POLICY STATEMENT AND MANUAL
PROTECTION OF PERSONAL INFORMATION AND THE RETENTION OF DOCUMENTS
Policy owner | AW Hart T/A Hart of Africa |
Approved by: | Sole Proprietor |
Publishing date | May 2021 |
Revision frequency | Annually |
Version number | 00l |
PART A
PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT OF 2013
- PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013, Hart of Africa
INTRODUCTION
- HART OF AFRICA is a sole proprietor functioning within the manufacturing environment that is obligated to comply with The Protection of Personal Information Act 4 of 2013.
- POPI requires HART OF AFRICA to inform their clients, employees as to the manner in which their personal information is used, disclosed and destroyed.
- HART OF AFRICA is committed to protecting its clients and employees privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
- The Policy sets out the manner in which HART OF AFRICA deals with their clients and employees personal information as well as stipulates the purpose for which said information is used.
- The Policy is made available on the HART OF AFRICA company website www.hartofafrica.co.za and by request from their office.
PERSONAL INFORMATION COLLECTED
- Section 9 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
- HART OF AFRICA collects and processes personal information pertaining to the actual needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, HART OF AFRICA will inform the employee, and client as to the information required and the information deemed optional. Examples of personal information we collect include, but is not limited to:
- The Identity number, name, surname, address, postal code, marital status, and number of dependants;
- Residence and business address
iii. Medical history
- Any other information required by HART OF AFRICA or Contractors in order to provide an accurate analysis of the suitability for any specific role profile.
- HART OF AFRICA aims to have agreements in place with all product suppliers, clinical trial subjects and third party service providers to ensure a mutual understanding with regard to the protection of personal information. HART OF AFRICA suppliers will be subject to the same regulations as applicable to HART OF AFRICA. For purposes of this Policy, it refer to potential and existing contractors, employees and clients.
THE USAGE OF PERSONAL INFORMATION
- The Personal Information will only be used for the purpose for which it was collected and as agreed.
- This may include:
- Providing services to sponsors/third parties;
- Applications for open job opportunities;
iii. Confirming, verifying and updating client or trial subject details;
- Conducting market or customer satisfaction research;
- For audit and record keeping purposes;
- In connection with legal proceedings;
vii. Providing HART OF AFRICA services to clients, to render the services requested and to maintain and constantly improve the relationship;
viii. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
- According to section 10 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for HART OF AFRICA processing of Personal Information:
- The contractors, employees and trial subjects’, consents to the processing: – consent is obtained from contractors, employees and trial subjects’, during the introductory, appointment and needs analysis stage of the relationship;
- The necessity of processing: in order to conduct an accurate analysis of the contractors, employees and trial subjects’ needs for purposes of the relationship.
iii. Processing complies with an obligation imposed by law on HART OF AFRICA
- Processing protects a legitimate interest of the client — it is in the clients best interest to have a full and proper needs analysis performed in order to provide them with an applicable and beneficial product or service.
- Processing is necessary for pursuing the legitimate interests of HART OF AFRICA or of a third party to whom information is supplied — in order to provide HART OF AFRICA clients with services both HART OF AFRICA and any of our clients require certain personal information from the contractors and employees in order to make an expert decision on the unique and specific product and or service required.
DISCLOSURE OF PERSONAL INFORMATION
- HART OF AFRICA may disclose personal information to any of the HART OF AFRICA subsidiaries, joint venture companies and or sponsors or third party service providers whose services require use of HART OF AFRICA as agreements in place to ensure compliance with confidentiality and privacy conditions.
- HART OF AFRICA may also share personal information with, and obtain information from parties for the reasons already discussed above.
- HART OF AFRICA may also disclose information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect HART OF AFRICA rights.
SAFEGUARDING INFORMATION
- It is a requirement of POPI to adequately protect personal information. HART OF AFRICA will continuously review its security controls and processes to ensure that personal information is secure.
- The following procedures are in place to protect personal information:
- HART OF AFRICA INFORMATION OFFICER is SHARON HART whose details are available below and who is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI.
- THIS POLICY has been put in place throughout HART OF AFRICA and training on this policy and the POPI Act will be conducted during May and June 2021 by HART OF AFRICA
iii. Each new employee will be required to sign an EMPLOYMENT CONTRACT containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
- Every employee currently employed within HART OF AFRICA will be required to sign an addendum to their EMPLOYMENT CONTRACTS containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
- HART OF AFRICA archived information is stored on site which is also governed by POPI, access to retrieve information is limited to authorised personnel.
