Demux (Pty) Ltd Privacy Policy (Public Notice/Statement)
Introduction:
At Demux (Pty) Ltd) (hereinafter the “Company”), we are committed to protecting the privacy of our clients, employees, subcontractors, and appointed third party (Operators) and or service providers. This policy outlines our approach to the collection, use, and protection of personal information in accordance with the Protection of Personal Information (POPI) Act. The policy applies to all our clients, subcontractors, and appointed third party (Operators) and or service providers, and any other relevant parties who interact with the Company.
This Policy is mandated by the introduction and enforcement of the requirements of the following South Africa Regulatory acts:
- a) “Promotion Of Access To Information Acts” and
- b) “Protection Of Personal Information Acts”.
These Acts are more commonly referred to as “PAIA & POPIA”. The reason for the propagation of these acts was to ensure that both Individual (Person) and Juristic Persons (Entities) rights, which are part of The South African Constitution, are upheld. These reference documents and Acts are available to our clients, subcontractors, and appointed third party (Operators) and or service providers, on request of from the internet.
Data Collection:
The Company collects personal information for various purposes, including but not limited to, providing services and support, processing payments, to support ongoing relationships, as well as to communicate and engage with our clients, employees, subcontractors, and appointed third party (Operators) and or service providers.
The Company undertakes that it shall only process information in a manner that is compliant with the regulations and is lawful and reasonable. Furthermore, where specific consent is required for the processing of information, such consent will be obtained.
In line with the regulations, Personal Information will be processed under the following (non exhaustive) set of circumstances:
- for legal compliance
- for the conclusion or performance of a contract
- for the protection of a legitimate interest of the data subject
- for pursuing the legitimate interests of the company
- for a legally authorised third party to whom the information is supplied.
The Definition of Personal Information, as per the POPIA, is as follows:
‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability,
religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment
history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number,
location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original
correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
The Company collects personal information through forms, emails, contracts, web browsers, website cookies, social media platforms, resumés and other means. In some cases, we may obtain personal information from third-party sources, such as credit bureaus.
Data Security:
The Company takes the protection of Personal Information very seriously and will implement appropriate measures to secure the personal information it collects. All personal information shall be stored on secure servers and will only be accessible by authorized personnel for specific, lawful purposes. The Company takes the stance that they do not share personal information with third parties unless it is necessary for the provision of our services or as required by law.
Despite the security measures we have in place to protect your personal information, you acknowledge that even with the Company’s best efforts, your Personal Information may be accessed by an unauthorised third party, e.g. as a result of an illegal activity.
Data Records Schedule:
In accordance with the “Protection of Personal Information Act (POPIA)”, the Company is obligated to maintain a Schedule of records. Public records will be made available by the Information Officer. For queries regarding personal information, please contact the Information Officer who will attend to the request as dictated by the company policies. Note that this is not a limited list as regulatory and business activities are subject to change.
For any enquiries regarding records schedule, please contact the Information Officer.
Data Records Classification:
In accordance with the “Protection of Personal Information Act (POPIA)”, the Company is obligated to classify records into groups. The reason for this grouping is to allow management to control the availability and accessibility of the documents both internally and externally in accordance with the company Data Protection framework.
For any enquiries regarding data records classification, please contact the Information Officer.
Data Retention:
The Company shall only keep personal information for as long as necessary to provide the services or support requested by our clients, employees, subcontractors, and appointed third party (Operators) and or service providers. The Company shall establish conditions for determining when Personal Information is no longer needed and will ensure that it is deleted or destroyed in a secure manner once such conditions are met.
In accordance with the “Protection of Personal Information Act (POPIA)”, the Company is obligated to manage this retention of documentation, based on:
- the different legal requirements which are imposed on the company for document
retention; and
- the requirements imposed on the Company for the execution of contracts, agreements
and/or rules of tender proceedings; and
- internal policies regarding data retention.
For any enquiries regarding data retention, please contact the Information Officer.
Data Sharing:
In some cases, it may be necessary for the Company to share personal information with third parties, in order to provide our services. In these instances, we take steps to ensure that the third party is also compliant with the POPI act and has appropriate security measures in place to protect the personal information. We shall also have agreements in place with these appointed third party (Operators) and or service providers to ensure that the personal information is used only for the purposes for which it was shared.
Data Storage:
Based on the document classification, all information regarding the company, clients, employees, subcontractors, and appointed third party (Operators) service providers may be stored on the Company IT Infrastructure or equipment and/or at appointed third party (Operators) service providers and at their respective locations. The location of the storage of the data will be dependent on the provided IT Equipment and in accordance with the agreed-upon service being provided by the appointed third party (Operators) service providers. Physical documentation and/or items will be access controlled or stored with a third party who specialises in the storage of physical documents and/or items in a secure manner.
