Mobile Inventory Collation Privacy Policy
Public Notice
Introduction:
At Mobile Inventory Collation (hereinafter the “Company”), we are committed to protecting the privacy of our customers and employees. This policy outlines our approach to the collection, use, and protection of personal information in accordance with the Protection of Personal Information (POPI) Act. The policy applies to all employees, customers, and any other relevant parties who interact with the Company.
This Policy is mandated by the introduction and enforcement of the requirements of the following South Africa Regulatory acts:
- “Promotion Of Access to Information Act” and
- “Protection Of Personal Information Act”.
These Acts are more commonly referred to as “PAIA & POPIA”. The reason for the propagation of these acts was to ensure that both Individual (Person) and Juristic Persons (Entities) rights, which are part of The South African Constitution, are upheld. These reference documents and Acts are available to the company employees, contractors and third parties on request of from the internet.
Data Collection:
The Company collects personal information for various purposes, including but not limited to, providing services and support, processing payments, to support ongoing employer and employee relationships, as well as to communicate and engage with customers, service providers and contractors.
The Company undertakes that it shall only process information in a manner that is compliant with the regulations and is lawful and reasonable. Furthermore, where specific consent is required for the processing of information, such consent will be obtained.
In line with the regulations, Personal Information will be processed under the following (non-exhaustive) set of circumstances:
- for legal compliance
- for the conclusion or performance of a contract
- for the protection of a legitimate interest of the data subject
- for pursuing the legitimate interests of the company
- for a legally authorised third party to whom the information is supplied.
The Definition of Personal Information, as per the POPI act, is as follows:
‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
The Company collects personal information through forms, emails, contracts, web browsers, website cookies, social media platforms, resumés and other means. In some cases, we may obtain personal information from third-party sources, such as credit bureaus.
Data Security:
The Company takes the protection of Personal Information very seriously and will implement appropriate measures to secure the personal information it collects. All personal information shall be stored on secure servers and will only be accessible by authorized personnel for specific, lawful purposes. The Company takes the stance that they do not share personal information with third parties unless it is necessary for the provision of our services or as required by law.
Despite the security measures we have in place to protect your personal information, you acknowledge that even with the Company’s best efforts, your Personal Information may be accessed by an unauthorised third party, e.g. as a result of an illegal activity.
Data Records Schedule:
In accordance with the “Protection of Personal Information Act (POPI)”, the Company is obligated to maintain a Schedule of records. Public records will be made available by the Information Officer. For queries regarding personal information, please contact the Information Officer who will attend to the request as dictated by the company policies. Note that this is not a limited list as regulatory and business activities are subject to change.
For any enquiries regarding records schedule, please contact the Information Officer.
Data Records Classification:
In accordance with the “Protection of Personal Information Act (POPI)”, the Company is obligated to classify records into groups. The reason for this grouping is to allow management to control the availability and accessibility of the documents both internally and externally in accordance with the company Data Protection framework.
For any enquiries regarding data records classification, please contact the Information Officer.
Data Retention:
The Company shall only keep personal information for as long as necessary to provide the services or support requested by our customers. The Company shall establish conditions for determining when Personal Information is no longer needed and will ensure that it is deleted or destroyed in a secure manner once such conditions are met.
In accordance with the “Protection of Personal Information Act (POPI)”, the Company is obligated to manage this retention of documentation, based on:
- the different legal requirements which are imposed on the company for document retention; and
- the requirements imposed on the Company for the execution of contracts, agreements and/or rules of tender proceedings; and
- internal policies regarding data retention.
For any enquiries regarding data retention, please contact the Information Officer.
Data Sharing:
In some cases, it may be necessary for the Company to share personal information with third parties, in order to provide our services. In these instances, we take steps to ensure that the third party is also compliant with the POPI act and has appropriate security measures in place to protect the personal information. We shall also have agreements in place with these third parties to ensure that the personal information is used only for the purposes for which it was shared.
Data Storage:
Based on the document classification, all information regarding the company, clients, employees, subcontractors, and appointed third party (Operators) service providers may be stored on the Company IT Infrastructure or equipment and/or at appointed third party (Operators) service providers and at their respective locations. The location of the storage of the data will be dependent on the provided IT Equipment and in accordance with the agreed-upon service being provided by the appointed third party (Operators) service providers. Physical documentation and/or items will be access controlled or stored with a third party who specialises in the storage of physical documents and/or items in a secure manner.
