ITC Pest Control POPIA Notice
1. INTRODUCTION
1.1. ITC Pest Control CC processes personal information and other confidential information of individuals and juristic persons to deliver services to our clients. The nature of the personal information which we process, depends on the service we render in each client, as well as the legislative requirements to be adhered to by us.
1.2. We are obliged to process personal information in accordance with the provisions of the Protection of Personal Information Act, no. 4 of 2013 (‘the POPI Act’). This notice constitutes our policy statement to declare our business’s commitment to comply with the POPI Act when processing personal information and special personal information, as
defined in paragraphs 8.5 and 8.9 below
1.3. This notice forms part of our agreement with you and is available upon request, from our office.
2. PURPOSE OF PROCESSING PERSONAL INFORMATION
2.1. We process personal information primarily to deliver Pest Control, Fumigation, HACCP and Inspection services to our clients. We also process personal information –
2.1.1. for personalised marketing purposes, if you are a client of our business or if you elected to receive marketing material from us. Please note that you have a choice not to have your personal information used for marketing purposes.
2.1.2. to send newsletters to our clients and others who have elected to receive newsletters from us. Please note that clients have a choice not to receive newsletters from us.
2.1.3. to conduct client satisfaction research.
2.1.4. for audit and record keeping purposes.
2.1.5. to deal with requests and enquiries about personal information held by us and to update this information, when advised by you.
2.1.6. should you apply for employment at our business, to process your application
2.1.7. for the detection and prevention of fraud, crime, money laundering or other malpractices.
2.1.8. in connection with legal proceedings.
2.1.9. in connection with and to comply with legal and regulatory requirements, or when it is otherwise required by law.
2.2. When you contact us by email, other means of electronic communication, telephone, post, or telefax, we collect, store, use and keep record of certain personal information that you disclose to us. This includes details such as your name, address, telefax number, mobile phone number and email communication data. By providing us with your personal
information, you authorise us and associated entities or third parties (where applicable) to process such information as set out herein.
2.3. We do not intentionally collect or use personal information of children (persons under the age of 18 years), unless with express consent of a parent or guardian, or if the law otherwise allows or requires us to process such personal information.
2.4. We do not process special personal Information about you unless –
2.4.1. it is necessary to establish, exercise or defend a right or obligation in law (eg we have to process information relating to your health as part of our screening processes when you access our premises, in order to comply with Covid-19
regulations and protocols).
2.4.2. we have obtained your consent to do so (eg should you apply for employment at our business, we require your permission to do a criminal record check to process information which relates to your criminal record, if any.
2.5. We are committed to process personal information and special personal information –
2.5.1. fairly and lawfully, for specific lawful purposes.
2.5.2. in accordance with any agreement we may have with you and in accordance with the legal standards applicable to such information or information categories.
2.5.3. which is accurate and kept up to date.
2.5.4. which is adequate, relevant and not excessive or misleading.
3. SHARING OR TRANSFER OF PERSONAL INFORMATION
3.1. We undertake to use your personal Information only for the purpose for which the information is essential and not to share or further process your personal information without your consent.
3.2. Please note that in certain circumstances,
3.2.1. we must share personal information with third parties as part of the services we render to our clients. Subject to paragraph 3.2.4 below, we must inform you when we do so and will share only what is needed for those purposes. We aim to have agreements in place with our service providers to ensure that the personal information that we remain responsible for, is safeguarded by our service providers. Anyone to whom we pass on your personal information, will be required by us to treat your information with the same level of protection as we are obliged to do.
3.2.2. we have to obtain personal information about clients and other persons or entities from third parties as part of the services which we render. We will inform you when we have to obtain personal information about you from a third party.
3.2.3. we release account and other personal information to third parties when we believe that such release is appropriate to comply with the law; to enforce our client agreements and other agreements; or to protect the rights, property or safety of our business and our clients. We will inform you when we decide to do so and will share only what is needed for those purposes.
3.2.4. South African legislation allows for the disclosure of personal information to law enforcement or other agencies without your consent. In circumstances where we are required to disclose information because we are legally obliged to do so, we will first consider the legitimate interests of all concerned.