Data Processing Conditions:
As a Company, we shall abide by the processing conditions stipulated by the POPIA (Protection of Personal Information Act).
The eight conditions are:
(a) Lawfulness: Personal information may only be processed if it is done so in a lawful manner. (b) Purpose specification: The specific purpose for which personal information is being
processed must be specified.
(c) Further processing limitation: Personal information may only be processed for the purpose specified and cannot be processed for any other purpose.
(d) Minimization: The amount of personal information collected and processed must be limited to what is necessary for the specified purpose.
(e) Accuracy: Personal information must be accurate, complete, and up-to-date.
(f) Transparency: Individuals must be informed of the collection, use, and processing of their personal information.
(g) Security: Appropriate measures must be taken to ensure the security of personal
information, including protection against unauthorized access, loss, theft, or destruction.
(h) Accountability: Those processing personal information must be accountable for ensuring that the above conditions are met and must take responsibility for any breaches of the POPI
Act.
The Company shall ensure that all the conditions above are integrated into any Data Processing or operations to ensure that the Company is compliant with the provisions of the Act.
Data Online:
Our website collects details dependant on how your web browser has been configured. These details are the pages viewed, date and times viewed, the IP address of the computer used and other statistical data. These details will be shared for monitoring, research and analytical purposes.
These ‘cookies’ are very small files that are sent from the website to your browser and then stored on the computer with very specific purpose information. The browser will allow the user to control what details will be sent back to the website. This will also manage the user experience based on the details accepted.
Our website may contain hyperlinks to websites that are not controlled, owned or operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites nor do we assert any association with their owners or operators. The Company does not own or control these third-party websites and is not responsible for their data or privacy practices. The onus remains on the individual to review any privacy statement posted on any site they visit prior to using the site or providing any information to/on such sites.
Impact Assessments:
In line with the regulatory obligations, the Company shall perform an annual Data Processing Impact Assessment in order to evaluate any risks, and to the best of our ability, develop mitigating factors for each risk so identified.
Data Breaches:
In the event of a data breach, the Company shall have established procedures in place to quickly respond and minimize the impact on those affected. This includes reporting the breach to the relevant authorities, notifying Data Subjects, and taking appropriate steps to prevent future breaches.
Reporting:
The Company has an obligation to report any Data Breaches to the regulator as well as to the Data Subjects who are affected. We commit to informing affected parties, as well as the Regulator as soon as a breach is identified, or within a maximum of 30 business days after identifying a Data Breach.
Training:
The company will provide the necessary training on the company policies, procedures relating to the role and responsibilities by the company to ensure POPAI compliance.
Rights of Data Subjects:
It is understood that Data subjects have the right to access, correct, and delete their personal information. They also have the right to know who is processing their personal information and for what purpose. By appointing an Information Officer, the Company will ensure that Data subjects can exercise these rights. For your ease, DEMUX has created a “POPIA Request for Information” form – whereby you can request to have your information either update or deleted. You may also use the form to lodge a POPIA related complaint to our Information Officer. Lastly, this form can also be submitted to DEMUX to request to be removed from any of our communication groups or mailing lists. For security purposes, proof of identification will be required to prove identity, before any information is accessed.
Information Officer:
The Company will appoint an Information Officer who shall act as the interface between the Information Regulator and the Company, as well as Data Subjects and the Company. Furthermore, the Information Officer shall be enabled to appoint deputies who will assist them in the ongoing operational requirements imposed by the POPIA. The Company has created a separate email address for any POPIA related queries or concerns, namely popi@demux.co.za. The Company will develop, implement, and maintain the necessary documents and appropriate procedures for the management of this function.
Information Regulator:
As per both the PAIA and the POPIA, an Information Regulator has been appointed to oversee all issues, queries or concerns related to the implementation and enforcement of the relevant acts.
popiacomplaints@inforegulator.org.za
Company Information Disclaimer:
The applicable regulatory requirements inform this framework. This framework consists of a number of separate policies and procedures that direct and manage the business activities of the Company. The Company will manage their compliance requirements based on these policies and in respect of the assessed risks and liabilities in order to conduct business on a ‘day-to-day’ basis. The contents of this document and the respective supporting policy documents do not provide legal representation or legal advice. They have been developed and provided by the Company to manage compliance requirements within the organisation and with relevant stakeholders.
Governing Law
A visitor or user of this website agrees that any dispute, arbitration or claim arising out of or relating to the use of this Website will be governed by the laws of South Africa, and any legal proceedings shall be conducted in Cape Town.
Reviews:
The Company shall review this policy on an Annual basis.
Conclusion:
At Demux (Pty) Ltd, we are dedicated to protecting the privacy of all the stakeholders we engage with. In line with this dedication, we hereby commit to securing personal information and to comply with the POPIA.