AFRIGO GLOBAL (PTY) LTD PRIVACY POLICY
- OBJECTIVE
- Afrigo Global (Pty) Ltd is committed to the lawful Processing of our client and employee information in terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”).
- Insofar as it is required in terms of POPIA, we will always obtain written Consent before Processing Personal Information in any way.
- DEFINITIONS
- “Personal Information”: “Information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person.”
- “Data Subject:” “The person to whom Personal Information relates.”
- “Responsible Party:” For purposes of this Notice, the Responsible Party is Afrigo Global (Pty) Ltd.
- “Consent:” “Voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information.”
- “Processing:” “Any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information.”
- “Record:” “Any recorded information, regardless of form or medium, in the possession or under the control of a Responsible Party, whether or not it was created by a Responsible Party and regardless of when it came into existence.”
- “Regulator:” “Information Regulator established in terms of Section 39.”
- “Special Personal Information:” Personal Information of a Data Subject relating to their religious or philosophical beliefs; race of ethnic origin; trade union membership; political persuasion; health or sex life; biometric information and criminal behavior (to an extent).
- GENERAL
- Afrigo Global (Pty) Ltd and its employees undertake to treat all client information as strictly confidential.
- No Personal Information regarding a client or employee may be divulged to an outsider, unless it is done in terms of POPIA.
- No employee may request, gather or store any Personal Information from or regarding a client, unless this is done for business purposes and takes place with the full knowledge and Consent of the client concerned. The information collected and processed is only used for the specified purpose for which it was intended, as set out at the time of procurement. Such purpose can include logistical and / or logistics consulting services.
- We undertake to provide access, upon request, to our clients and employees, to their own Record(s), in terms of the provisions of POPIA, and where sufficient proof of identity has been shown upon such request.
- Where a client wishes to correct/update their Record(s), we request proof of the corrected/updated information before rectifying our documents to reflect the change. Proper Record is also kept of the client’s request to amend the details of their Record held by us, including the date of the request for the change as well as the change itself.
- Where necessary, relevant and in the interest of properly carrying out our instructions and / or mandate, third parties are notified of changes to the details of a client.
- There is no fee charged in relation to the request of a Data Subject for confirmation of whether we hold your Personal Information.
- Where a Data Subject requests a Record or description of the Personal Information we hold, as well as that information to which third parties have access, we will attend to such a request “within a reasonable time; at a prescribed fee (if any); in a reasonable manner and format; and in a form that is generally understandable.”
- INFORMATION OFFICER
- The details of our Information Officer and Deputy Information Officer are as follows:
- Information Officer:
Melany van Oordt
Contact Number: 021 976 5492
- Deputy Information Officer:
Penny Louw
Contact Number: 021 976 5492
- Information Officer:
- For any queries, requests or complaints related to the Processing of Personal Information, please contact our Information Officer or Deputy Information Officer.
- The details of our Information Officer and Deputy Information Officer are as follows:
- INCIDENT MANAGEMENT PROCESS
- The Processing of data, particularly by electronic means, is always accompanied by a certain element of risk. Although we do everything in our power to safeguard the integrity of the Personal Information entrusted to us, security breaches are still a possibility.
- Where we have become aware of a data security breach / have reasonable grounds to believe that there has been a data security breach, this will be reported to the Information Regulator, as well as the Data Subject concerned, as soon as reasonably possible after becoming aware of the compromise / possible compromise, and we will provide enough information to allow the Data Subject to take action against any potential consequences.
- RESEARCH REGARDING EMPLOYMENT APPLICATIONS
- All applicants / prospective employees of Afrigo Global (Pty) Ltd are required to furnish certain details, within the ambit of the definition of “Personal Information,” necessary for the consideration of their employment applications, including but not limited to, details of previous employment / work experience, identity numbers and contact details, for the purposes of background and reference checks.
- Applicants / prospective employees confirm that the details of any and all references provided to us are so furnished with the express Consent of the named person.
- EMPLOYEE COGNISANCE OF POLICY
- Our employees receive training on dealing with the Personal Information of our clients in line with the provisions of POPIA. As and when the provisions and regulations are amended and/or supplemented, employees will be required to attend further workshops/training sessions, thereby ensuring that all employees remain up to date with the provisions of POPIA.
