Land Cruiser Club - Southern Africa -
A: PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT OF 2013
PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 POPI POLICY 2017 INTRODUCTION- The LCCSA is a club functioning within the digital technology solutions that is obligated to comply with The Protection of Personal Information Act 4 of POPI requires LCCSA to inform their members and prospective members as to the manner in which their personal information is used, disclosed and destroyed. The LCCSA is committed to protecting its members’ and prospective members’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. The Policy sets out the manner in which the LCCSA deals with this information as well as stipulates the purpose for which said information is used. The Policy is made available by request from the Custodians of the LCCSA.
- Section 9 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not”
- The LCCSA collects and processes personal information pertaining to the person’s needs. The type of information will depend on the need for which it is collected and will be processed for that purpose. Whenever possible, the LCCSA will inform the member or prospective member as to the information required and the information deemed optional. Examples of personal information we collect include, but is not limited to:
- The person’s Identity number, name, surname, residential address, postal code and contact details (including telephone numbers and email address);
- Description of the person’s residence and business.
- The LCCSA aims to have agreements in place with all product suppliers and third-party service providers to ensure a mutual understanding with regard to the protection of members’ personal information. LCCSA suppliers will be subject to the same regulations as applicable to the LCCSA. With the member’s consent the LCCSA may also supplement the information provided with information it receives from other providers in order to offer a more consistent and personalized experience in the candidate’s interaction with the LCCSA. For purposes of this Policy, members and potential members include all potential and existing members.
- The person’s personal information will only be used for the purpose for which it was collected.
- This may include:
- Providing access to LCCSA platforms, the LCCSA Forum (https://landcruiserclub.co.za/forum) and LCCSA events and to carry out the transactions requested;
- Confirming, verifying and updating member details;
- Conducting LCCSA official activities including Custodian norminations, voting and member satisfaction research;
- For audit and record keeping purposes;
- In connection with legal proceedings;
- Providing membership services to members, to render the services requested and to maintain and constantly improve the relationship;
- In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
- According to section 10 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for processing of Personal Information:
- The person consents to the processing: - consent is obtained from potential members during the sign-up / registration process to the LCCSA;
- The necessity of processing: in order to conduct an accurate analysis of the person’s needs for purposes of the service required.
- Processing complies with an obligation imposed by law on the LCCSA;
- Processing protects a legitimate interest of the potential member — it is in the potential member’s best interest to have a full understanding of the responsibilities and limitations of the LCCSA, and familiarise themselves with the constitution of the LCCSA.
- Processing is necessary for pursuing the legitimate interests of the LCCSA or of a third party to whom information is supplied — in order to provide LCCSA members and potential members with products and or services and any of our product suppliers require certain personal information from the members and candidates in order to make an expert decision on the unique and specific product and or service.
- LCCSA may disclose a candidate’s personal information to any of the LCCSA subsidiaries, joint venture companies and or approved product supplier or third party service providers whose services or products members require use. LCCSA has agreements in place to ensure compliance with confidentiality and privacy conditions.
- LCCSA may also share candidate personal information with, and obtain information about candidates from third parties for the reasons already discussed.
- LCCSA may also disclose a candidate’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect LCCSA rights.
- It is a requirement of POPI to adequately protect personal information and the LCCSA will continuously review its security controls and processes to ensure that personal information is:
- The LCCSA’s INFORMATION OFFICER is the Club Administrator whose details are available and is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions,
- Each new member will be required to read and confirm a mandatory declaration containing relevant consent clauses for the use and storage of member information, or any other action so required, in terms of POPI;
- Every current member of the LCCSA will be required to read and confirm an addendum to their membership conditions containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
- The LCCSA’s archived member and potential member information is stored off-site at Xneelo which is also governed by POPI, access to retrieve information is limited to authorized personnel.
- The LCCSA’s suppliers, insurers and other third-party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information; this is however an ongoing process that will be evaluated as needed.
