item: ZAR0.00
Login
Sign Up

POPIA

Home POPIA

PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013 (POPIA) POLICY

of DEJA-MOO (Pty) Ltd. (“Déjà-Moo”)

Effective Date: 29 December 2024

 

1. This POPIA Policy ("Policy") applies to Déjà-Moo ("the Company").

2. This Policy makes reference to the Information Officer. The Information Officer has primary responsibility for:

2.1. enforcing this Policy; and

2.2. developing, implementing and enforcing any additional procedures, standards and processes, as he or she may deem necessary and appropriate, to effectuate this Policy.

 

DOCUMENT VERSION AND CHANGE CONTROL

VERSION DATE: 29th December 2024

AUTHOR: Sher & Peter Attorneys

COMMENT/SUMMARY OF UPDATE: Creation

 

3. CONTEXT AND BACKGROUND

3.1. This Policy covers the Company's compliance with and application of the Protection of Personal Information Act 4 of  2013 ("POPIA"). The Company promotes the right to protection against unlawful processing of Personal Information and giving effect to the right to privacy as enshrined in Section 14 of the Constitution of the Republic of South Africa.

 

4. DEFINITIONS

4.1. In this Policy, the following definitions apply:

4.1.1. "Consent" means any voluntary, specific and informed expression of will in terms of which permission is given

for the processing of Personal Information;

4.1.2. "Data Subject" means the Person to whom Personal Information relates, and for purposes of this Policy;

4.1.3. "De-identify" means to delete any information that identifies the Data Subject, can be used or manipulated by a reasonably foreseeable method to identify the Data Subject, or can be linked by a reasonably foreseeable  method to other information that identifies the Data Subject;

4.1.4. "Deputy Information Officer" means the Deputy Information Officer required in terms of Section 56 of POPIA;

4.1.5. "Information Officer" means the Information Officer required in terms of Section 55 of POPIA;

4.1.6. "Information Regulator" means the Information Regulator established in terms of Section 39 of POPIA;

4.1.7. "Operator" means a person who processes Personal Information for the Company in terms of a contract or mandate, without coming under the direct authority of the Company;

4.1.8. "Person" means a natural person or a juristic person;

4.1.9. "Personal Information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

4.1.9.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion,  conscience, belief, culture, language and birth of the person;

4.1.9.2. information relating to the education or the medical, financial, criminal or employment history of the person;

4.1.9.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

4.1.9.4. the biometric information of the person;

4.1.9.5. the personal opinions, views or preferences of the person;

4.1.9.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

4.1.9.7. the views or opinions of another individual about the person;

4.1.9.8. the name of the person if it appears with other Personal Information relating to the person or if

the disclosure of the name itself would reveal information about the person;

4.1.9.9. and includes ''Special Personal Information'' referred to in Section 26 of the POPIA such as religion, race or ethnic origin, criminal record, trade union membership, health, medical records, or biometric information of a Data Subject.

4.1.10."POPIA" means the Protection of Personal Information Act 4 of 2013.

4.1.11."Privacy Notice" means a privacy notice describes how your Personal Information is used by the Company as a result of a person's engagement with the Company;

4.1.12."Processing" means any operation or activity or any set of operations, whether by automatic means, concerning Personal Information, including:

4.1.12.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

4.1.12.2. dissemination by means of transmission, distribution or making available in any other form; or

4.1.12.3. merging, linking, as well as restriction, degradation, erasure or destruction of Personal Information;

4.1.13."Responsible Party" means the Company as a private body, who alone or in conjunction with others,

determines the purpose of and means for processing Personal Information.

 

5. PURPOSE

5.1. This Policy promotes the protection of Personal Information and aims to regulate, in harmony with regulatory standards, the processing of Personal Information by the Company, as well as promotion of the right to privacy and regulation of the manner in which the Company processes Personal Information, in accordance with the requirements of the POPIA.

 

6. PRINCIPLES

6.1. This Policy applies to all the Company's operations and activities in South Africa and to the extent legally required in other jurisdictions;

6.2. The Company processes Personal Information of the individuals (natural persons) and corporate entities (juristic persons, such as companies, close corporations and trusts) with whom it works in order to operate and carry out its operations and activities (collectively referred to as "Persons");

6.3. The Company regards the lawful and proper processing of Personal Information as crucial to successful service delivery and essential to maintaining confidence between the Company and those Persons who deal with it.