- HART OF AFRICA product suppliers, insurers and other third party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information; this is however an ongoing process that will be evaluated as needed.
vii. Hard copies of personal information is stored in a lockable cabinet or rooms.
viii. Soft copies of information is stored on password protected servers and computers with access control and internal computer and IT policies.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
- Employees, clients and contractors have the right to access the personal information HART OF AFRICA holds about them. They also have the right to ask HART OF AFRICA to update, correct or delete their personal information on reasonable grounds. Once someone objects to the processing of their personal information, HART OF AFRICA may no longer process said personal information. HART OF AFRICA will take all reasonable steps to confirm identity and access before providing details of their personal information or making changes to their personal information.
- The details of HART OF AFRICA, Information Officer are as follows:
Information Officer SHARON HART
E-Mail Address sharon@hoafrica.co.za
Telephone Number: (021) 5593899
Postal Address: PO BOX 28173, BOTHASIG, 7406
Physical Address: UNIT 10 SOUTHDALE BUSINESS PARK, EDGEMEAD
AMENDMENTS TO THIS POLICY
- Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once a year. Employees and Clients are advised to access HART OF AFRICA (website periodically to keep abreast of any changes. Where material changes take place, it will be stipulated on the HART OF AFRICA website.
PART B:
POLICY ON THE RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS
PURPOSE
- To exercise effective control over the retention of documents and electronic transactions:
- as prescribed by legislation; and
- as dictated by business practice.
- Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. Documents are also necessary for defending legal action, for establishing, what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
- To ensure that the Company’s interests are protected and that the rights to privacy and confidentiality are not breached, queries may be referred to the Information Officer.
SCOPE & DEFINITIONS
- All documents and electronic transactions generated within and/or received by the Company. a. Definitions:
- Clients includes, but are not limited to, shareholders, debtors, creditors as well as the affected personnel and/or departments related to a services of the
Company.
- Confidential Information refers to all information or data disclosed to or obtained by the Company by any means whatsoever.
iii. Constitution: Constitution of the Republic of South Africa Act, 108 of 1996. iv. Data refers to electronic representations of information in any form.
- Documents include books, records, accounts and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro- mechanically or optically, or in any other form.
- ECTA: Electronic Communications and Transactions Act, 25 of 2002.
vii. Electronic communication refers to a communication by means of data messages.
viii. Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
- Electronic transactions include e-mails sent and received.
- PAIA: Promotion of Access to Information Act, 2 of 2000.
ACCESS TO DOCUMENTS
- All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances (also see clause 20 b) below):
- where disclosure is under compulsion of law;
xii. where there is a duty to the public to disclose;
xiii. where the interests of the Company require disclosure; and
xiv. where disclosure is made with the express or implied consent of the client.
DISCLOSURE TO 3RD PARTIES
20 a. All employees have a duty of confidentiality in relation to the Company, clients and candidates.
- Information on clients and candidates: Our clients’ and candidates’ right to confidentiality is protected in the Constitution and in terms of ECTA. Information may be given to a 3rd party if the client or candidate has consented in writing to that person receiving the information.
xvi. Requests for company information:
- These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural and juristic) that is required for the exercise or protection of rights. Private bodies, like the Company, must however refuse access to records if disclosure would constitute an action for breach of the duty of secrecy owed to a third party.
- In terms hereof, requests must be made in writing on the prescribed form to the Company Secretary, who is also the Information Officer in terms of PAIA. The requesting party has to state the reason for wanting the information and has to pay a prescribed fee.
xvii. Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial espionage. The affairs of the Company must be kept strictly confidential at all times.
- The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
STORAGE OF DOCUMENTS
- Hard Copies
- Documents are stored in lockable storage at HART OF AFRICA office.
- The Basic Conditions of Employment Act requires a retention period of 3 years for the documents mentioned below:
- Section 29(4):
- Written particulars of an employee after termination of employment;
- Section 31:
- Employee’s name and occupation;
- Time worked by each employee;
iii. Remuneration paid to each employee;
- Date of birth of any employee under the age of 18 years. v. Employment Equity Act, No 55 of 1998:
- Section 26 and the General Administrative Regulations, 2009, Regulation 3(2) requires a retention period of 3 years for the documents mentioned below:
- Records in respect of the company’s workforce, employment equity plan and other records relevant to compliance with the Act;
- The Unemployment Insurance Act, applies to all employees and employers except:
- Workers working less than 24 hours per month;
- Learners;
- Public servants;
- Foreigners working on a contract basis;
- Workers who get a monthly State (old age) pension;
- Workers who only earn commission.
