on air now
up next
Jeff Moloi
|
ALGOA FM’s PRIVACY POLICY (Updated on 25 June 2021, in order to accommodate the provisions of the Protection of Personal Information Act, POPI).
1 DEFINITIONS:
1.1 Data subject means the person to whom Personal Information relates
1.2 Personal Information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: 1.2.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; 1.2.2 Information relating to the education or the medical, financial, criminal or employment history of the person; 1.2.3 Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; 1.2.4 The biometric information of the person; 1.2.5 The personal opinions, views or preferences of the person; 1.2.6 Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; 1.2.7 The views or opinions of another individual about the person; and the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person; 1.3 Special Personal Information means the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or the criminal behaviour of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence; or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
1.4 Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including: 1.4.1 The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; 1.4.2 Dissemination by means of transmission, distribution or making available in any other form; or 1.4.3 Merging, linking, as well as restriction, degradation, erasure or destruction of information; 1.5 Responsible party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information 1.6 De-identify means to delete any information that identifies or can be manipulated to identify anyone.
2 PERSONAL INFORMATION COLLECTED
2.1 Personal Information will be processed by the Company in circumstances where the purpose of doing so is: 2.1.1 Adequate, 2.1.2 Relevant and 2.1.3 Not excessive. 2.2 Only information necessary for the purpose will be retained by the Company. 2.3 The Company collects and processes Personal Information pertaining to its operational needs. 2.4 The Company should take all necessary steps to ensure that the Personal Information collected is: 2.4.1 Complete; 2.4.2 Accurate; 2.4.3 Not misleading; and 2.4.4 Updated where necessary. 2.5 The Personal Information collected by the Company must be collected directly from the data subject unless: 2.5.1 The information is publicly available or has deliberately been made public by the data subject; or 2.5.2 The data subject has consented to the collection of the Personal Information from another source; or 2.5.3 Collection of the Personal Information from another source would not prejudice a legitimate interest of the data subject; or 2.5.4 Collection from another source is necessary to comply with an obligation imposed by law; or 2.5.5 Compliance is not reasonably practicable in the circumstances of the particular use. 2.6 The Company processes the Personal Information of the following categories of data subjects: 2.6.1 Current, past and prospective data subjects; 2.6.2 Customers and their employees, representatives, agents, contractors and service providers of such customers; 2.6.3 Suppliers, service providers to and vendors of the Company and employees, representatives, agents, contractors and service providers of such suppliers and service providers; 2.6.4 Directors and officers of the Company; 2.6.5 Shareholders; 2.6.6 Job applicants; 2.6.7 Existing and former employees (including independent contractors, agents, temporary and casual employees) 2.6.8 Visitors to any premises of the Company; and
2.7 The Company should ensure that recordals are in place with all product suppliers and third-party service providers to ensure that a mutual understanding exists with regard to the protection of Personal Information shared with that supplier and/or service provider.
3 THE USAGE OF PERSONAL INFORMATION
3.1 The Company will only process Personal Information if: 3.1.1 The data subject consents; or 3.1.2 Processing is necessary to carry out actions for the conclusion or performance of a contract or agreement to which the data subject is a party; or 3.1.3 Processing complies with an obligation imposed by law on the Company; or 3.1.4 Processing protects a legitimate interest of the data subject; or 3.1.5 Processing is necessary for the proper performance of a public law duty by a public body eg: a duty imposed by the Constitution of South Africa; or 3.1.6 Processing is necessary for pursuing the legitimate interests of the Company or of a third party to whom the information is supplied.
3.2 The Company will only use the Personal Information for the purpose for which it was collected. Examples of this purpose may include, but are not limited to: 3.2.1 Providing services and carrying out the transactions requested; 3.2.2 Confirming, verifying and updating details; 3.2.3 The detection and prevention of fraud, crime, money laundering or other malpractices; 3.2.4 Conducting market or customer satisfaction research and surveys; 3.2.5 For audit and record keeping purposes; 3.2.6 In connection with legal proceedings; 3.2.7 Providing the Company services to data subjects, to render the services requested and to maintain and constantly improve the relationship; 3.2.8 Providing communication in respect of the Company and regulatory matters that may affect data subjects 3.2.9 For operational/disciplinary and related matters in respect of employment relationships; and 3.2.10 In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law. 3.3 The Company will not use and/or process the Personal Information collected further than the purpose for which it was collected, unless: 3.3.1 The supplier/data subject and/or service provider consents; or 3.3.2 The information is available from a public record or has deliberately been made available; or 3.3.3 It is necessary to comply with an obligation imposed by law; or 3.3.4 It is necessary for court proceedings; or 3.3.5 It will prevent or mitigate a serious and imminent threat to the life or health of the date subject; or 3.3.6 The information is used for historical, statistical or research purposes.
