PROTECTING YOUR PERSONAL INFORMATION IS IMPORTANT TO US
The Protection of Personal Information Act, Act No. 4 of 2013 (POPIA) that has come into effect on 01 July 2021, aims to protect a data subject’s personal information in a world where access to information has become more and more prevalent and it includes a right to protection against the unlawful collection, retention, dissemination and use of personal information.
PGSA is committed to protecting your privacy and the confidentiality of any personal information that you provide to us.
Our Privacy Policy includes the following information:
• Collecting or obtaining personal information
• Utilising personal information
• Storing personal information
• Disclosing personal information
• Retaining or destroying personal information
We encourage all members to read through the privacy policy to gain insight on how we process and protect your private information – see below
Should you have any further queries, email us at info@pgssa.org.za
Privacy Policy
Data/Personal Information Protection
1. PGSA agrees to process personal data in accordance with the following mandatory data-protection principles:
a. Personal information shall be held for specific lawful purposes
and not be used or disclosed in a way incompatible with the
purpose(s)
b. Personal information must be obtained and processed fairly
and lawfully
c. Personal information must be adequate, relevant and not
excessive for the purpose(s)
d. Personal information must not be kept longer than necessary
e. Personal information may not be transferred to a third party
unless certain safeguards are in place and that PGSA has
agreed in writing to such transfer
f. Personal information in manual and digital format should be
protected
g. Personal information gathered through video surveillance
should also be protected:
i. Photographs of individuals should not be displayed in markets, nor used in teaching material, promotional material, prospectuses, etc., displayed on websites, or in any other way made public without the permission of the individual(s) concerned
2. Protection of manual data/ personal information:
a. Manual data/ personal information should be held in filing cabinets, locked cupboards or rooms with access restricted to named individuals or categories of individuals
b. All cabinets shall either be locked with a key or stored in an office that can be locked
c. No public access shall be allowed to any area or room where data is stored or can be accessed
d. Reasonable steps should be taken to detect and prevent unauthorised access
Correction/Blocking and Erasure of Data
1. Employees may not correct, erase or block data processed in the execution of the mandate except on the instructions of an authorised person
2. If the data subject approaches PGSA directly with a request for the correction
or erasure of his/her data, such person shall immediately pass the request on to the rest of the PGSA Steering Group
Transmission Control
1. Due to the nature of business of PGSA, the PGSA Steering Group shall from
time to time obtain/compile/gather/collect critical, confidential and sensitive or
personal data about their clients
2. The Steering Group shall, as the responsible party under data protection
legislation, collect, store and process such data insofar as it is necessary to
conduct the Company’s business
3. Accordingly, the parties wish to regulate control over, access to and protection of such data once PGSA becomes aware of it
4. The Steering Group agree to co-operate in the case of all reasonable enquiries
made by PGSA or the relevant authority regarding the processing of personal
information
5. PGSA shall inform the data subject immediately once the security has been
breached or any data has been damaged or leaked
6. PGSA implements the following measures for the protection of personal data
during electronic transmission or transport or communication of data:
a. VPN channels
b. Firewall
c. Access via encrypted connections
7. Data is stored and transported physically in such a way that the risk of theft,
loss or damage is confined to a minimum. Rules define the protection of data
media with regard to:
a. storage
b. issue
c. transport (virtual and physical)
d. release for the execution of transport
8. SAOSO shall not use the data for any other purposes and, in particular, are not
entitled to pass it on to third parties
9. No copies or duplicates shall be made without the knowledge of SAOSO:
a. Exceptions in this respect include backup copies, insofar as these are required to ensure proper data processing and data required for the observation of statutory storage obligations