THE PROTECTION OF PERSONAL INFORMATION ACT – DUTY TO OUR CLIENTS
Dear Valued Clients
The Protection of Personal Information Act (POPIA) is now in operation and we need to comply. POPIA regulates how our company and employees handle your personal information as part of our business and in the fulfilment of our mandated duties.
POPIA is intended to balance 2 competing interests, these are:
- Your constitutional right to privacy (which requires your personal information to be protected); and;
- The needs of our society to have access to and to use personal information for legitimate purposes, for example, to enable us to do our work for you.
POPIA obliges us to inform you of our process, and that is the main purpose of this correspondence. If you wish to have greater insight into the way in which we implement POPIA, you may ask for a copy of our POPIA Compliance Policy.
Here is what you need to know:
The Information Officer for Newfield Alternative Energy is Paul Lochner. As Information Officer, he is registered with the Information Regulator and performs certain functions as set out in the Act.
THE COLLECTION AND PROCESSING OF PERSONAL INFORMATION
- We will collect the majority of your personal information from yourself. Please cooperate with us when we do so for the legitimate functioning of our business and services to you. We will also collect your personal information from any intermediary that might have referred you to us.
- We will be collecting your personal information to enable us to fulfil our duties to you in the course of running our business in line with various legislatures.
- You are legally obliged to supply the information that we need to comply with the Financial Intelligence Centre Act (FICA). Any other information that we ask for will be required to enable us to fulfil any functions related to our property dealings with you. You have a choice as to whether you will supply us with this other information. However, please be advised that failure to provide such information may put you in breach of contract or the law.
- We will be passing your personal information on to all third parties that require it for the purposes of doing their work which is directly related to the work we do for you.
- You can rest assured that unless we are legally obliged to share your personal information, we will only share as much of your personal information as is needed by the authority that requires it, and we will only do so when it is necessary for us to do our work for you. In addition, all of our employees are bound by the POPIA and are required to keep your personal information confidential.
- If there is an international component to the work which we are doing for you, and if we are required to share your personal information with an overseas recipient, you are entitled to ask us how your personal information will be protected in this foreign country, and we will endeavour to assist you.
- You have the right of access to your personal information and the right to correct any errors relating to the information that we have on record. In addition, you have the right to object to us continuing to process your personal information. In this regard, please note that if you do exercise this right, we will not be able to do our work properly. In addition, this might place you in breach of a contract or the law. (Please request the relevant forms)
- We are obliged by law to retain our records for a period of time after we have concluded our business with you, to comply with various regulations. During this period, your personal information will be archived and will remain protected. After this period has expired, your personal information will be destroyed in a way that de-identifies you.
THE SECURITY OF OUR SYSTEMS
- We store all data, information and IT hardware in a locked office, where access control measures are in place and limited to Newfield employees. Portable digital devices that employees may use (including cell phones, iPads and laptops) are password protected with antivirus software. Devices are switched off and stored securely in locked and/or alarmed premises when not in use. Information is removed from devices when no longer required.
- Any physical files/data that may leave the premises for specific purposes related to the functioning of the business are kept in closed binders/files, and are locked in secure locations, not visible to any other parties.
- We have secure IT systems in place through various third party service providers. Our internal servers, accounting software, and networks are securely encrypted, password protected and we have antivirus software in place which is updated regularly. Our emails are securely maintained with antivirus scans through our email host. All computers in the office are also password protected.
We confirm that our processing of your personal information:-
- Complies with the 8 Conditions for Lawful Processing as stipulated in the POPI Act;
- Is handled in a way that complies with all other relevant laws, and;
- That your rights to privacy will be protected as required by law.