Dear Customer,

 

The Protection of Personal Information Act (POPIA) is now in operation and as business,  need to comply. The Protection of Personal Information Act (POPIA) is intended to protect a person’s constitutional rights to privacy (which requires our personal information to be protected); and the needs of business to have access to and to process (work with) a person’s specific personal information to perform the tasks related to the functions of the business.

 

This letter is part of our business’s steps to enforce the POPI Act, by notifying you and giving you better insight into the way we implement POPIA. You can request a copy of our agency's internal POPIA compliance manual. All our staff are bound by confidentiality provisions in their letters of appointment, and we will only pass on your personal information to third parties who need it for the purposes of their work, related to what we do for you. (Courier companies to fulfil our mandate to you, etc.)

 

We undertake to protect your personal information in the prescribed manner, and will always ask your permission, before we obtain your personal information from you. We will only collect your personal information directly from you with your consent, and from public records. This information is collected and stored for a specific purpose only to perform the task you have given us. (This could be, for example, alerting you on new promotions, new product offerings, sharing of wellness information in the line with our business.)

 

We will only share your personal information as is needed and is required by the authorities, and we will only do so, if necessary, to complete tasks at your request.

 

You have the right to access your personal information and to correct any errors in it. You have the right to revoke permission to process your data at any time, but please note that if you exercise this right, it may result in us not being able to perform tasks that you would have mandated us to do.

 

To keep your data safe, we secure and control all our information against unauthorized access in the event of damage, loss or destruction (Physical or electronic). We do everything in our power to prevent personal information from falling into unauthorized hands. Our business premises where records are kept are protected by access control, burglar bars and armed response. All our laptops, telephones and computer network are protected by passwords that we change regularly.

 

Each employee uses his/her own password to access the data. Therefore, we can identify the source of a data breach and deal with and eliminate such violation. If there has been a data breach, we will determine the origin, correct it and prevent the recurrence of such data breach. You will be notified immediately by e-mail or in writing, if it is suspected that access to your personal information has been obtained by an unauthorized person. Sufficient information will be provided to enable you, to take measures, to protect yourselves from possible consequences of such data breach.

 

You have the right to lodge a complaint with the SA Information Regulator if you have complaints regarding the handling of your personal information by any business.

 

The Information Regulator (South Africa)

PO Box 31533
Braamfontein
27 Stiemens Street

Braamfontein 2017

 

The Information Regulator (South Africa) e-mail: complaints.IR@justice.gov.za
We trust that our processing of your personal information will be done in a manner that complies with all applicable laws and that your privacy rights will be protected as required by law.

 

Ntombenhle Khathwane

______________________

CEO