South Africa’s POPI Act (Protection Of Personal Information Act, 4 of 2013) came into effect on the 1st July 2021.
BEING HUMAN GROUP (PTY) LTD
POPIA POLICY
This document should be read in conjunction with: THE COMPANIES ACT 71, OF 2008 SERIES PART 4: BOARD MEETINGS
TABLE OF CONTENTS
PURPOSE OF THIS POLICY.
THE PERSONAL INFORMATION WE MAY COLLECT.
HOW YOUR PERSONAL INFORMATION IS COLLECTED.
HOW AND WHY, WE PROCESS YOUR PERSONAL INFORMATION.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH.
DATA SECURITY.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT.
INTERNATIONAL TRANSFER OF PERSONAL INFORMATION.
YOUR RIGHTS.
HOW TO CONTACT US.
CHANGES TO THIS PRIVACY POLICY.
SIGN OFF.
ANNEXURE A: TYPES OF INFORMATION WE COLLECT AND WHY WE USE IT.
DEFINITIONS:
Some of the key terms that we use in this policy are defined below:
“Company ” means BEING HUMAN GROUP (PTY) LTD
“we”, “us” or “our” means the Company.
“personal information” means personal information as defined in the Protection of Personal Information Act 4 of 2013;
“POPIA” means the Protection of Personal Information Act 4 of 2013, as amended from time to time;
“processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other form; or
merging, linking, as well as restriction, degradation, erasure, or destruction of information.
PURPOSE OF THIS POLICY
1.1 Protecting your privacy is especially important to us.
1.2 BEING HUMAN GROUP (PTY) LTD is committed to complying with the Protection of Personal Information Act 4 of 2013 in relation to the processing of your personal information.
1.3 The purpose of this policy is to describe how and why we collect, store, use, share or otherwise process your personal information. It also explains your rights in relation to your personal information and how to contact us if you have a question or complaint.
1.4 Please note that we may update this policy from time to time. The latest version of this policy is available on request.
THE PERSONAL INFORMATION WE MAY COLLECT
2.1 We may collect and process the following personal information about you:
(a) Your name and contact information, including your email address, telephone number, physical address, postal address and other location information.
(b) Your date of birth, age, gender, race, nationality, title and language preferences;
(c) Your identity number, passport number and photograph;
(d) Your vehicle registration number, vehicle licence and driving licence;
(e) Your biometric information, including but not limited to, if applicable, that information obtained from your fingerprints, hands, facial recognition and/or retinal scanning;
(f) Your verified banking details;
(g) Your employment details;
(h) Correspondence from you of a private or confidential nature;
(i) Such other personal information as is reasonably required by us to engage with you and/or provide services to you.
(j) Information relating to your financial affairs, or any information relating to your financial affairs.
HOW YOUR PERSONAL INFORMATION IS COLLECTED
3.1 We may collect or obtain personal information about you:
(a) directly from you;
(b) during the course of our interactions with you;
(c) when you visit the Office;
(d) when you visit and/or interact with our website or any other social media platforms or IT services;
(e) from publicly available sources; and
(f) from a third party who is authorised to share that information;
HOW AND WHY, WE PROCESS YOUR PERSONAL INFORMATION
4.1 The personal information we may collect and why and how we use it depends on our relationship with you.
4.2 POPIA requires that personal information “is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.”
4.3 Further, POPIA provides that personal information may only be processed if:
(a) the data subject or a competent person where the data subject is a child consents to the processing;
(b) processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
(c) processing complies with an obligation imposed by law on the responsible party;
(d) processing protects a legitimate interest of the data subject;
(e) processing is necessary for the proper performance of a public law duty by a public body; or
(f) processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
4.4 The table at Annexure A hereto sets out a list of the types of information we collect and explains why we collect and use it.
4.5 We may collect other personal information from time to time where you provide it to us, as necessary for our business requirements, or in order to comply with applicable laws.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
5.1 Depending on the circumstances, we may disclose your personal information to the following categories of persons:
(a) Third parties who help us deliver our services.
(b) Information Technology and other service providers who help us run the Company or otherwise manage or store the personal information;
(c) Government and law enforcement authorities;
(d) Financial institutions;
(e) Other third parties where disclosure is required by law or otherwise required for us to perform our obligations and provide our services; and
(f) To any other person with your consent to the disclosure.
5.2 We take reasonable steps to protect the confidentiality and security of your personal information when it is disclosed to a third party and seek to ensure the third-party deals with your information in accordance with our instructions, applicable privacy laws, and only for the purpose for which it is disclosed.
DATA SECURITY
6.1 We may hold your personal information in electronic or in hard copy form. We may keep this information at our own premises or on a cloud-based server.
6.2 We are committed to keeping your personal information safe.
6.3 We use a range of physical, electronic, and procedural safeguards to do this. We update these safeguards from time to time in order to address new and emerging security threats. We also train our people on privacy matters as appropriate and seek to limit access to personal information to those of our people who need to know that information.
6.4 We implement appropriate security measures to protect your personal information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
6.5 Where there are reasonable grounds to believe that your personal information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
7.1 We retain personal information we collect from you for a minimum of 5 years or longer if we have an ongoing legitimate business need to do so (for example, to provide you with a service) or to comply with applicable legal, tax or accounting requirements.
7.2 We shall only retain and store your personal information for the period for which the information is required to serve the purpose for its collection or legitimate interest or the period required to comply with applicable legal requirements, whichever is longer.
7.3 In terms of the provisions of the Companies Act 71, of 2008.
INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
8.1 In some cases, the third parties to whom we may disclose your personal information may be located outside your country of residence (for example, in a cloud service, system, server or service provider), and may be subject to different privacy regimes.
8.2 When we disclose personal information overseas, we will take appropriate safeguards to protect your personal information to ensure that the recipient will handle the information in a manner consistent with this policy and the level of protection provided for in POPIA.
YOUR RIGHTS
9.1 You have the right to:
(a) ask what personal information we hold and keep about you;
(b) request access to the personal information that we hold and keep about you;
(c) ask us to update, correct or delete any out-of-date or incorrect personal information we hold and keep about you;
(d) object to the processing of your personal information.
9.2 If you wish to exercise any of these rights or have any queries regarding the personal information we hold or keep about you, you can contact us at the details provided below.
9.3 To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, including steps to verify your identity.
9.4 If you want us to delete all personal information we hold or keep about you, we may need to terminate our agreements with you. We can refuse to delete or discard your information if we are required by law to retain it or if we need it to protect our rights.
HOW TO CONTACT US
10.1 If you have a question, concern, or complaint regarding how we handle your personal information or if you believe that we have failed to comply with this policy or breached any applicable laws in relation to the management of that information, you can make a complaint.
10.2 Any question, concern or complaint should be made in writing to: info@bhgroup.africa
10.3 If you wish to request to access your personal information in terms of Section 23 of POPIA, please follow the procedure described in Section C (2) of PAIA.
CHANGES TO THIS PRIVACY POLICY
11.1 This Policy was published on 1st of August 2022.
11.2 We may change this privacy notice from time to time—when we do, we will inform you via email.
ANNEXURE A
INFORMATION WE COLLECT:
Addresses, proof of banking details, banking records, accounting records (personal and business), other pertinent details required for our line of work, employee records, secretarial records (company documents, details of shareholders, share registers, director information), transaction records (invoices, statements, quotes, contracts, agreements, orders etc.), passwords for client documents, contact numbers and email addresses.
WHAT WE USE IT FOR:
- Selling of development assessments
- Education through courses and workshops
- Coaching individuals and teams
- Team interventions