3.4 Where the Company intends to the use the Personal Information other than for the purpose for which it was obtained, the Company must first consider the following: 3.4.1 The relationship between the purpose of the intended further use and the purpose for which the information has been collected and in doing so the Company must ensure that the further use of the information corresponds with the purpose set out in the Confirmation Forms; 3.4.2 The nature of the information concerned; 3.4.3 The consequences to the Company of using that Personal Information other than for the purpose for which it was obtained from the data subject; 3.4.4 The manner in which the information has been collected; and 3.4.5 Any contractual rights and obligations between the parties.
4 RETENTION OF RECORDS
4.1 The Company will take steps to ensure that records of Personal Information are not retained for any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless: 4.1.1 Retention of the record is required or authorised by law; 4.1.2 The Company reasonably requires the record for lawful purposes related to its functions or activities; 4.1.3 Retention of the record is required by a contract between the parties thereto; or 4.1.4 The data subject has consented to the retention of the record. 5 NOTIFICATION TO DATA SUBJECT
5.1 The Company must ensure that the data subject is informed of the following: 5.1.1 The information being collected and where the information is not collected from the data subject, the source from which it is collected; 5.1.2 The name and address of the Company, where this is not known to the data subject; 5.1.3 The purpose for which the information is being collected; 5.1.4 Whether or not the supply of the information by that data subject is voluntary or mandatory; 5.1.5 The consequences of failure to provide the information; 5.1.6 Any particular law authorising or requiring the collection of the information; 5.1.7 That the Company intends to transfer the information to a third party or international organisation and the level of protection afforded to the information by that third country or international organisation
6 SAFEGUARDING PERSONAL INFORMATION 6.1 It is a requirement of POPI to adequately protect all Personal Information processed. The Company will continuously review its security controls and processes to ensure that Personal Information is secure. 6.2 The Company’s archived data subject information is stored off site and the Company utilises cloud-based storage as well as filing cabinets where entry is restricted to authorised persons with a key. 6.3 Access to retrieve personal information is limited to authorized Company personnel using confidential login details and is password restricted. 6.4 The Company suppliers, insurers and other third-party service providers will be required to sign a Recordal guaranteeing their commitment to the Protection of Personal Information; this is an ongoing process that will be evaluated by the Information Officer and Deputy Information Officers every six months. 6.5 All electronic files or data are backed up. The IT Department is responsible for Electronic Information Security. 6.6 Where there are reasonable grounds to believe that the Personal Information of a data subject has been accessed or acquired by any unauthorised person, the Company must notify the Information Regulator and the data subject, unless the identity of such data subject cannot be established.
7 ACCESS AND CORRECTION OF PERSONAL INFORMATION
7.1 Data subjects have the right to access the Personal Information the Company holds about them. 7.2 Data subjects may ask the Company to update, correct or delete their Personal Information where it is inaccurate, out of date, incomplete or unlawfully obtained. 7.3 Once a data subject has made the above request, the Company must take steps to correct the information, or delete it, whichever is applicable. 7.4 The Company will then provide the data subject with confirmation in support of the fulfilment of the request. 7.5 A data subject may object to the processing of their personal information where: 7.5.1 Processing protects a legitimate interest of the data subject; or 7.5.2 Processing is necessary for the proper performance of a public law duty by a public body eg: a duty imposed by the Constitution of South Africa; or 7.5.3 Processing is necessary for pursuing the legitimate interests of the Company or of a third party to whom the information is supplied. 7.6 Where the data subject objects to the processing of personal information processed in accordance with the above, the Company may no longer process that personal information.
|
|
8 RESTRICTIONS ON THE PROCESSING OF SPECIAL PERSONAL INFORMATION
8.1 The Company will not process a data subject’s special Personal Information unless:
8.1.1 The data subject has given his/her consent; or 8.1.2 The processing of the special Personal Information is needed for the establishment, exercise, or defence of a right or obligation in law; or 8.1.3 The processing of the special Personal Information is necessary to comply with an obligation of international law; or 8.1.4 The processing of the special Personal Information is for historical, statistical or research purposes; or 8.1.5 The special Personal Information has been made public by the data subject.
In order to accommodate amendments to the laws governing the Republic of South Africa and the operational circumstances of the Company, this Policy is subject to change. |