Data Online:
Our website collects details dependant on how your web browser has been configured. These details are the pages viewed, date and times viewed, the IP address of the computer used and other statistical data. These details will be shared for monitoring, research and analytical purposes.
These ‘cookies’ are very small files that are sent from the website to your browser and then stored on the computer with very specific information. The browser will allow the user to control what details will be sent back to the website. This will also manage the user experience based on the details accepted.
Our website may contain hyperlinks to websites that are not controlled, owned or operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites nor do we assert any association with their owners or operators. The Company does not own or control these third-party websites and is not responsible for their data or privacy practices. The onus remains on the individual to review any privacy statement posted on any site they visit prior to using the site or providing any information to/on such sites.
Data Processing Conditions:
As a Company, we shall abide by the processing conditions stipulated by the POPI Act (Protection of Personal Information Act).
The eight conditions are:
- Lawfulness: Personal information may only be processed if it is done so in a lawful manner.
- Purpose specification: The specific purpose for which personal information is being processed must be specified.
- Further processing limitation: Personal information may only be processed for the purpose specified and cannot be processed for any other purpose.
- Minimization: The amount of personal information collected and processed must be limited to what is necessary for the specified purpose.
- Accuracy: Personal information must be accurate, complete, and up-to-date.
- Transparency: Individuals must be informed of the collection, use, and processing of their personal information.
- Security: Appropriate measures must be taken to ensure the security of personal information, including protection against unauthorized access, loss, theft, or destruction.
- Accountability: Those processing personal information must be accountable for ensuring that the above conditions are met and must take responsibility for any breaches of the POPI Act.
The Company shall ensure that all the conditions above are integrated into any Data Processing or operations to ensure that the Company is compliant with the provisions of the Act.
Impact Assessments:
In line with the regulatory obligations, the Company shall perform an annual Data Processing Impact Assessment in order to evaluate any risks, and to the best of our ability, develop mitigating factors for each risk so identified.
Reporting:
The Company has an obligation to report any Data Breaches to the regulator as well as to the Data Subjects who are affected. We commit to informing affected parties, as well as the Regulator as soon as a breach is identified, or within a maximum of 7 business days after identifying a Data Breach.
Training:
In accordance with these policy requirements all employees must be provided with the required training to familiarize the employee with the policies, procedures, and rules relating to their employment and associated duties and responsibilities. Please refer to annexure in the Employee Handbook for the respective/supporting policy or procedure documents.
Data Breaches:
In the event of a data breach, the Company shall have established procedures in place to quickly respond and minimize the impact on those affected. This includes reporting the breach to the relevant authorities, notifying Data Subjects, and taking appropriate steps to prevent future breaches.
Rights of Data Subjects:
It is understood that Data subjects have the right to access, correct, and delete their personal information. They also have the right to know who is processing their personal information and for what purpose. By appointing an Information Officer, the Company will ensure that Data subjects can exercise these rights by contacting the Information Officer.
Information Officer:
The Company will appoint an Information Officer who shall act as the interface between the Information Regulator and the Company, as well as Data Subjects and the Company. Furthermore, the Information Officer shall be enabled to appoint deputies who will assist them in the ongoing operational requirements imposed by the POPI Act.
The Company may create a separate email address for any POPIA related queries or concerns. The Company will develop, implement, and maintain the necessary documents and appropriate procedures for the management of this function.
popi@micol.co.za
Information Regulator:
As per both the PAIA and the POPIA, an Information Regulator has been appointed to oversee all issues, queries or concerns related to the implementation and enforcement of the relevant acts.
popiacomplaints@inforegulator.org.za
Company Information Disclaimer:
The applicable regulatory requirements inform this framework. This framework consists of a number of separate policies and procedures that direct and manage the business activities of the Company. The Company will manage their compliance requirements based on these policies and in respect of the assessed risks and liabilities in order to conduct business on a ‘day-to-day’ basis. The contents of this document and the respective supporting policy documents do not provide legal representation or legal advice. They have been developed and provided by the Company to manage compliance requirements within the organisation and with relevant stakeholders.
Governing Law
A visitor or user of this website agrees that any dispute, arbitration or claim arising out of or relating to the use of this Website will be governed by the laws of South Africa, and any legal proceedings shall be conducted in Cape Town.
Reviews:
The Company shall review this policy on an Annual basis.
Conclusion:
At Mobile Inventory Collation, we are dedicated to protecting the privacy of all the stakeholders we engage with. In line with this dedication, we hereby commit to securing personal information and to comply with the POPI Act.