- Section 56(2)(c) requires a retention period of 5 years, from the date of submission, for the documents mentioned below:
- Employers must retain personal records of each of their current employees in terms of their names, identification number, monthly remuneration and address where the employee is employed.
- 5.1.12 Tax Administration Act, No 28 of2011:
- Section 29 of the Tax Administration Act, states that records of documents must be retained to:
- Enable a person to observe the requirements of the Act;
- Are specifically required under a Tax Act by the Commissioner by the public notice;
- Will enable SARS to be satisfied that the person has observed these requirements.
- Section 29(3)(a) requires a retention period of 5 years, from the date of submission for taxpayers that have submitted a return and an indefinite retention period, until the return is submitted, then a 5 year period applies for taxpayers who were meant to submit a return.
- Section 29(3) (b) requires a retention period of 5 years from the end of the relevant tax period for taxpayers who were not required to submit a return, but had capital gains/losses or engaged in any other activity that is subject to tax or would be subject to tax but for the application of a threshold or exemption.
- Section 32(a) and (b) require a retention period of 5 years but records must be retained until the audit is concluded or the assessment or decision becomes final, for documents indicating that a person has been notified or is aware that the records are subject to an audit or investigation and the person who has lodged an objection or appeal against an assessment or decision under the TAA. i. Income Tax Act, No 58 of 1962:
- Schedule 4, paragraph 14(1)(a)-(d) of the Income Tax Act requires a retention period of 5 years from the date of submission for documents pertaining to each employee that the employer shall keep:
- Amount of remuneration paid or due by him to the employee;
- The amount of employee’s tax deducted or withheld from the remuneration paid or due;
- The income tax reference number of that employee;
- Any further prescribed information;
- Employer Reconciliation return.
- Schedule 6, paragraph 14(a)-(d) requires a retention period of 5 years from the date of submission or 5 years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to:
- Amounts received by that registered micro business during a year of assessment;
- Dividends declared by that registered micro business during a year of assessment;
- Each asset as at the end of a year of assessment with cost price of more than R 10 000;
- Each liability as at the end of a year of assessment that exceeded R 10 000.
- Value Added Tax Act, No 89 of 1991:
- Section 15(9), 16(2) and 55(1)(a) of the Value Added Tax Act and Interpretation Note 31, 30 March requires a retention period of 5 years from the date of submission of the return for the documents mentioned below:
- Where a vendor’s basis of accounting is changed the vendor shall prepare lists of debtors and creditors showing the amounts owing to the creditors at the end of the tax period immediately preceding the changeover period;
- Importation of goods, bill of entry, other documents prescribed by the Custom and Excise Act and proof that the VAT charge has been paid to SARS;
- Vendors are obliged to retain records of all goods and services, rate of tax applicable to the supply, list of suppliers or agents, invoices and tax invoices, credit and debit notes, bank statements, deposit slips, stock lists and paid cheques;
- Documentary proof substantiating the zero rating of supplies;
- Where a tax invoice, credit or debit note, has been issued in relation to a supply by an agent or a bill of entry as described in the Customs and Excise Act, the agent shall maintain sufficient records to enable the name, address and VAT registration number of the principal to be ascertained.
ELECTRONIC STORAGE
- The internal procedure requires that electronic storage of information: important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval thereof. This will be done in conjunction with the departments concerned.
- Scanned documents: If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 year after the date of scanning, with the exception of documents pertaining to personnel. Any document containing information on the written particulars of an employee, including: employee’s name and occupation, time worked by each employee, remuneration and date of birth of an employee under the age of 18 years; must be retained for a period of 3 years after termination of employment.
- Section 51 of the Electronic Communications Act No 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is used. It is also required that all personal information which has become obsolete must be destroyed.
DESTRUCTION OF DOCUMENTS
- Documents may be destroyed after the termination of the retention periods listed above.
- Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by the Company pending such return.
- After completion of the process in 37 above, the Managing Director shall, in writing, authorise the removal and destruction of the documents in the authorisation document.
- The documents are then made available for collection by the removers of the Company’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
- Documents may also be stored off-site, in storage facilities approved by the Company.
APPROVAL AND ACCEPTANCE BY CEO/MANAGER
I accept and approve above policy:
Company name: HART OF AFRICA