PROTECTION OF PERSONAL INFORMATION ACT (POPIA)

Voortrekker Road Corridor Improvement District (VRCID) takes data privacy seriously and we are committed to safeguarding the confidentiality and security of any Personal Information relating to our clients, service providers and other third parties, including prospective employees. A very similar privacy policy is incorporated into the employment terms of all VRCID employees and directors.

 

What is the purpose of this Privacy Policy?

Our Privacy Policy allows you to understand the type of information relating to you which we may collect, what we may do with that information and what steps we take to ensure that this information is appropriately safeguarded. It also outlines your rights in relation to the information that we retain.

By using our services or products and/or providing your Personal Information to us, whether by email, via our website, over the phone or in person, you agree to the Processing outlined in this Privacy Policy and explicitly consent to the collection, use and disclosure of your Personal Information in the manner described in this Privacy Policy, as updated from time to time.

 

What do ‘Personal Information’ and ‘Processing’ mean and what do they include?

 

Personal Information is defined in POPIA as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. It includes but is not limited to— (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Processing is defined in POPIA as any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information. It includes – (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination, by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information.

 

What Personal Information do we collect?

The Personal Information we collect may include:

  • Basic personal details such as the data subject’s name and job title.
  • Contact details such as telephone numbers and postal or email addresses.
  • Financial data such as payment related information or bank account details.
  • Demographic data such as addresses, preferences or interests.
  • Website usage and other technical data such as details of visits to our website or information collected through cookies and other tracking technologies.
  • Information provided to us by or on behalf of our clients or generated by us in the course of providing our services.
  • Identification and other background verification as part of our client onboarding and ongoing monitoring procedures.
  • Information that is provided to us in course of registering for and attending events or meetings, including access and dietary requirements.
  • Information relating to prospective employees such as curricula vitae, your education and employment history, professional and other memberships, references and other information relevant to recruitment.
  • Any other personal data that you may provide.

How do we obtain Personal Information?

Usually, we will collect the information we require directly from you. We may also collect information from publicly available sources (such as LinkedIn and the CIPC) or from third parties (such as credit bureaux or recruitment agencies).

 

Why do we collect Personal Information?

We collect Personal Information primarily to conclude and perform contracts with our clients, service providers and other parties, and to pursue our legitimate business interests, including recruitment. We also collect Personal Information in order to comply with relevant legislation, regulatory requirements and the requirements of other Government agencies.

 

How do we use Personal Information?

We will only use Personal Information where we are permitted to do so by applicable law, including POPIA. The most important legal justifications for our use of Personal Information are:

 

  • Contract performance: if the information is necessary to finalise or perform our contract with the data subject;
  • Legal obligations: if we need to use the information to comply with our legal obligations.
  • Legitimate interests: if we need the information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to the data subject’s data privacy rights. We may use Personal Information to provide you with informative material relating to our services and products, new products and services, events or changes of TBI personnel, in which event you will be afforded the opportunity to ‘opt out’ of further communications.
  • Legal claims: if the information is necessary for us to defend a claim against us or to make or prosecute a claim.
  • Consent: if you have given your voluntary, specific and informed consent to our use of your Personal Information.

 

Who do we share Personal Information with?

We may share your information with the following categories of third parties:

  • Service providers to whom we outsource certain functions such as specialised marketing services, payroll, administration, compliance and IT services.
  • Software providers used to perform our contract.
  • Our banks, auditors, legal and other advisors.

We will ensure that with each of these categories, we have agreements in place to protect the confidentiality and security of the Personal Information we share with them and that this is done in strict adherence to the requirements of POPIA.

We will also share Personal Information with regulators and other government agencies but only to the extent that we are legally required to do so. Where we are requested to provide specific information about you, we will only do so, if permissible, after notifying you of the request.

 

How long do we keep Personal Information?

We retain Personal Information for as long as is necessary to fulfil the purpose for which it was collected and any other related permitted purpose (for example in order to comply with regulatory requirements regarding the retention of information). If Personal Information is used for more than one permitted purpose, we will retain it until the purpose with the longest permitted expires but we will stop using it for the purpose with a shorter period once the relevant period expires. Our retention periods are also based on our business needs and good practice.

 

How do we protect Personal Information?

Please be aware that no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion. We implement a range of commercially reasonable and appropriate technical and procedural measures to help protect Personal Information from unauthorised access, use, disclosure, alteration or destruction in accordance with POPIA requirements.

Personal Information that we collect is stored on our servers and accessed and used subject to our security practices and procedures, which we will ensure are consistent with those generally accepted and applicable in our industry.

 

What rights do you have in relation to your Personal Information?

Under certain circumstances and in accordance with POPIA, you may have the right to require us to:

  • Provide you with further details on the use we make of your Personal Information.
  • Provide you with a copy of Personal Information that we hold about you.
  • Update any inaccuracies in the Personal Information we hold.
  • Delete any Personal Information that we no longer have a lawful reason to use.
  • Where processing is based on consent, withdraw your consent so that we stop that particular processing.
  • Stop any processing that we undertake on the basis of legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data privacy rights.
  • Restrict how we use your Personal Information whilst a complaint is being investigated.

You may also ask us not to process your Personal Information for marketing purposes. We will inform you if we intend to disclose your information to any third party service provider for this purpose. You can exercise your right to prevent such processing at any time by using the relevant unsubscribe facility or by contacting us via email at info@vrcid.co.za.

We are also required to take reasonable steps to ensure that your Personal Information remains accurate. In order to assist us with this, please let us know of any changes to the Personal Information that you have provided to us by contacting us via email at info@vrcid.co.za.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). And some of these rights may be limited (for example the right to withdraw consent) where we are required or permitted by law to continue processing your Personal Information to defend our legal rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights, we will check your entitlement and respond within a month.

If you have any questions about our use of your Personal Information, please contact us via email at info@vrcid.co.za.

 

How do we use cookies?

When you visit our websites. we may send a cookie to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. For details of the cookies employed by us, please see our Cookie Policy, which forms part of this Privacy Policy. We may also analyse website traffic to identify what visitors find most interesting so we can tailor our website accordingly.

We may change the content of the Privacy Policy, our websites and how we use Cookies from time to time in the future. We reserve the right to do so without notice to you. Our updated Privacy Policy will be available on our website and we encourage you to review it in order to stay informed on how we may use your Personal Information.

Please feel free to contact me to discuss any questions or concerns you may have by email by info@vrcid.co.za.

 

If you require any additional information or have any concerns regarding your Personal Information, you can contact the Information Regulator:

Website: https://www.justice.gov.za/inforeg/

Tel: 012 406 4818

Email: inforeg@justice.gov.za

 

Last updated on 30 June 2021