3.3. We may need to transfer your personal information to another country for processing or storage of data or when it is otherwise required by virtue of the nature of the services rendered to you. This will be done only in limited circumstances and in strict adherence of the requirements of the POPI Act and other relevant legislation.
4. RETENTION OF PERSONAL INFORMATION
4.1. We will retain your personal information for as long you permit us to do so and/or in accordance with the provisions of any applicable legislation.
5. SAFEGUARDING OF PERSONAL INFORMATION
5.1. We are required to take reasonable measures to adequately protect all the personal information we hold and to avoid unauthorized access and use of such personal information. To comply with this requirement, we maintain reasonable industry-standard physical, electronic and procedural safeguards in respect of the personal information we collect, store, disclose and destruct.
5.2. Our written communication with clients and third parties occurs mostly via the internet. For this reason, we have implemented general accepted and up-to-date electronic communication safety measures. However, the internet is not entirely secure and therefore we cannot unconditionally guarantee the security of any information you provide to us via
email, social media, or other communication platforms. Should you be particularly concerned about the safety of specific personal information you intend to send to us, you should liaise with your contact person at the business regarding the appropriate communication platform to be used.
5.3. In the unlikely event that an information security breach in respect of your personal information should occur, we will inform you thereof. We will also investigate the security breach and will take all reasonable measures to limit any possible damage which may arise from such breach.
6. ACCESS TO AND AMENDMENT OF PERSONAL INFORMATION HELD BY US
6.1. Our information officer is Mr. Tertius Linde, a director of our business. Please phone Mr Linde on 022 714 0498 or write to him at fin@itcpest.net if you:
6.1.1. have any queries about this notice.
6.1.2. need further information about our privacy practices.
6.1.3. wish to request a copy of the personal information we hold in respect of yourself and the purpose for holding it. We will take all reasonable steps to confirm your identity before providing details of your personal information to you. There may be a reasonable charge for providing any information so requested.
6.1.4. wish to amend, correct or destroy your personal information held by us. Please contact us to update your personal information whenever your details change.
6.2. If we do not respond to a request from yourself pertaining to your personal information to your satisfaction, you may lodge a complaint at the office of the Information Regulator at the following addresses:
6.2.1. Website: https://www.justice.gov.za/inforeg/index.html
6.2.2. Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
6.2.3. Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017
6.2.4. Complaint email address: complaints.IR@justice.gov.za
6.2.5. General enquiry email address: inforeg@justice.gov.za.
7. CHANGES TO THIS NOTICE
7.1. We may amend our personal information practices and review this notice from time to time. Amendments will be communicated as necessary and will appear on our website.
8. DEFINITIONS OF TERMS USED IN THIS NOTICE
In this notice, the following terms and expressions, will have the meaning as assigned to them by the POPI Act:
8.1. Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our business.
8.2. Data subject is an individual or juristic person to whom personal information relates.
8.3. Electronic communication means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.
8.4. Information security breach is any incident:
8.4.1. in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed or otherwise used or processed in an unauthorised manner; or
8.4.2. that results in the unauthorized access of information, applications, services, networks and/or devices by bypassing our business’s security mechanisms.
8.5. Personal information is Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-
8.5.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
8.5.2. information relating to the education or the medical, financial, criminal or employment history of the person;
8.5.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
8.5.4. the biometric information of the person;
8.5.5. the personal opinions, views or preferences of the person;
8.5.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
8.5.7. the views or opinions of another individual about the person; and
8.5.8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
8.6. Processing means any operation or activity or any set of operations of the responsible party, whether or not by automatic means, concerning personal information, including —
8.6.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of personal information;
8.6.2. dissemination of personal information by means of transmission, distribution or making available in any other form; and
8.6.3. merging, linking, as well as restriction, degradation, erasure or destruction of personal information.
8.7. Record means any recorded information regardless of form or medium, including any of the following:
8.7.1. writing on any material;
8.7.2. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
8.7.3. label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
8.7.4. book, map, plan, graph or drawing; and
8.7.5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced; in the possession or under our business’s control, whether or not it was created by us; and regardless of when it came into existence.
8.8. Responsible party means ITC Pest Control CC.
8.9. Special personal information is information that relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject. It also includes criminal behaviour relating to alleged commissions of offences or any proceeding dealing with alleged offences.