not wish to receive future promotional emails from us. Please allow about [10 business days] for your unsubscribe request to be processed. If you choose to opt-out of receiving promotional email communications from us, we will still send service messages to you. Service messages are sent to our customers to enable them to use our services correctly and are not direct marketing messages.
If you access and/or use any of the other companies’ services or our partner’s services from a link on the website, any information you reveal in connection with such service is submitted to that other company and is not subject to this Privacy Notice. You should consult the privacy notice of the other party with respect to its treatment of any personal information that you provide to them.
We will use the personal information that job seekers submit and will retain the information submitted for the time required by applicable law or in accordance with our standard practice, whichever is longer.
We will not release information submitted by online job seekers to third parties except to appropriate governmental entities and/or our service providers as necessary in connection with recruiting, employment, corporate governance, acquisitions, and legal or regulatory requirements. We require that our service providers keep your personal information confidential as well. In addition, to prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate procedures to safeguard the personal information we collect.
If we get enquiries from third parties about people that we have employed, we will check with them first before we release the personal information.
If we transfer your personal information outside of South Africa as we explained above, we apply the necessary safeguards which include either:
Details of these safeguards may be obtained by contacting us directly.
If you are a data subject you have the right to access personal information, object to the use of your personal information and to request a deletion of correction of your records. You can do this using the forms at the end of this document. Please use:
Please note that we are required to authenticate you (confirm who you are) before we can process your request. The procedures we follow to authenticate you will vary depending on the sensitivity of your request and our internal security procedures.
In the event that our company, or a part of our company, is bought or sold, your personal information may be included in the business assets, provided that this Privacy Notice or a privacy notice substantially similar to this one will continue to apply to your personal information.
We have an existing security policy and continually update our security systems.
We have developed a procedure we follow if we have a security breach (compromise) as defined in section 22 of POPIA. Part of this procedure is that we will let you know about it as soon as possible and let you know what steps you can take to protect yourself. We will also notify the Information Regulator and if appropriate the South African Police Services so that they can take appropriate action. If you become aware of any security breach (or if you think there may have been a security breach) then please let us know as soon as possible by contacting us using the contact details at the beginning of this privacy notice.
Our use of personal information is governed by PAIA and POPIA and the Information Regulator is responsible for making sure that we comply with these laws. Complaints can be lodged with the Information Regulator. These are their details:
We may change this Privacy Notice from time to time by posting a new version here, and the new version will become effective from the date set out in the new Privacy Notice.
REQUEST FOR ACCESS TO RECORD OF PRIVATE BODY
(Section 53 (1) of the Promotion of Access to Information Act, 2000
(Act No. 2 of 2000)) [Regulation 10]
Deputy Privacy & Information Officer: [company information officer]
Deputy I/O Chief Officer:[company deputy information officer]
Physical address: [company address]
Telephone number: [company telephone number]
Email address: [company email address]
B. Particulars of person requesting access to the record -The particulars of the person who requests access to the record must be given below -The address and /or email address in the Republic to which the information is to be sent must be given -Proof of the capacity in which the request is made, if applicable, must be attached.
Full names and surname: _______________________________________________________ Identity number: __________________________________________________________________
Postal address:___________________________________________________________________
Fax number: ______________________________________________________________________
Telephone number: ________________________________________________________________E-mail address: ____________________________________________________________________
C. Capacity in which request is made, when made on behalf of another person:
This section must be completed ONLY if a request for information is made on behalf of another person
Full names and Surname / Company |
|
Identity Number/Registration Number |
D. Particulars of record
Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located; -If the provided space is inadequate, please continue on a separate page and attach it to this form. The Requester must sign all the additional pages
Description of record or relevant part of the record:
_______________________________________________________________________________
_______________________________________________________________________________ _______________________________________________________________________________
Reference number, if available:
______________________________________________________________________________
3. Any further particulars of record:
____________________________________________________________________________________________________________________________________________________________
E. Fees
A request for access to a record, other than a record containing personal information about yourself, will be processed only after a request fee has been paid. You will be notified of the amount required to be paid as the request fee. The fee payable for access to a record depends on the form in which access is required and the reasonable time required to search for and prepare such record. If you qualify for exemption of the payment of any fee, please state the reason for exemption.
Reason for exemption from payment of fees:
F. Form of access to record
If you are prevented by a disability to read, view or listen to the record in the form of access provided for in 1 to 4 hereunder, state your disability and indicate in which form the record is required.
Disability |
|
Form in which record is required |
Mark the appropriate box with an X.