- Members and potential members have the right to access the personal information LCCSA holds about them, and also have the right to ask the LCCSA to update, correct or delete their personal information on reasonable grounds. Once a member or potential member objects to the processing of their personal information, the LCCSA may no longer process said personal information. The LCCSA will take all reasonable steps to confirm its members identity before providing details of their personal information or making changes to their personal information.
- The details of the LCCSA’s Information Officer and Head Office are as follows:
Club Administrator as appointed from time to time. admin@landcruiserclub.co.za
- Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once members are advised to access LCCSA’s website periodically to keep abreast of any changes. Where material changes take place, members and potential members will be notified directly or changes will be stipulated on the LCCSA website.
B: POLICY ON THE RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS
PURPOSE- To exercise effective control over the retention of documents and electronic transactions:
- as prescribed by legislation; and as dictated by business practice.
- Documents need to be retained in order to prove the existence of facts and to exercise the rights of the Company.
- Documents are also necessary for defending legal action, for establishing what was said or done in relation to business of the LCCSA and to minimize the LCCSA’s reputational risks.
- To ensure that the LCCSA’s interests are protected and that the LCCSA’s and members’ rights to privacy and confidentiality are not breached.
- Queries may be referred to the Information Officer.
- All documents and electronic transactions generated within and/or received by the LCCSA.
- Definitions:
- Members and potential members includes, but are not limited to, custodians, debtors, creditors as well as the affected personnel related to a service division of the Company.
- Confidential Information refers to all information or data disclosed to or obtained by the LCCSA by any means.
- Constitution: Constitution of the Republic of South Africa.
- Data refers to electronic representations of information in any modality.
- Documents include books, records, accounts and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro- mechanically or optically, or in any other.
- ECTA: Electronic Communications and Transactions Act.
- Electronic communication refers to a communication by means of data messages.
- Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
- Electronic transactions include e-mails sent and received.
- PAIA: Promotion of Access to Information Act.
- All LCCSA and member information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances (also see clause 20 b) below):
- where disclosure is under compulsion of law;
- where there is a duty to the public to disclose;
- where the interests of the Company require disclosure; and
- where disclosure is made with the express or implied consent of the client.
- All employees have a duty of confidentiality in relation to the Company, members and employees.
- Information on members: Our members’ right to confidentiality is protected in the Constitution and in terms of Information may be given to a 3rd party if the client or candidate has consented in writing to that person receiving the information.
- Requests for company information:
- These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural and juristic) that is required for the exercise or protection of Private bodies, like the Company, must however refuse access to records if disclosure would constitute an action for breach of the duty of secrecy owed to a third party.
- In terms hereof, requests must be made in writing on the prescribed form to the Company Secretary, who is also the Information Officer in terms of PAIA. The requesting party has to state the reason for wanting the information and has to pay a prescribed fee.
- Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial action.
- The affairs of the Company must be kept strictly confidential at all times.
- The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
- Hard Copies
- Documents are not stored in hard copy.
- The internal procedure requires that electronic storage of information: important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval. This will be done in conjunction with the departments concerned.
- Scanned documents: If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 year after the date of scanning, with the exception of documents pertaining to any document containing information on the written particulars of an employee, including: employee’s name and occupation, time worked by each employee, remuneration and date of birth of an employee under the age of 18 years; must be retained for a period of 3 years after termination of employment.
- Section 51 of the Electronic Communications Act No 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is. It is also required that all personal information which has become obsolete must be destroyed.
- Documents may be destroyed after the termination of the retention periods listed. Registration will request departments to attend to the destruction of their documents and these requests shall be attended to as soon as possible.
- Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by the LCCSA pending such return.
- After completion of the process in 28 above, the Custodians will, in writing, authorise the removal and destruction of the documents in the authorisation. These records will be retained by Registration.
- The documents are then made available for collection by the removers of the LCCSA’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
- Documents may also be stored off-site, in storage facilities approved by the LCCSA.