In accordance with the Protection of Personal Information Act 04 of 2013 (“the Act”), insofar as we obtain Personal Information from you, we are committed to protecting and respecting your privacy. The Act applies to all businesses, natural persons and organisations that Process any Personal Information.
This Policy sets out the basis on which your Personal Information will be used, stored and safeguarded.
1.1. Please read the following carefully to understand how we Process your Personal Information. For purposes of this Policy, the term “Personal Information” shall mean information relating to you, including but not limited to:
1.1.1. information relating to race, gender, sex, marital status, national, ethnic or social origin, colour, age, disability, language and birth;
1.1.2. information relating to education, medical, financial, criminal or employment history;
1.1.3. any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment;
1.1.4. correspondence of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; and
1.1.5. your name if it appears with other Personal Information relating to your person or if the disclosure of your name itself would reveal information about you.
1.2. By agreeing to this, you provide us with your express informed consent and agreement that we may process your Personal Information including to collect, receive, record, organise, collate, store, update, change, retrieve, read, use and share your Personal Information in the ways set out in this Policy. When we do one or more of these actions with your Personal Information, we are “Processing” your Personal Information in a reasonable manner, which does not infringe on your privacy.
1.3. We are Processing your information by any operation or activity which includes the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; or merging, linking,
as well as restriction, degradation, erasure or destruction of information.
1.4. By providing your express consent, as stated in clause 1.2 above, you hereby consent to the following:
1.4.1. The party signing this agreement is over the age of 18, should they be below the age of 18, written consent is to be provided;
1.4.2. The Processing is necessary to carry out the operations of the responsible party, whom shall be the Company;
1.4.3. The Processing complies with the obligations imposed by law on the Company;
1.4.4. The Processing protects your legitimate interests; and
1.4.5. The Processing is necessary for pursuing the legitimate interest of the Company or of a third party to whom the information is supplied.
1.5. Once the Personal Information is collected, the Company shall take reasonable steps to ensure that you are aware of the following:
1.5.1. the information being collected and where the information is not collected from the you, the source from which it is collected;
1.5.2. the name and address of the responsible party;
1.5.3. the purpose for which the information is being collected;
1.5.4. whether or not the supply of the information by you is voluntary or mandatory;
1.5.5. the consequences of failure to provide the information;
1.5.6. the fact that, where applicable, the responsible party intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;
1.5.7. any further information such as recipient or category of recipients of the information, nature or category of the information, existence of the right of access to and the right to rectify the information collected and the right to lodge a complaint to the Information Regulator and the contact details of the Information Regulator.
2) Name and objectives of the Company:
The Company is Vision Elevators (Pty) Ltd, that specialises in the Supply, Installation and Maintenance of Elevator and Escalator products.
3) Relevant parties:
3.1. For purposes of the Act, the ‘responsible party’ is Vision Elevators (Pty) Ltd (“the Company”), a private company incorporated under the laws of the Republic of South Africa under registration number: 2006/010380/07, and whose registered address is at 28A Sycamore Crescent, Atlas Gardens, Durbanville, Western Cape, 7550. The responsible party shall determine the purpose of and means for processing Personal
Information for an explicitly defined and lawful purpose. After which, the responsible party will appoint an information officer.
3.2. The information officer of the Company, who is registered with the Information Regulator of South Africa, is a director of the Company, Nicholas Wareing. The information officer is responsible for the following:
3.2.1. the compliance with the conditions for the lawful processing of personal information;
3.2.2. dealing with requests made pursuant to the Act;
3.2.3. working with the Regulator in relation to investigations conducted;
3.2.4. developing a compliance framework, implemented, monitored and maintained;
3.2.5. conduct a personal impact information assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
3.2.6. developing a manual, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000);
3.2.7. developing internal measures together with adequate systems to process requests for information or access thereto, and
3.2.8. conduct internal awareness sessions regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.
4) The information we collect:
We collect and process your Personal Information, mainly to contact you for the purposes of day to day Business Activities and the provision of related services. Personal Information that we may collect includes information necessary for our legitimate business interest relating to our primary functions. This may include (amongst other things) your name and identity number, e-mail and physical addresses, postal address, contact information, ethnic or social origin and age. We will attempt to limit the types of Personal Information we collect to only that to which you consent, and which is necessary for our legitimate business interests. The Personal Information is stored in a structured manner, whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specific criteria.
5) How we use your information:
The Company may use your Personal Information to store, collect and provide services in line with our legitimate business interests.