- Each employee, therefore, is aware of the requirements for lawful Processing of Personal Information and has undertaken to treat all client information as strictly confidential, both during and after their employment period.
- Our Information Officer is responsible for updating and informing the employees of any relevant new regulations pertaining to POPIA and ensuring that they carry out their duties in line therewith.
- DOCUMENTS CONTAINING PERSONAL INFORMATION
- COMPUTERS
- Only authorised employees have passwords and access to the firm’s computers.
- By virtue of our privacy policy, these passwords are not shared with other computer users / divulged to any other person, except the authorised head of division.
- Passwords are further changed regularly, with the view to improve security.
- Passwords and all other forms of access to the firm’s main frame and information contained therein are immediately removed by the firm’s IT agents upon an employee’s termination of service.
- REMOVAL OF DOCUMENTS FROM OFFICE
- No physical or electronic files and/or documents containing the Personal Information of any client or employee may leave the premises without the prior approval of the head of department.
- Such approval is only granted where the documents are removed exclusively for work purposes and the head of department is satisfied that the file/document will not fall into the hands of unauthorised persons.
- Where documents are sent by courier, the services of a reliable/reputable courier company are utilised and the documents are handed to the courier service in a sealed envelope.
- REMOTE COMPUTERS
- Where employees are, for any reason, required to work from home/a location that is not Unit 4 Arum Lilly Place, Arum Lilly Street, Durbanville Industria, Fisantekraal, Cape Town, remote access is granted to such employees, with the requisite security safeguards (passwords, anti-virus, firewall, etc.) in place to ensure that no unauthorised person gains access to the company’s main frame.
- Employees are required to obtain prior authorisation from their head of department before removing his/her computer, or any component thereof, from the building.
- COMPUTERS
- RESTRICTION OF ACCESS TO OFFICES
- All documents containing Personal Information, including all documents created and stored in electronic format, are kept within the premises known as Unit 4 Arum Lilly Place, Arum Lilly Street, Durbanville Industria, Fisantekraal, Cape Town.
- Documents containing Personal Information of clients and employees are stored in a safe and responsible manner. The key is kept in a safe place and is only handed to authorised persons.
- ACCESS TO MAIN BUILDING
- The front door and security gate are remote controlled and will only grant access to authorised parties.
- Documents containing Personal Information are not kept in the foyer, unless inside a sealed envelope.
- Outside office hours, the building is kept locked at all times and the alarm activated by the last employee to leave the premises.
- DESTRUCTION OF DOCUMENTS Personal Information regarding clients and employees, which is no longer relevant and of use, will be retained for a period of 5 years and will then be destroyed in an acceptable manner and by acceptable means.
- RISK ANALYSIS
- The Information Officer attends, on an annual basis, to an update on the firm’s risk analysis report and data security safeguards, including the relevant measures pertaining to the firm’s physical, digital, operational and administrative security.
- Where necessary, the relevant aspects of the company’s security are updated to ensure that the strongest possible security measures are in place.
- SUB-CONTRACTORS
- There are a number of instances where the company, with the prior Consent of the client, must make use of a sub-contractor, for example, transportation services provided by a third party.
- Before the relevant documents are sent to the sub-contractor, electronically or in hard copy, the employee ensures that:
- The client has fully consented to such Processing and that the information is correct;
- That the client is fully informed of the Processing and is completely aware of the potential risks thereof.
- Other sub-contractors are requested to undertake, in writing, to comply with our privacy policy, and to sign a confidentiality agreement with the company.
- Where a sub-contractor handles client information in a manner contrary to the provisions of our privacy policy, or there are reasonable grounds to believe that a sub-contractor has handled client information in a manner contrary to the provisions of our privacy policy, this will be reported to the Data Subject concerned, as well as to the Information Regulator, by our Information Officer.
- BACK-UP SUPPORT
- All information stored on the main frame is automatically backed up on a daily basis.
- The back-up software used by the business is regularly updated to ensure that Personal Information is properly stored.