POPI COMPLIANCE AND PRIVACY NOTICE1. INTRODUCTION
The right to privacy is an integral human right recognised and protected in the South African Constitution and the Protection of Personal Information Act 4 of 2013 (“POPIA”).
POPIA aims to promote the protection of privacy by providing guiding principles that are intended to be applied to the processing of personal information in a context-sensitive manner.
Through the provision of quality goods and services, the organisation is necessarily involved in the collection, use and disclosure of certain aspects of the personal information of clients, customers, employees and other stakeholders.
A person’s right to privacy entails having control over his or her personal information and being able to conduct his or her affairs relatively free from unwanted intrusions.
The aim of this compliance and privacy notice is to demonstrate our commitment to safeguarding your personal information and to notify you how and why we collect information from you, the way we use your information and how we share or disclose your information, as required in terms of the Protection of Personal Information Act (“POPI Act”).
This POPI Compliance and Privacy Notice shall apply to any website, application forms, document, terms and conditions, products or services which may reference POPI Compliance and Privacy Notice.
This Notice provides you with the following information:
● Our commitment to compliance;
● A Summary of the compliance measures implemented;
● A notification on the collection of personal information and how we use the information;
● Your rights as a data subject;
● How to contact us in relation to this notice.2. COMMITMENT TO COMPLIANCE WITH POPI
Given the importance of privacy, Jebo Connect is committed to effectively managing personal information in accordance with POPIA’s provisions. To meet the requirements of POPI, Jebo Connect has drafted a POPI Risk Framework which includes:
● Development and implementation of Information processing plan and procedures, including the safeguards of personal information required under POPI
● Development and implementation of a compliance monitoring plan
● Appointment of Information Officer
● Delegation of duties to staff and training on their duties
● Development of disclosures and client POPI engagement processes
● Documentation of relationships with third parties on the sharing of personal information and/or service agreements for the outsourcing of certain POPI obligations3. INFORMATION OFFICER
Jebo Connect has appointed Pierre van Wyk as its Information Officer. All correspondence to the Information Officer may be submitted via e-mail to: email@example.com. PRIVACY STATEMENT
Jebo Connect is committed to processing personal information in accordance with the below principles when collecting, recording, storing, disseminating, and destroying personal information, and responding to government requests for our users' data:
I. In our capacity as the responsible party, we shall inform you that we shall be processing personal information, the purpose or reasons for the collection of personal information and we shall endeavour to obtain information directly from you upon your consent or if we can demonstrate a justifiable reason for collecting personal information;
II. We shall process information for a specific, lawful reason and only adequate, relevant information which is limited to the purposes for which they are processed and which relates to the functions or the activity for which it is intended;
III. We shall delete or otherwise de-identify your personal information after the minimum storage periods required under our risk and statutory record keeping periods have expired.
IV. We shall take reasonable steps to ensure personal information obtained from our data subjects or third parties is complete, accurate, not misleading and updated where necessary.
V. We take measures to ensure data is kept safe and prevent loss of, damage to, or unauthorised destruction of personal information, and unlawful access to or processing of personal information.
VI. We undertake to review and update our security measures in accordance with future legislation and technological advances.
VII. Jebo Connect is obligated to inform the Information Regulator and the affected data subject if there is a breach of personal information. We shall aim to assist in minimising any losses that may result from such a breach in security.
VIII. We shall not contact/solicit you unless you have given us your consent to do so;
IX. We shall implement the necessary measures that will give effect to your rights as a data subject as provided in terms of POPIA. 5. COLLECTION AND PROCESSING NOTIFICATION
Jebo Connect collects personal information directly from our data subjects where possible In addition to the aforementioned, we shall, subject to your consent, or to execute our service agreement with you, obtain further information required from third parties and other sources where necessary.
During the course of our typical service delivery, we process personal information as follows:Information being collected:
The type of personal information we collect depends on the purpose and reason for which it is processed and relates to the activity for which it is intended. This will differ if you are a customer, supplier or employee.
Personal information is information that identifies a person, examples of personal information we collect are; your name, ID number, date of birth; contact details; information surrounding your personal circumstances such as your race, gender, nationality, marital status, medical, financial (such as banking details and credit card data), criminal and employment history. Juristic persons may be identified by their registered or trade name, registration numbers and business addresses. We may further collect information such as tax numbers, VAT numbers, PAYE numbers and bank account details.
Special personal information refers to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject as well as criminal behaviour.
Jebo Connect does not collect and process special personal information unless it is a requirement by law to process such information as part of our service delivery. In this case, we shall obtain consent from you before collection thereof. We do not knowingly collect personal information from children (under 18 years of age) without the permission of their parent/s or guardian.Source of information:
We collect personal information directly from you as the Data Subject. We collect your personal information in several ways which may include:
● Submission of information through our website;
● Correspondence through email or mobile applications;
● Completion of paper-based information sheets;
● Phone Calls in which content is submitted or entered into a record;
● Social Media Platforms.Purpose of processing information:
The personal information and special personal information processed during the data subject engagement process is used to render services to the data subject directly related to the service agreement in place between the parties
Jebo Connect shall collect personal information for a specific, explicitly defined and lawful purpose that relates to the function or the activity of our organisation for which it was intended.
