About this Policy
This policy sets out how Digiata Technology Services (Pty) Ltd uses and protects the personal information provided to us by our data subjects.
Any changes to this policy in response to changing legal, regulatory or operational requirements will be carefully considered in line with the Protection of Personal Information Act No. 4 of 2013. The latest version of this policy may be viewed on our website or requested from our Information Officer.
Information collected and retained by Digiata Technology Services (Pty) Ltd may consist of a variety of data as detailed under the following categories:
- Identifying Information: Juristic Persons. The type of personal; information we may collect from juristic persons includes registered name, registered number, registration date, financial year end, nature of entity, country of registration, address, phone number, email address, website, correspondence, bank account details, financial information and tax number.
- Identifying Information: Natural Persons The type of personal information we may collect from natural persons includes name and surname, other names, ID number, date of birth, age, race, gender, pregnancy, marital status, nationality, address, phone number, email address, photograph, correspondence, bank account details, financial information, tax numbers, educational history, employment history, and health information.
- Employee Records. The type of personal information we may collect from employees includes bank account details, bursary agreements, contact details such as physical address, email, phone number, correspondence in all forms, curriculum vitae, disciplinary records, education and employment history, employment contracts and details of remuneration, identification documents, identifying information such as name, age, race, gender, leave records, medical aid details, password utilised for work purposes, photographs, staff loan agreements,
- tax numbers, training records and work laptop details and access password.
Collection of Information
Personal data may either be collected directly from you, as data subject, or it may be collected from other sources. Other sources may include our affiliates and third party service providers. Where information is not collected directly from you as data subject, Digiata Technology Services (Pty) Ltd will take reasonable steps to inform you of the fact that the information was collected from another source and will be processed.
Use of Personal Information
Digiata Technology Services (Pty) Ltd requires certain personal information to carry out its business and to provide a quality and personalised service to its clients.
Digiata Technology Services (Pty) Ltd will ensure that all personal information provided to us is processed in a lawful and reasonable manner that does not infringe on the rights or privacy of the data subject.
Personal information will only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
Digiata Technology Services (Pty) Ltd will only process the personal information of a data subject in accordance with applicable data protection law.
Personal information will only be requested by Digiata Technology Services (Pty) Ltd for a specific and lawful purpose, and will only be utilised for the specified purpose. Any further processing will only be in accordance with or compatible with the purpose for which it was collected.
Digiata Technology Services (Pty) Ltd endeavours to ensure that any personal information in its possession is complete, accurate and not misleading, and will take steps to update this information where necessary.
Destruction or Deletion of Personal Information
Digiata Technology Services (Pty) Ltd will destroy or delete personal information or de-identify it as soon as reasonably practicable after we are no longer authorised to retain the record, either through your consent or applicable legislation. Refusal to grant us access to your personal information may hinder our ability to provide you with a professional and personalised service or otherwise engage with you, whether as an employee, customer or service provider.
Processing by an Operator
Digiata Technology Services (Pty) Ltd will ensure that any personal information obtained by it and processed by an operator is processed in terms of applicable legislation. No personal information will be provided to an operator unless a written contract between Digiata Technology Services (Pty) Ltd and the operator has been entered in to, which requires the operator to process any personal information provided to it in terms of the Protection of Personal Information Act No. 4 of 2013. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Retention of Information
Digiata Technology Services (Pty) Ltd’s policy is to retain personal information provided to it for so long as they are still engaged with the data subject. Digiata Technology Services (Pty) Ltd’s business is of such a manner that personal information provided by a data subject may become relevant at any time and may need to be processed further, well after the initial processing thereof. It is thus prudent to keep all information on record, unless instructed otherwise by the data subject.
Once engagement with a data subject expires, personal information will only be retained for so long as retention thereof is required or allowed by law. Thereafter, all personal information pertaining to this data subject will be destroyed in a manner that renders it impossible to re-identify.
Direct Marketing and General Communications
We may contact you periodically to provide information regarding our events, seminars, products, services, and content that may be of interest to you. We will only send such communications after receiving your prior consent.
