POPIA Code of Conduct August 2021POPIA Code of Conduct August 2021
1. YOUR RIGHTS TO YOUR PERSONAL INFORMATION
As outlined by the Information Regulator of South Africa, you (a data subject) have a right in how your personal information is stored by businesses. This pertains to:
A. Records of your personal information collected by companies, whether it be collected by automated or non-automated means.
i. Records including name, identification number, mobile phone number, location.
ii. In most cases, we will not require the afore mentioned details to perform our service, which aligns with our core principle of lean and parsimonious data collection.
B. Companies which have collected your personal information is responsible for
i. Keeping your personal information safe within the Republic of South Africa i.e. domiciled in the Republic, where possible.
ii. Keeping your personal information safe when it leaves the Republic, whether that happens by automated or non-automate means.
iii. We will take every effort to keep your data on South African soil, which aligns with our core principle of keeping data local.
C. Personal information that could be used to indirectly identify you will be minimised
i. Occasionally, some market research may contain responses which may indirectly identify who you are. We design our surveys to keep these questions to a minimum.
ii. In these cases, we will make it known up front for you to decide before any surveying begins, which aligns with our core principle of explicit consent.
iii. You are also free within our services.
D. Personal information may only be held by companies for a maximum of two years.
i. To ensure your data doesn’t sit around, it will be safe guarded by us with an automated deletion within two years.
2. HOW WE COLLECT, PROCESS, AND STORE YOUR PERSONAL INFORMATION
We collect as little personal, identifiable data about you as possible. Our core principles of privacy are:
A. Lean and parsimonious data collection: we take pride in keeping you and your responses as anonymous as possible.
B. Explicit consent: before we collect and store information about you, we will inform you exactly what we’re collecting about you. Explicit consent can take the form of filling in forms, ticking boxes, or providing opinions.
C. Keeping data local: we take every measure to keep your data collected by our services within South Africa, stored on South African soil. Where we can’t store or process data on South African equipment (like data processing in the cloud), we will make it known before data collection takes place.
D. Freely given opinions: you will not be pressured into consenting for giving over any part of your personal information. If a required field makes you feel uncomfortable, feel free to exit the survey at any time and all your personal information collected to that point will be disposed.
E. Deletion of personal information after processing: after we have concluded our data processing and generated a report, we will delete your personal information This method allows your data to be “lost in the crowd”, ensuring your anonymity. This will happen within a maximum of two years, with our historical median deletion time being 6 weeks.
F. Freedom of personal data removal: at any point, you can request our data officers to remove your personal data from our systems and services.
3. WHAT WE MAY COLLECT, HOW IT WILL BE COLLECTED AND WHY IT MAY BE COLLECTED
When running our services, we may collect the following data points:
A. Explicit data points i.e., our services will ask you to fill these in and are not collected implicitly:
i. First name, middle name, and/or last name
ii. Contact details, including email address and/or phone number.
iii. Location details, including the address or city/town/municipality of your workplace; and/or the address or city/town/municipality where you live.
iv. Your place of work, including (but not limited to) business/operating sector, and/or nature of business.
v. Demographic information, including (but not limited to) gender identity, age or age group, home language and/or additional languages, and occupation.
vi. Your academic background, your expectations for a course and course requirements.
vii. Your personal opinions toward a product, service, or situation.
viii. Your ratings and feedback from a course, workshop, webinar, or talk, which, with your consent, may be used as a testimonial on our website or social media or in a proposal to a client.
ix. Software and services you may use.
x. When the above-mentioned data points are collected, these may be used with our partners to enhance your experience with the product/service in the survey.
xi. Implied data points i.e., our services may collect these automatically from your browser activity:
xii. IP address: we collect this automatically from your browser. We use this to ensure our data collection is not coming from automated bots, repeated respondents, or respondents outside of South Africa. This data will be reviewed and deleted once this is verified.
xiii. Automated IDs: your session with our survey will assign you a random, automated identifier, which will be used to identify your data record in the set of responses. This is not related to your national identification number.
B. What we do with this information we gather:
i. For internal record keeping
ii. We may use the information to improve our products and services
iii. We may periodically send informational or promotional emails with announcements about new products or services, special offers, or other information you may find interesting using the email address you have provided
iv. From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax, or social media. We may use the information to customise our website or promotional material according to your interests.
4. WHERE YOUR DATA MAY RESIDE, AND WHERE IT MAY BE PROCESSED
When we collect and process your data, we may store your data on:
A. Our elected servers, which reside in:
i. SAMRAND, South Africa. This data is safe guarded with strong, unique passwords, backed with time-based second factor authentication.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operation to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
6. LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Where your data may be partially stored:
A. Partners with a stake in contacting you
i. You will be notified if your data may be shared with partners to improve your experiences.
7. WHO TO CONTACT FOR QUERIES AND CONCERNS
We are committed to ensuring that you information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical electronic and managerial procedures to safeguard and secure the information we collect online.
A. Our South African data officers are available for requests, queries, and concerns:
i. Principal data officer: Lois Wagner
1. Email: firstname.lastname@example.org
2. Contact number: 082 563 1959