PRIVACY POLICY
IN TERMS OF
THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
(“POPIA”)
i. DEFINITIONS
1. “consent’’ means any voluntary, specific and informed expression of will in terms of whichpermission is given for the processing of personal information;
2. ‘‘Constitution’’ means the Constitution of the Republic of South Africa, 1996;
3. ‘‘data subject’’ means the person to whom personal information relates;
4. ‘‘direct marketing’’ means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of –
a) promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
b) requesting the data subject to make a donation of any kind for any reason;
5. ‘‘information officer’’ of, or in relation to, a—
a) public body means an information officer or deputy information officer as contemplated in terms of section 1 or 17; or
b) private body means the head of a private body as contemplated in section 1, of the Promotion of Access to Information Act;
6. ‘‘person’’ means a natural person or a juristic person;
7. ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social
origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion,
conscience, belief, culture, language and birth of the person;
b) information relating to the education or the medical, financial, criminal or employment history of
the person;
c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
d) the biometric information of the person;
e) the personal opinions, views or preferences of the person;
f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
g) the views or opinions of another individual about the person; and
h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
8. ‘‘processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
a) the collection, receipt, recording, organisation, collation, storage, updating or modification,
retrieval, alteration, consultation or use;
b) dissemination by means of transmission, distribution or making available in any other form; or
c) merging, linking, as well as restriction, degradation, erasure or destruction of information;
9. “policy” shall mean this Privacy Policy
10. ‘‘record’’ means any recorded information—
a) regardless of form or medium, including any of the following:
i. writing on any material;
ii. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
iii. label marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
iv. book, map, plan, graph or drawing;
v. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
b) in the possession or under the control of a responsible party;
c) whether or not it was created by a responsible party; and
d) regardless of when it came into existence;
11. ‘‘Regulator’’ means the Information Regulator established in terms of section 39;
1. INTRODUCTION
This Privacy policy (“Policy”) provides an explanation on how the Hot Cares NPC uses, protects and processes any information that it collects from a Data Subject (“you”). HOT CARES NPC abides by the Protection of Personal Information Act, No 4 of 2013 (POPIA), and is therefore committed to protecting your privacy and
making certain that the Personal Information you provide to the organisation is collected and used properly, lawfully and transparently. It also contains information regarding the rights of natural and juristic persons to whom Personal Information relates to Data Subjects.
The organisation reserves the right to amend this Policy or add provisions to it at any time by publishing an updated version on its website.
2. COLLECTION OF INFORMATION
2.1 The Organisation collects various Personal Information, this includes but is not limited to:
2.1.1 General identification and contact information, such as contact numbers, ID numbers,
addresses, names etc.
2.1.2 Financial records, example bank statements, company tax numbers, banking details etc.
2.1.3 Telephonic recordings, such as video recordings, messages, on-air recordings etc.
2.2 The Organisation collects Personal Information in many instances, including when:
2.2.1 Data Subjects contact the Organisation;
2.2.2 The Organisation provides services to Data Subjects;
2.2.3 persons apply for employment at the Organisation;
2.2.4 when persons use the Organisation’s website or engages with the Organisation through
social media or messages.
2.2.5 when persons request assistance from the organisation for themselves
2.2.6 when persons request assistance from the organisation for someone else or another
organisation
2.2.7 when persons/organisations offer assistance to the organisation for someone or another organisation.
We may collect the information directly from a Data Subject or a Third Party (such as regulators, government authorities and registries). Interaction with us on our website will result in the collection of information regarding the person’s activities on the website, similarly when an individual engages with us through our social media platforms (e.g. twitter, facebook and instagram etc.) This information
includes, but is not limited to, the person’s name, contact details etc.
As part of its recruitment processes, the Organisation collects information from employment applicants. Enquiring about employment opportunities at the Organisation or applying for employment, applicants are deemed to provide their consent to the Organisation’s processing and storing of their Personal Information for recruitment purposes, which may include but is not limited to screening as well as background and reference checks.
3. BASIS AND PURPOSE FOR PROCESSING PERSONAL INFORMATION
3.1 We may process your Personal Information:
3.1.1 to provide services to clients (radio audiences or advertisers);
3.1.2 to comply with legal or regulatory obligations;
3.1.3 if a Data Subject has provided their consent; or
3.1.4 if the processing is allowed by law;
3.1.5 for the NPC to assist beneficiaries.
3.2 The purposes for which we process Personal Information include, but are not limited to:
3.2.1 marketing and promotion of the Organisation;
3.2.2 providing and improving services to our clients and donors (radio audience and beneficiaries)
3.2.3 improving users’ experience when using our website;
3.2.4 communicating with persons for the Organisation’s internal purposes;
3.3.5 enabling the Organisation’s internal operations
4. DISCLOSURE OF PERSONAL INFORMATION
4.1 The Organisation may need to release Personal Information or disclose it to third parties in certain circumstances. These include, but are not limited to:
4.1.1 if we are required or authorised to do so by law or a court order;
4.1.2 in order for us to enforce its rights;
4.1.3 in order for us to provide services to clients and donors (radio audience and beneficiaries)
4.2 The third parties to whom we disclose Personal Information include, but are not limited to:
4.2.1 third party service providers to the Organisation or its clients;
4.2.2 third parties who provide research services to the Organisation or its clients;
4.2.3 government authorities and registries, organs of state, regulators, courts, tribunals and law
enforcement agencies.
