SECTION 21 – OPERATOR AGREEMENT
2.3.2 For the purposes connected with the provision of the services or as specifically otherwise instructed or authorised by the Responsible Party in writing.
3.1.2 Unlawful access to or processing of the Personal Information.
3.2.2 establish and maintain appropriate safeguards against the risks identified;
3.2.3 regularly verify that the safeguards are effectively implemented;
3.2.4 ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards and shall notify the Responsible party of the risks identified and the safeguards established and implemented from time to time.
3.2.5 Reasonable measures include:
22.214.171.124 encryption of all disks, USB or flash memory data storage devices, laptops, tablet or removable device capable of storing Personal Information.
126.96.36.199 taking immediate steps to address identified risks and deficiencies.
3.4 Within five (5) Business Days of a request from the Responsible Party, the Service Provider shall provide to the Responsible Party a written explanation and full details of the appropriate technical and organisational measures taken by or on behalf of the Service Provider to demonstrate and ensure compliance with this clause.
4.1.1 take responsible steps to ensure the reliability of any if its Staff who have access to the Personal Information;
6.1 Upon termination of this Agreement or upon request by the Responsible Party, the Services Provider shall return any material containing, pertaining or relating to the Personal Information disclosed pursuant to this Agreement to the Responsible Party. Alternatively, the Services Provider shall, at the instance of the Responsible Party, destroy or return such material and shall certify to the Responsible Party that it has done so, unless the law prohibits the Service Provider from doing so. In that case, the Service Provider warrants that it will guarantee the confidentially of the Personal Information and will not actively process the Personal Information any further.
POPI (PROTECTION OF PERSONAL INFORMATION)
What is the POPI Act
We respect your right to privacy and therefore aim to ensure that we comply with the legal requirement of the POPI Act which regulates the manner in which we collect, process, store, share and destroy any personal information which you have provided to us.
What information will we collect
- The types of personal information we request of data subjects;
Copy of ID’s
Private e-mail addresses
Medical Aid details / Investments / RA’sBank details
Client Name, Key contacts names, Contact Details
Client Name, Key contacts names, Contract Details, VAT #
Prof1t Servers / VPN Access Details
Client’s Staff Data / Name / E-mail / Contact Details / ID’s / Addresses / Position
Prof1t Login Details
Name of Supplier
We collect information directly from you where you provide us with your personal details. Where possible, we will inform you what information you are required to provide to us and what information is optional.
If you are under 18 years of age (minor), we will require the consent of your parent/guardian/competent person before we process such personal information.
Processing of Information
We will share your personal information:
- in order to comply with applicable law or with legal process served on our company;
- in order to protect and defend the rights or property of our company; and
- with employees and/or third parties who assist us in providing services to you and thus require your personal information in order to render a proper and efficient service. We will ensure that all such employees and third party service providers, having access to your personal information, are bound by confidentiality agreements.
Collection of Information by “Cookies”
You have the right at any time to:
- rectify the Personal Information collected by us;
- object to the processing of Personal Information (subject to legislation);
- request the return or destruction of Personal Information (subject to legislation);
- lodge a complaint with the company.
Personal Information processed by us will be routed/transferred to a third country or International organization. The following security measures will apply Company information security policies are in place:
- Computers are controlled through security group policies
- Password protection on all company devices
- Anti-virus active on all computers
- Staff been trained on physical and cyber security measures
- Regular audits done on security status
- POPI Training done with staff
All enquiries must be addressed to the information officer: Mark van Rensburg who can be contacted via email at firstname.lastname@example.org or via telephone on (083) 4844300.
You can also complain to the Information Regulator if you are unhappy with how we have used your Information.
The Information Regulator (South Africa)
27 Stiemens Street
Complaints email for POPIA: POPIAComplaints.IR@justice.gov.za
Complaints email for PAIA: PAIAComplaints.IR@justice.gov.za