Protection of Personal Information Act (POPIA)
WJ Holdings (Pty) Ltd is committed to compliance with, and adheres to, The Protection of Personal
Information Act (POPIA) South Africa and confirm that we comply with this legislation. The POPI Act requires us to:
- Sufficiently inform clients and employees of the purpose for which we will process their personal information.
- Protect our Information assets from threats, whether internal or external, deliberate orvaccidental, to ensure business continuation, minimise business damage and maximise business opportunities.
We guarantee our commitment to protecting the privacy of our clients, employees, suppliers, and
other stakeholders, and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
THE OBJECT OF THE PROTECTION OF PERSONAL INFORMATION POLICY
This Protection of Personal Information Policy seeks to ensure that we:
- comply with legal standards and best practice for the receipt, importing, processing, handling, and storing of personal data of individuals (“Data Subjects”), both as received from its clients, and as held in respect of its own employees;
- protect the rights of our employees, as well as that of our clients and third parties in respect of individuals’ data;
- herewith inform how we process individuals’ data; and• protect ourselves from the risks of a data breach.
APPLICATION OF THE PROTECTION OF PERSONAL INFORMATION POLICY
This policy applies to all employees in respect of all personal data accessed in the provision of services by us to our clients, as well as the management of our employment relationships with our own employees.
This policy applies whether personal data relates to a client / supplier / stakeholder or an employee and/or is stored electronically, digitally, on paper, or on other materials, or through other methods. The appointed Information Officer will ensure compliance with the POPI Act on behalf of the Responsible Party.
RESPONSIBILITIES OF THE RESPONSIBLE PARTY
The Responsible Party must ensure that the principles and conditions relating to processing of personal data described in Chapter 3 of the POPI Act are complied with and be able to demonstrate compliance with them as follows:
- Processing to be lawful, fair, and transparent.
- Data collected is accurate and for specific and legitimate purposes.
- Data collected is limited to only what is necessary.
- Data is kept for time periods no longer than is necessary.
- Data is processed in a secure manner.
- Ensure that the necessary consent is obtained, including parental consent for children.
- Data Subject rights to always be upheld and communications to be as per the provisions of the POPI Act.
- Processing to be performed in accordance with the POPI Act provisions.
- Reasonable records of processing activities to be available.
- Ensure that persons only process personal data as prescribed by the Information Officer.
- Breach and incident notifications to be dealt with as per the organisation’s notification policies and procedures.
- Response to breach and incidents to be dealt with as per the organisation’s policy and procedures for dealing with these events.
- Data protection Risk and Impact assessments to be done in line with the data risk and impact assessment procedures.
- An Information Officer is to be appointed as per the requirements of the PAIA and POPI Act.
- Cross border or international transfers of personal data information may only be done as per
the cross border and international transfer guidelines and only if the Data Subjects’ rights
are protected in the receiving country.