6) Sharing of your information:
We will use all reasonable endeavours not to disclose any of your Personal Information to third parties, except when we have your permission or for purposes of the Company’s legitimate business interests. You agree that your Personal Information may be shared under the following circumstances:
6.1. to our holding companies, subsidiary companies, agents, advisers, service providers and suppliers, where applicable, which have agreed to be bound by this Policy;
6.2. to our employees, contractors and agents if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as site hosting, development and administration, technical support, financial services such as processing of payments, delivery services and other support services;
6.3. in order to enforce the contract between us;
6.4. in order to protect our rights, property or safety or that of our employees, contractors, agents and any other third party;
6.5. in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
6.6. to governmental agencies, exchanges and other regulatory or self- regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:
6.6.1. comply with the law or with any legal process;
6.6.2. protect and defend the rights, property or safety of affiliates, customers, employees, contractors, agents or third parties;
6.6.3. detect, prevent or deal with actual or alleged fraud, security or technical issues or the abuse, misuse or unauthorised use of Personal Information and/or contravention of this Policy;
6.6.4. protect the rights, property or safety of members of the public (if you provide false or deceptive information about yourself or misrepresent yourself as being someone else, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
6.7. The Company may use and retain your Personal Information to compile profiles for statistical purposes.
The Company requires your permission before disclosing your Personal Information to any third party for any other purpose.
7) Retention and Information Security:
7.1. We retain all Personal Information which we collect from you for a period not longer than is necessary, unless there is a valid technical, legal or business reason for us to delete or destroy it.
7.2. We may keep all retained information for as long as reasonably necessary or until you contact us and ask us to destroy the retained information.
7.3. Notwithstanding paragraph 7.1 above and any other provision of this Policy, we may keep some or all of your Personal Information if and for as long as:
7.3.1. it is required by law, a code of conduct or a contract with you to keep it;
7.3.2. it is required for any lawful purposes related to our functions and activities;
7.3.3. it is required to be kept through agreement between the Parties;
7.3.4. it is reasonably required for evidentiary purposes; or
7.3.5. you consent to us keeping it for a specified period.
7.4. We store your Personal Information on our servers operated by a person (“the Operator”) acting under the authority of the Company who shall not without your permission disclose such information to any third party.
7.5. The Company and the Operator shall in writing ensure that the Operator, Processing Personal Information, establishes and maintains the security measures.
7.6. The Company reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than South Africa.
7.7. If the location that Personal Information is transferred to does not have substantially similar laws, which provide for the protection of Personal Information, we will take reasonably practicable steps to ensure that your Personal Information is adequately protected in that jurisdiction.
7.8. As soon as the Company is no longer authorised to retain the Personal Information, it shall be destroyed or deleted as soon as reasonably possible.
7.9. The Company shall take all the reasonable technical and organisational measures to secure the integrity of retained information against any internal and external risks, using accepted technological standards to –
7.9.1. prevent unauthorised access to or disclosure of your Personal Information; and
7.9.2. protect your Personal Information from misuse, loss, alteration or destruction.
7.10. In particular: we usually use encrypted servers [Please confirm] which are stored on our premises or in other locations where we operate;
7.11. From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.
7.12. We also create a back-up for operational and safety purposes.
7.13. Where there are reasonable grounds to believe that the Personal Information of either party has been accessed by an unauthorised person, we will notify such party in writing and communicated via email of such unauthorised access as well inform the Information Regulator.
7.14. Despite the above measures during the Processing of your Personal Information, we do not guarantee that your Personal Information is 100% secure. Should your information be comprised, we will inform you, as well as the information regulator, as soon as we are aware of the compromise.
8) Your Rights: Access to information:
You have the right to request a copy of your Personal Information held by us. Please contact us at the numbers/addresses provided on our website and specify the information you. We require a copy of your identity
document to confirm your identity before providing any Personal Information.
9) Correction of your information:
Where required by law, the Company shall take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading and up to date. Written notice must be given to us, if you require alteration of your Personal Information. The Company shall take reasonable steps to correct or update the relevant information.
If you contest the accuracy of your Personal Information, we may elect to verify its accuracy and if we do so, we may restrict the Processing of the contested information for a reasonable period while we verify its accuracy.
10) Exclusions in terms of the Act:
Please note that the Act does not apply to the Processing of the following information:
10.1. in the course of a purely personal or household activity;
10.2. that has been deidentified to the extent that it cannot be reidentified again;
10.3. by or on behalf of a public body—
10.3.1. which involves national security, including activities that are aimed at assisting in the identification of the financing of terrorist and related activities, defence or public safety; or
10.3.2. the purpose of which is the prevention, detection, including assistance in the identification of the proceeds of unlawful activities and the combating of money laundering activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures to the extent that
adequate safeguards have been established in legislation for the protection of such personal information;
10.4. by the Cabinet and its committees or the Executive Council of a province;
10.5. relating to the judicial functions of a court referred to in section 166 of the Constitution;
10.6. relating to journalistic, literary or artistic expression to the extent that such an exclusion is necessary to reconcile, as a matter of public interest, the right to privacy with the right to freedom of expression;
10.7. relating to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
10.8. relating to the criminal behavior of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence; or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
11) Nonadherence to the Act:
Failure to adhere to the provisions of the Act may result in fines or penalties.
12) How to contact us:
If you have questions about this Policy, please contact Lynne Wareing at – firstname.lastname@example.org