POPI ACT

POLICY STATEMENT

In terms of the Protection of Personal Information Act (POPIA), the Promotion of Access to
Information Act (PAIA) and the Constitution of the Republic of South Africa, the VKDB Group undertakes to protect the right to privacy and to process personal information in line with all applicable data protection legislation.
The VKDB Group acknowledges the rights of data subjects and the 8 conditions for the lawful processing of personal information, found in section 4 and 5 of POPIA respectively, and commits to take all reasonable steps to uphold these rights and implement procedures to ensure that information is processed lawfully at all times.

INFORMATION OFFICER

Name Jan Alexander Thomson
Contact No Address: 021 880 2991 | 21 Electron Street Technopark Stellenbosch

DEFINITIONS

  • Data subject – person to whom the personal information relates:

  • Information officer – the party responsible for ensuring that the VKDB Group complies with the conditions

    of POPIA.

  • Personal information – information relating to a person including, but not limited to, an ID number, email

    address, physical address, telephone number, bank details and private correspondence sent by that person.

  • Processing – activities concerning personal information which include, but are not limited to, the collection,

    collation, retrieval, erasure, destruction and dissemination of personal information.

  • Responsible party – a party who processes personal information: the VKDB Group

  • Record – recorded information regardless of form or medium, in the possession of a responsible party.

    UNDERTAKING

    We undertake to follow the POPI ACT at all relevant times and to process personal information lawfully and reasonably, so as not to infringe on the privacy of our clients.

    The eight conditions for lawful processing of personal information:

  • Accountability: VKDB Group must be accountable for the personal information it processes or holds in its possession.

  • Processing limitation: Personal information must be processed in a lawful and reasonable manner. The purpose for processing the information must be lawful, adequate, relevant and not excessive.

  • Purpose specification: The purpose for processing personal information must be specific, explicitly defined and lawful.

  • Further processing limitation: The reason for processing personal information further must be compatible with the original purpose of collection.

  • Information quality: We are required to take practicable steps to ensure that the personal information we process is complete, accurate, not misleading and updated.

  • Openness: Personal information must be processed in a way that allows the data subject to know what is happening to their personal information.

  • Security Safeguards: We must ensure that there are sufficient security safeguards in place to secure the integrity and confidentiality of the personal information in our possession.

  • Data subject participation: Data subjects have a right to access to their personal information and to correct and update their personal information.

    PERSONAL INFORMATION

  • How is personal information collected by VKDB?
    VKDB collects personal information via client correspondence and from the third-party service providers for e.g. Municipalities.

  • What information is collected by the VKDB?
    VKDB collects information relating to clients, including their names, email addresses, contact numbers, identity information and banking information.

  • Why is personal information processed by VKDB?
    The personal information collected is used to, inter alia, communicate with clients. Personal information held by VKDB is used solely for the purpose for which it was originally collected and any further processing is done only if compatible with this original purpose.

  • Does VKDB share personal information with third-parties?
    Information will only be shared with third-parties to achieve the original purpose for which it was collected, and all contracts entered into with service providers will contain an agreement in terms of which the service provider undertakes to comply with POPIA and uphold all privacy procedures implemented by VKDB.
    VKDB undertakes to maintain a record of all personal information that has
    been shared to third parties, and will provide a description of the information shared and the identity of the third-party to whom it was shared at the request of a data subject

  • How is personal information stored by VKDB?
    Hard copy files containing personal information are stored in a locked cabinet to which only the Information Officer, Financial Manager & Office Administrator has access to.

  • Electronic copies of personal information are stored on a password protected cloud
    server which is monitored by a POPIA compliant third-party service provider. Passwords are regularly changed and are not shared with anyone.
    Personal information concerning owners and tenants is retained for a period of 5 (five) years from the date that the data subject ceases to be a client.

  • How is personal information destroyed by VKDB?
    Upon the expiry of the retention period, hard copies of personal information held by VKDB is shredded and disposed of, and electronic copies are removed from the server and deleted from electronic devices. Selected construction documents are retained for reference purposes.
    Any other records of personal information are shredded and disposed of as soon as
    reasonably practicable after VKDB is no longer authorized to retain them.

  • How is personal information maintained by the VKDB?
    VKDB implements and maintains reasonable and commercially acceptable security procedures and practices to prevent the unauthorized access, destruction, use, modification or disclosure of the personal information held. All changes made to personal information must be requested by the data subject through use of the required form and are reviewed by the Information Officer.

    CHANGES TO THIS PRIVACY POLICY

    Amendments to this data protection and privacy policy may be necessary subsequent to a change in data protection legislation or a change in our operations. All changes will be made available at our registered office and on our website.

    BREACH

    If the personal information of a client has been accessed of acquired by an unauthorized person, we will notify the Information Regulator and the client as soon as possible. Notification will be in writing via email.