The information collected by Jebo Connect may be used, transferred, stored, disseminated, shared or processed for the following purposes:
● To respond to customer enquiries;
● General communication with clients;
● Prepare customer quotations and service level agreements;
● To provide you with our data and network/ internet services;
● Maintain our relationship with the customers;
● Meet our contractual obligations with you, our customer;
● Respond to customer complaints or service related queries;
● For installation and maintenance;
● To record and monitor correspondence and electronic communication to ensure that customer requests and instructions are executed;
● To recommend solutions that will enhance your services experience;
● Customer may be checked for credit-worthiness;
● Issue invoices;
● Monitoring and interception of private communication shall be strictly done according to the provisions of legislation and acceptable use policy.
Service providers & suppliers:
● Obtain quotes and services proposal for the delivery of services or provisions of goods;
● For processing payments of invoices;
● Liaising with the service provider or suppliers on the services to be rendered in terms of the agreement with the service provider or supplier
Applicants for employment:
● To determine whether the application is suitable for the position applied;
● Credit and criminal check(subject to consent);
● Contacting previous employers to obtain references concerning the job seekers employment history and performance
● To maintain the employer and employee relationship;
● Comply with obligations imposed on the employer in terms of the South African conditions of employment legislation framework;
● Administration of employee benefits;
● Administration and submission of statutory submission and payments such as tax, UIF etc;
● Payment of salaries;
● Resolving labour disputes.
● To detect and prevent fraud, crime and money laundering and other forms of malpractice;
● To protect and enforce rights and remedies in terms of legislation, governing law and codes of conduct;
● For purposes of research, analytical and statistical purposes;
● For the collection of debt, recovering unpaid monies;
● To comply with legal obligations.Voluntary/Mandatory provision of information:
The Data subject is required to provide the information on a voluntary basis and understand that certain information is mandatory for the purpose of administration of the Responsible party-Data subject relationship.Consequences of failure to provide information:
Failure to provide the information will result in the Responsible party's failure to comply with the requirements in terms of the service agreement and legislative requirements.The requirement to process in terms of legislation:
The Responsible party may be required to collect personal information in terms of the following legislation:
● Compliance with regulatory and legislative requirements such as BCEA, RICA etc;
● Compliance with reporting requirements;
● Record-keeping requirements;
● Prevention of money laundering, terrorist financing, fraud, corruption, tax evasions and other crimes.Consequences of failure to provide information:
Failure to provide the information will result in the Responsible party's failure to comply with the requirements in terms of the service agreement and legislative requirements.Cross border transfer:
Where necessary information may be shared with organisations outside South Africa for legitimate purposes who subscribe to similar personal information protection laws.
Personal information may be sent to service providers outside of South Africa for storage or processing on behalf of Jebo Connect.
Information shall not be shared with countries that do not subscribe to personal information protection laws unless the Responsible party has entered into an agreement in terms of which the third party subscribes to the obligations for lawful processing of personal information.Recipients of personal information:
Jebo Connect and its employees may disclose personal information: to other services providers involved in the rendering of services or the provision of products to the clients; to services providers, it is engaged with such as accountants, compliance officers, administration etc.; if Jebo Connect has a duty or a right to disclose the same in terms of law or certain industry codes; or if it is necessary to protect Jebo Connect’s legal rights and interests.
Access to client data from within our organisation is limited to essential staff or specialist contractors that are required to access our systems for client service or maintenance purposes, who are bound by the requirements of the legislation and are required to maintain safety and security measures.Nature and category of information:
The Responsible party processes personal information, special personal information and information of the Data subject’s dependants according to the lawful conditions for processing of personal information.6. COOKIES
In terms of POPI, data subjects have the right to:
▪ Request what personal information the organisation holds about them and why.
▪ Request access to their personal information.
▪ Be informed on how to keep their personal information up to date.
Access to information requests can be made by email, addressed to the Information Officer. The Information Officer will provide the data subject with a “Personal Information Request Form”.
Once the completed form has been received, the Information Officer will verify the identity of the data subject before handing over any personal information. All requests will be processed and considered against the organisation’s PAIA Policy.
The Information Officer will process all requests within a reasonable time.8. POPI COMPLAINTS AND OBJECTIONS PROCEDURE
A data subject has a right to object to the use of personal information, however in certain instances failure to provide us with personal information may result in the inability to deliver said services or products to our data subjects, or our data subjects shall receive limited services or have a limited engagement with us.
Data subjects further have the right to complain in instances where any of their rights under POPIA have been infringed upon. The organisation takes all complaints very seriously and will address all POPI related complaints in accordance with the following procedure:
▪ POPI complaints and objections must be submitted to the organisation in writing. Where so required, the Information Officer will provide the data subject with the prescribed form.
▪ The Information Officer will provide the complainant/objector with a written acknowledgement of receipt of the complaint.
▪ The Information Officer will carefully consider the complaint or objection and amicably address the complainant’s concerns. In considering the application, the Information Officer will endeavour to resolve the matter in a fair manner and in accordance with the principles outlined in POPIA.
▪ Where the data subject is not satisfied with the Information Officer’s suggested remedies, the data subject has the right to complain to the Information Regulator.
The Information regulator’s contact details are as follows:
Complaints email: complaints.IR@justice.gov.za
General enquiries email: firstname.lastname@example.org
This notice was last revised on 03/08/2022. Any material changes hereto will be published on our website or distributed to clients in writing. Your continued use of our services following the update means that you accept the updated notice.