NOTES:
If the record is in written or printed form: | ||
Copy of Record |
| Inspection of Record |
If record consists of visual images | ||
View images Copy of images Transcription of images | ||
If record consists of recorded words or information which can be reproduced in sound: | ||
listen to the soundtrack (audio cassette) |
| transcription of soundtrack* (written or printed document) |
If record is held on computer or in an electronic or machine-readable form: | ||
printed copy of record* | printed copy of information derived from the record* | copy in computer readable form* (memory stick or compact disc) |
*If you requested a copy or transcription of a record (above), do you wish the copy or transcription to be posted to you? Postage is payable | Yes | No |
G. Particulars of right to be exercised or protected
If the provided space is inadequate, please continue on a separate page and attach it to this form. The Requester must sign all the additional pages
Indicate which right is to be exercised or protected:
________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________
________________________________________________________________________
Explain why the record requested is required for the exercise or protection of the aforementioned right:
________________________________________________________________________ ________________________________________________________________________
________________________________________________________________________________________________________________________________________________ ________________________________________________________________________________________________________________________________________________
H. Notice of decision regarding request for access You will be notified in writing whether your request has been approved/ denied. If you wish to be informed in another manner, please specify the manner and provide the necessary particulars to enable compliance with your request
How would you prefer to be informed of the decision regarding your request for access to the record?
__________________________________________________________________ __________________________________________________________________ __________________________________________________________________
Signed atthisday of20
__________________________________
SIGNATURE OF REQUESTER / PERSON ON WHOSE BEHALF THE REQUEST IS
MADE
AFFIDAVIT
I, the undersigned,
………………………………………………………………………………………………………………………… ……………………………..………………………………………………………. do hereby make oath and say:
1.
I am an adult male / female residing at
…………………………………………………………………………………………………………………………
….........................................................................................................
I am the Requester in terms of the Promotion of Access to Information Act, No 2 of 2000.
PART: A (Applicant)
2. The facts herein mentioned are within my personal knowledge, unless indicated to the contrary, and are in all respects true and correct.
3. My Identity/passport number is ………………………………………………………… and I attach hereby a certified copy of my identity/passport document.
4. PART: B (Third Party Permission – if applicable)
5. I also declare that I am aware that
................................................................................…..…………requires information pertaining to cellular number................................................
I hereby give permission to
....................................................................................................... to obtain the required information.
6. I know and understand the contents of this statement I have no objection in taking the prescribed oath
I consider the oath to be binding on my conscience.
……………………………………………………………………………………………………………………….. DEPONENT
I certify that the above statement was taken by me and that the deponent has acknowledged that he/she knows and understands the contents of this statement. The statement was sworn to/affirmed to before me and deponents
Signature/mark/thumb print was placed thereon in my presence at
………………………………… on………………………. at …….h….….
SIGNATURE Commissioner of Oaths
……………………………………………………………………..
Full First Names and Surname
…………………………………………………………………….. ……………………………………………………………………..
………………..…………………………………………………..
Business Address (Street Address)
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS
OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT,
2013 (ACT NO. 4 OF 2013) REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION 2017 [Regulation 3(2)]
Note:
Reference Number….
A |
DETAILS OF DATA SUBJECT |
|||
Name and surname of data subject: |
||||
Residential, postal or business address: |
||||
Code ( |
) |
|||
Contact number(s): |
||||
Fax number: |
||||
E-mail address: |
||||
B |
DETAILS OF RESPONSIBLE PARTY |
|||
Name and surname of responsible party (if the responsible party is anatural): Residential, postal or business address: |
||||
Code ( ) |
||||
Contact number(s): |
||||
Fax number: |
||||
E-mail address: |
||||
Name of public or private body (if theresponsible party is not anatural person): |
||||
Business address: |
||||
Code ( ) |
||||
Contact number(s): |
||||
Fax number: E-mail address: |
||||
C REASONS FOR OBJECTION (Please provide detailed reasons for the objection) |
||||
Signed at.......... this.................day of....................... 20.. .....................
.................................................
Signature of data subject (applicant)
REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2017 [Regulation 3(2)]
Note:
Reference Number Mark the appropriate box with an "x".
Request for:
Reference Number….Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.
Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information.
A | DETAILS OF THE DATA SUBJECT | ||
Surname: | |||
Full names: | |||
Identity number: | |||
Residential, postal or business address: | |||
Code ( ) | |||
Contact number(s): | |||
Fax number: | |||
E-mail address: | |||
B | DETAILS OF RESPONSIBLE PARTY | ||
Name and surname of responsible Party (if the responsible party is a natural person): | |||
Residential, postal or business address: | |||
Code ( ) | |||
Contact number(s): | |||
Fax number: | |||
E-mail address: |
Name of public orprivate body (if theresponsible party is not anatural person): | |
Business address: | |
Code ( ) | |
Contact number(s): | |
Fax number: | |
E-mail address: | |
C | REASONS FOR *CORRECTION OR DELETION OF THE PERSONAL INFORMATION ABOUT THE DATA SUBJECT/*DESTRUCTION OR DELETION OF A RECORD OF PERSONAL INFORMATION ABOUT THE DATA SUBJECT WHICH IS IN POSSESSION OR UNDER THE CONTROL OF THE RESPONSIBLE PARTY. (Please provide detailed reasons for the request) |
* Delete whichever is not applicable
Signed at................this................................ day of........................... 20 ............................................................
Signature of Data subject