If you do not wish to receive such further communications from us, you can click on the unsubscribe link in the applicable communication or contact us via email@example.com to withdraw your consent.
Rights of Data Subjects
According to the Protection of Personal Information Act No. 4 of 2013, a data subject has the right to have his, her or its personal information processed in accordance with the conditions for the lawful processing of personal information as referred to in Chapter 3, including the right—
- to be notified that—
- personal information about him, her or it is being collected as provided for in terms of section 18; or
- his, her or its personal information has been accessed or acquired by an unauthorised person as provided for in terms of section 22;
- to establish whether a responsible party holds personal information of that data subject and to request access to his, her or its personal information as provided for in terms of section 23;
- to request, where necessary, the correction, destruction or deletion of his, her or its personal information as provided for in terms of section 24;
- to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information as provided for in section 11(3)(a);
- to object to the processing of his, her or its personal information—
- at any time for purposes of direct marketing in terms of section 11(3)(b); or
- in terms of section 69(3)(c);
- not to have his, her or its personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1);
- not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of his, her or its personal information intended to provide a profile of such person as provided for in terms of section 71;
- to submit a complaint to the Regulator (available at firstname.lastname@example.org) regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as provided for in terms of section 74; and
- to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information as provided for in section 99.
Digiata Technology Services (Pty) Ltd will ensure the integrity and confidentiality of personal information in its possession or under its control. We have taken appropriate, reasonable, technical and organisational measures to prevent—
- the loss of, damage to, or unauthorised destruction of, personal information; and
- unlawful access to or processing of personal information.
Details of the procedures implemented by Digiata Technology Services (Pty) Ltd are available in our POPIA Compliance Manual.
Digiata will only transfer personal information to a third party who is in a foreign country if the transfer complies with the requirements of section 72 of the Protection of Personal Information Act 4 of 2013.
Where Digiata Technology Services (Pty) Ltd has reasonable grounds to believe that the data records of a data subject have been accessed without authorisation or have been compromised, we will, subject to our other obligations in law, immediately notify the Information Regulator (South Africa) and the data subject, in writing.
If a breach of data is experienced, Digiata Technology Services (Pty) Ltd will ensure that the failed security measures are evaluated and improved, to prevent any future instances of unauthorised access or compromised data.
The personal information of a child (a natural person under the age of 18 years) will not be processed by Digiata Technology Services (Pty) Ltd unless the prior consent of a competent person is obtained or if the processing of that personal information is allowed or required by law.
If you have questions about your data records or how to request the correction, destruction or deletion thereof, please contact us at email@example.com. For questions specifically about this policy, or our use of your personal information, cookies or similar technologies, please contact our Information Officer at firstname.lastname@example.org.
The Information Officer appointed by Digiata Technology Services (Pty) Ltd to protect your personal information is David Theodore de Klerk.
Further information regarding our data processing activities are available in our POPIA Compliance Manual which is available on our website and on request from the Information Officer.
This policy was last updated on 30 June 2021.
Any references to sections above are references to the Protection of Personal Information Act No. 4 of 2013. These sections are described or quoted below:
Section 11(1)(d) to (f) Personal information may only be processed if processing protects a legitimate interest of the data subject; processing is necessary for the proper performance of a public law duty by a public body; or processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
Section 11(3)(a) A data subject may object, at any time, to the processing of personal information in terms of subsection (1)(d) to (f), in the prescribed manner, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing.
Section 11(3)(b) A data subject may object, at any time, to the processing of personal information for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications as referred to in section 69.
Section 18 Notification to data subject when collecting personal information
Section 22 Notification of security compromises
Section 23 Access to personal information
Section 24 Correction of personal information
Section 69 Direct marketing by means of unsolicited electronic communications
Section 69(1) The processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless the data subject—
- has given his, her or its consent to the processing; or
- is, subject to subsection (3), a customer of the responsible party.
Section 69(3)(c) A responsible party may only process the personal information of a data subject who is a customer of the responsible party in terms of subsection (1)(b)—
- if the data subject has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details—
- at the time when the information was collected; and
- on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use.
Section 71 Automated decision making
Section 74 Complaints
Section 99 Civil remedies