 

7. RIGHTS OF DATA SUBJECTS

7.1. The Company will ensure that it makes Data Subjects aware of their rights, as appropriate and specifically with regards to the following:

7.1.1. The right to access Personal Information - Data Subjects have the right to establish whether the Company holds Personal Information related to them, including the right to request access to that Personal Information.

7.1.2. The right to have Personal Information corrected or delete - Data Subjects also have the right to ask the Company to update, correct or delete their Personal Information on reasonable grounds.

7.1.3. The right to object to the processing of Personal Information - Data Subjects have the right on reasonable grounds, to object to the processing of their Personal Information. The Company will consider such requests and the requirements of POPIA and may cease to process such Personal Information and may, subject to statutory and contractual record keeping requirements, also destroy the Personal Information.

7.1.4. The right to object to direct marketing - Data Subjects have the right to object to their Personal Information being used for the purposes of direct marketing by means of unsolicited electronic communications.

7.1.5. The right to complain to the Information Regulator - Data Subjects have the right to submit a complaint to the Information Regulator regarding infringements of any of their rights protected under POPIA and to

institute civil proceedings against alleged non-compliance with the protection of their Personal Information.

7.1.6. The right to be informed - Data Subjects have the right to be informed that their Personal Information is being collected by the Company and should also be notified in any situation where the Company reasonably believes that the Personal Information of any Data Subjects has been accessed by unauthorised person/s.

 

8. GENERAL GUIDING PRINCIPLES

8.1. All employees and persons acting on behalf of the Company will be subject to the following guiding principles:

8.1.1. Accountability - Compliance failure could damage the reputation of the company and its shareholders. The Company could also be exposed to a civil claim for damages. The protection of Personal Information is therefore everybody's responsibility. The Company will take appropriate steps including disciplinary action against individuals who through intentional or negligent actions and/or omissions fail to comply with this Policy;

8.1.2. Processing Limitation - The Company collects Personal Information directly from Data subjects only as pertains to business requirements. The type of information will depend on the need for which it is collected and will be processed for that purpose only. We will inform Data Subjects as to what information is mandatory or deemed optional, as far as possible. Personal information will only be used for the purpose for which it was collected, intended and as agreed. This may include: processing orders, product deliveries, newsletters (if Opted in to receive them).

8.1.3. According to Section 10 of POPIA, Personal Information may only be processed if the purpose for which it is processed, is adequate, relevant and not excessive. Certain conditions must be met for the Company to process Personal Information as in Section 11 of POPIA. These are listed below:

8.1.3.1. Data Subjects consent to the processing - consent is obtained during early stages of the relationship;

8.1.3.2. Processing is necessary - Personal Information is required to facilitate the provision of services to the Data Subject or for the conclusion of a contract to which the Data Subject is a party;

8.1.3.3. The Company is under obligation by law;

8.1.3.4. The legitimate interest of the Data Subject is protected - it is in their best interest to provide the Personal Information; and

8.1.3.5. Processing is in the best interest of the Company - in order to provide our services to the Data Subject.

8.1.4. Further Processing Limitation - Personal Information will not be processed for a secondary purpose unless that processing is compatible with the original purpose. Where the secondary purpose is not compatible with the original purpose, the Company will first obtain additional consent from the Data subject.

8.1.5. Information Quality - The Company will take reasonable steps to ensure that all Personal Information is complete, accurate and not misleading. Where Personal Information is collected from third parties, the Company will take reasonable steps to ensure that the information is correct by verifying the accuracy of the information directly with the Data Subject or by way of independent sources.

8.1.6. Security Safeguards - Section 19 of POPIA requires the adequate protection of Personal Information that is held by the Company. The Company will continuously review security controls and processes to prevent unauthorised access and use of Personal Information.

 

9. PRIVACY NOTICE

9.1. The Company has a Privacy Notice (https://deja-moo.co.za/pages/privacy) which describes how Personal Information is processed by the Company as a result of a Person's engagement with the Company. This includes how the Personal Information is collected, how it is used and why it is used.