4.3 In the event that a Data Subject discloses Personal Information of a Third Party to the Organisation,
the Data Subject agrees to:
4.3.1 disclose to the Third Party about the content of this Policy; and
4.3.2 obtain any legally required consent for the collection, use, disclosure, and transfer of personal information about the Third Party as in accordance with this Policy, the POPIA Protection of Personal Information Act 4 of 2013, and the Protection of Personal Information Act No. 4 of 2013.
5. TRANSFER OF PERSONAL INFORMATION
The Personal Information we collect may need to be transferred to persons in other countries. Those countries’ laws might not protect Personal Information in a similar manner or on the same level as the law in the Data Subject’s country. Nevertheless, we are committed to protect the Personal Information of the Data Subject as well as to take reasonable steps to make sure that recipients in other countries have appropriate privacy measures in place.
6. RETENTION OF PERSONAL INFORMATION
We retain Personal Information for as long as may be reasonably necessary, a contract or business deal requires us to retain it, Data Subjects have continuously given consent for us to retain it. We require it for research purposes and the applicable law(s) require us to do so. Take note, this does mean that we can retain information even if there is no longer a relationship with the Data Subject if other applicable law(s) require us to do so.
When a user leaves a comment on the Organisation’s website, the comment and its metadata are retained indefinitely to enable the Organisation to automatically recognize and approve any follow-up comments.
When an individual makes use of our website to make a donation to the Organisation whether it is once-off, for 3 months, 6 months or a year, the user consents to the retention of his/her personal information for as long as may be reasonably necessary.
Further, the Organisation retains the Personal Information that the users who have registered on its website provide to it in their user profile. It should be noted that Personal Information of users can be viewed, edited or deleted by the users themselves at any given time, however they cannot change their username. We record that such Personal Information can be viewed and edited by website administrators.
7. COOKIES
Our website makes use of cookies. These are small software programs that are installed onto to your computer, your mobile device for various lengths of time. Cookies store information regarding a specific user and remember your preferences about our website. Cookies have various purposes, such as improving the visitor’s experience on the website and facilitating their use of the website. Cookies record this data, which is then transmitted to the Organisation or to third parties with whom we work. A website visitor may disable or decline cookies. However, if the visitor does so, their user experience on the site may be diminished.
If a visitor leaves a comment on the Organisation’s website such a visitor may opt-in to saving their name, email address and website in cookies. Please take notice that these cookies will be saved for a period of 1 (one) year.
8. DIRECT MARKETING
The Organisation may send marketing and promotional communications and material to persons. Recipients may choose not to receive such communications by contacting the Organisation on the details provided below:
Manager – Carmen Rocha
Telephone number – 010 157 1027
Email – info@hotcares.co.za
9. SECURITY
The Organisation takes all reasonable steps to protect and avoid unauthorised access to Personal Information. We have implemented several policies, procedures and software to safeguard Personal Information and regularly review the aforesaid security measures to ensuring that Personal Information is adequately protected, nonetheless no exchange through the use of the internet can be guaranteed to be secure, in the event that you suspect that our security has been compromised please do not hesitate to contact us, using the contact details provided below.
10. DATA SUBJECT RIGHTS
The law makes provision for the rights of Data Subjects to access, amend or delete Personal Information that is held by the Organisation. In this regard, you can request to access, amend or delete Personal Information we have in our possession. Nevertheless, the Organisation may, in certain instances, legally refuse or decline such requests, such as instances where such information is not to be deleted for administrative, legal, or security purposes. If applicable, a Data Subject may also have the right to object to the Organisation processing their Personal Information or to file a complaint with a regulator. If a Data Subject wishes to exercise their rights, they can contact the Organisation through the details provided below. The Organisation may charge Data Subjects a fee for accessing, amending or deleting their Personal Information when applicable. Data subjects are encouraged to contact us in order to update their Personal Information as and when needed. Take note, we will need proof of identity for a Data Subject to enforce any of the aforementioned rights.
11. INFORMATION OFFICER
The Information Officer is appointed according to the legal requirements contemplated in POPIA and PAIA. The responsibilities of the Information Officer include but are not limited to:
11.1 Encouraging compliance with the needed law(s);
11.2 Attending to requests and complaints made by data subjects in terms of POPIA and PAIA;
11.3 Assisting the regulator with any investigation;
11.4 If any of the provisions of POPIA are breached the Information Officer will be held liable;
11.5 Ensuring that all processes pertaining to Data Subjects Personal Information is user friendly and easy to understand;
11.6 Working alongside the Information Regulator in regard to ongoing investigations, arising issues, reporting etc.
12. CONTACT DETAILS
In order to contact the Organisation for purposes relating to this Policy, please contact our Information Officer using these contact details:
Director – Lloyd Madurai
Physical Address – 44 Felstead Road, Boundary Park, Roodepoort, 2196
Postal address – Postnet Suite 525, Private Bag x3, Northriding, 2162
Telephone number – 010 157 1027
Email – info@hotcares.co.za