1. INTRODUCTION AND PURPOSE
The Protection of Personal Information Act (“POPI”) aims to give effect to the constitutional right to privacy by balancing the right to privacy against that of access to information. POPI requires that personal information pertaining to individuals be processed lawfully and in a reasonable manner that does not infringe on the right to privacy.
This document therefore relates to and explains how we obtain, process, use, store, disclose, and destroy personal information in accordance with the requirements of POPI.
2. COMPANY DETAILS
|COMPANY NAME AND REGISTRATION NUMBER||
ATA International Holdings (Pty) Ltd
|COMPANY HEAD||Trevor Justus|
|INFORMATION OFFICER||Tasneem Bowles|
Sami G Office Square
E002, Ground Floor,
80 Greenvale Road, Rietfontein,
Germiston, South Africa
|TELEPHONE NUMBER||+27 11 450 4263|
|INFORMATION OFFICER||Tasneem Bowles|
3. PERSONAL INFORMATION COLLECTED
Personal Information may only be processed if the purpose for which it is processed is adequate, relevant, and not excessive. The type of information collected and processed is usually for the purpose of understanding a related parties’ requirements for us to perform our services and can largely be summarized as follows:
|Entity Type||Personal Information Processed|
|Clients: Natural Persons||Names; contact details; physical and postal addresses; date of birth; ID number; Tax related information; nationality; gender; confidential correspondence|
|Clients – Juristic Persons / Entities||Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners|
|Clients – Foreign Persons / Entities||Names; contact details; physical and postal addresses; date of birth; Passport number Tax related information; nationality; gender; confidential correspondence|
|Intermediary / Advisor||Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners|
|Contracted Service Providers||Names of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners|
|Employees / Directors||Gender, Marital Status, Colour, Age, Language, Education information; Financial Information; Employment History; ID number; Physical and Postal address; Contact details; Opinions, Criminal behaviour; Well-being;|
|Website end-users / Application end-users||Electronic identification data: IP address, log-in data, cookies, electronic localization data: cell phone, GPS|
4. USE AND DISCLOSURE OF PERSONAL INFORMATION
We will only use personal information for the purpose in which it was generated and as agreed by you in order for us to conduct our daily operational activities. In addition, where necessary some personal information may be retained for legal purposes in order for us to comply with the relevant laws such as FICA requirements.
- To gather contact information.
- To confirm and verify your identity or verify that you are an authorized user for security purposes.
- For the detection and prevention of fraud, crime, money laundering or other malpractice.
- To conduct market or customer satisfaction research or for statistical analysis.
- For audit and record keeping purposes.
- In connection with legal proceedings.
We may disclose personal information to various stakeholders including our service providers who are associated with our business activities. We have taken various measures in this regard to ensure that agreements are in place with such stakeholders and service providers to ensure compliance with the requirements of POPI.
Should we be required to transfer Personal Information to third parties outside of South Africa, we will ensure that the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection.
5. ACCESS AND CORRECTION OF PERSONAL INFORMATION
You have the right to request a copy of the personal information we hold about you. Should you wish to update, correct, or delete your personal information you may do so by contacting us using the information contained in clause 2 of this document and specifying what information you require and/or would like to update.
6. INFORMATION SECURITY
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Computer and network security.
- Access to personal information.
- Secure communications.
- Security in contracting out activities or functions.
- Retention and disposal of information.
- Acceptable usage of personal information.
- Governance and regulatory issues.
- Monitoring access and usage of private information.
- Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
7. REQUESTING ACCESS AND LODGING OF COMPLAINTS
If for whatever reason you are unhappy with the way in which personal information is collected, processed, used or stored and you believe that we are not complying with the provisions set out in POPI, you may lodge a complaint with the office of the Information Regulator using the official Form 5 complaint form.