OFFICE AUTOMATION POLICY ON PRIVACY OF PERSONAL INFORMATION ACT 4 OF 2013

INTRODUCTION

We are committed to compliance with The Protection of Personal Information (POPI) Act and will always:

·      Sufficiently inform Data Subjects (Customers), of the specific purpose for which we will collect and process their personal information;

·      Protect Personal Information from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimize business damage and maximize business opportunities.

·      This Policy establishes measures, processes, and standards for the protection and lawful processing of personal information.

Our Information Officer is responsible for:

•             The monitoring of this policy
•          Ensuring that this policy is supported by appropriate documentation;
•          Ensuring that this policy and subsequent updates are communicated to relevant managers, representatives, staff, and associates, where applicable.
•          All employees are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.

POLICY PRINCIPLES

Accountability for Data to be collected

·         We shall take reasonable steps to safeguard all Data and Personal Information collected from potential/existing customers etc.

Processing Limitation/Purpose for Data Collection

·         We will only collect personal information directly from customers.

·         Personal Information from Social Networks will not be sought or collected.

·         Once in our possession, we will only process or further process customer information within the context of doing direct business with the customer.

Limitation on Further Processing

·         Personal information may not be further processed in a way that is incompatible with the initial purpose for which it was collected and will only be done with the express consent of the customer.

Information Quality

·         We shall ensure that customer information is complete, up to date, and accurate before we use it. We will request customers to update their information if/when changes occur to said information and confirm that we may continue to store/retain same.

Data Security Safeguards

·         We will implement sufficient measures to guard against the risk of unlawful access, loss, damage, or destruction of personal information that is held:

·         physically

·         in our electronic database

·         on any electronic devices

Physical files are held in a fire-proofed room accessible to only those who use said data on a day to day basis for the running of the business.

Hardware firewalls provide acceptable and reasonable Data protection from outside access. All electronically stored Data is safely controlled via selective, password protected access by responsible staff members. Service providers of IT services to our organization do not hold or access any personal information.

POPIA Policy

·         We are committed to ensuring that information is only used for legitimate purposes with customer consent and only by authorized employees of our company.

Participation of Customers/Complaints

·         Customers are entitled to correct/update any information held by us.

·         Complaints should be submitted in writing to the Information Officer for Resolution.

OPERATIONAL CONSIDERATIONS

Monitoring

·         Management and the Information Officer are responsible for ensuring adherence to our Standard Operating Procedures.

·         All employees and individuals directly associated with business activities will be trained in the regulatory requirements governing the protection of Personal Information.

·         We will conduct periodic reviews and audits, where appropriate, to ensure compliance with this policy and guidelines.

Policy Compliance

·         Breach/es of this policy could result in disciplinary action against the person and possible termination of employment.

ACCEPTABLE CHANNELS OF FORWARDING PERSONAL INFORMATION

Personal information can be dispatched either:

·         Physically – In which case it is to be hand-delivered in a sealed envelope and will require the signature of the relevant recipient.

·         Electronically (emailed) only if this is requested by the customer.

EXAMPLES OF PERSONAL INFORMATION

Includes but not limited to:

·         Identity or passport number

·         Phone numbers

·         Email address

·         Physical and Postal addresses

·         Private correspondence

·         Financial information (banking details for the purpose of conducting ongoing business with the customer)

DIRECT MARKETING

The following provisions will apply with regards to direct marketing campaigns:

·         We may directly market products and services related to our scope of business.

·         Opt-in and Opt-out provisions for customers must be in place.

·         Opt-out opportunities must be provided when marketing is first sent and with each subsequent communication.

DESTRUCTION OF PERSONAL INFORMATION

·         Office Automation will contract with a 3rd party service provider from time to time who will securely destroy all documentation containing personal and customer information as needed.

BREACH OF DATA: PROCEDURE

1

·         Inform Information Officer immediately.

·         Secure personal information on the same day.

2

·         Complete an internal investigation within 48 hours and compile a report.

3

·         Inform Information Regulator as soon as possible.

·         Inform Data Subject and Customer where applicable.

4

·         Take corrective action to strengthen protocols and prevent future breaches.