THE PROTECTION OF PERSONAL INFORMATION ACT

OUR DUTY TO YOU

Dear Client

The Protection of Personal Information Act (POPI) is now in operation and we need to comply.  POPI regulates how we handle your personal information while we do our work.

POPI is intended to balance 2 competing interests, these are:

  • Your constitutional right to privacy (which requires your personal information to be protected): and
  • The needs of our society to have access to and to use your personal information for legitimate purposes, for example, to enable us to do our work for you.

POPI obliges us to inform you of our process, and that is the main purpose of this correspondence.  If you wish to have greater insight into the way in which we implement POPI, you may ask for a copy of our company’s internal POPI Compliance Manual.  So, without further ado, here is what you need to know:

THE COLLECTION AND PROCESSING OF PERSONAL INFORMATION

  1. We will collect the majority of your personal information from yourself. Please cooperate with us when we do so.  We will also collect your personal information from any intermediary that might have referred you to us, and from public records.
  2. We will be collecting your personal information to enable us to fulfil the mandate that we have been given by you. This might be the sale or purchase of a property, or the lease or hire of a property.
  3. You are legally obliged to supply the information that we need to comply with the Financial Intelligence Centre Act (FICA). This information is required to combat money laundering and the financing of terrorism.  Any other information that we ask for will be required to enable us to do our work.  You have a choice as to whether you will supply us with this other information.  Please note that if you fail to supply the information we ask for, we will not be able to do our work properly.  You might also be placing yourself in breach of a contract, or the law.
  4. We will be passing your personal information on to all third parties that require it for the purposes of doing their work which is related to what we are doing for you. For example, if we are working with another estate agency to fulfil our mandate to you, and they need your information on a deed of sale, we will share the required information with them.
  5. You can rest assured that unless we are legally obliged to share your personal information, we will only share so much of your personal information as is needed by the authority that requires it, and we will only do so when it is necessary for us to do our work for you. In addition, all of our staff are bound by confidentially clauses in their letters of employment.
  6. If there is an international component to the work which we are doing for you, and if we are required to share your personal information with an overseas recipient, you are entitled to ask us how your personal information will be protected in this foreign country, and we will endeavor to assist you.
  7. You have the right of access to your personal information and the right to correct any errors relating to the information that we have on record. In addition, you have the right to object to us continuing to process your personal information.  In this regard, please note that if you do exercise this right, we will not be able to do our work properly.  In addition, this might place you in breach of a contract.
  8. We are obliged by law to retain our records for a period of time after we have completed our work. During this period, your personal information will also remain protected. After this period has expired, your personal information will be destroyed in a way that de-identifies you.

THE SECURITY OF OUR SYSTEMS

  1. [Our website uses specialist security software – Shield Security. This helps to ensure data breaches do not occur and our website and data are protected against hacking attempts and intrusion.Shield Security protects site visitors and works to block potential hacks while monitoring web traffic and filesystem changes.

    The learn more about Shield Security, please follow this link.

    Cookies

    1. The Shield Security plugin never stores any sensitive, personally identifiable information in any cookie at any time.
    2. In the case that the Shield Security plugin needs to redirect a visitor or any request, it may use a cookie to prevent repeated/infinite redirect loops.
    3. For registered/logged-in users, the Shield Security plugin uses a cookie to track user sessions and control display of certain in-plugin admin notices.
    4. The Shield Security plugin does not normally use Cookies for unregistered site visitors. It may however use a cookie to register the closure of the Shield Security security badge to prevent repeated display.

    Data Storage: User Sessions

    For logged-in users, the Shield Security plugin stores information on the username, the IP address and the time of last login and last activity.

    This information is purged upon logout or data cleanup.

    Data Storage: Audit Trail

    The Shield Security plugin has an Audit Trail feature that will log the following information:

    1. Audit Trail message that may include email addresses
    2. Logged-in username (where applicable)
    3. Originating IP address of the request

    For logged-in users this represents information that may be used to locate (by IP address) and identify individuals and their activity on the site.

    This information is stored for security purposes by the site administrator.

    This data will be retained and then automatically purged from the database after a fixed time period, as determined by the site administrator. (Currently this is set to 14 days.)

    What personal data we collect and why we collect it

    Profile Data

    When you register for the site, you may be asked to provide certain personal data for display on your profile. The “Name” field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator.

    User information provided during account registration can be modified or removed on the Profile > Edit panel. In most cases, users also have control over who is able to view a particular piece of profile content, limiting visibility on a field-by-field basis to friends, logged-in users, or administrators only. Site administrators can read and edit all profile data for all users.

    Activity

    This site records certain user actions, in the form of “activity” data. Activity includes updates and comments posted directly to activity streams, as well as descriptions of other actions performed while using the site, such as new friendships, newly joined groups, and profile updates.

    The content of activity items obey the same privacy rules as the contexts in which the activity items are created. For example, activity updates created in a user’s profile is publicly visible, while activity items generated in a private group are visible only to members of that group. Site administrators can view all activity items, regardless of context.

    Activity items may be deleted at any time by users who created them. Site administrators can edit all activity items.

    Messages

    The content of private messages is visible only to the sender and the recipients of the message. With the exception of site administrators, who can read all private messages, private message content is never visible to other users or site visitors. Site administrators may delete the content of any message.

    Cookies

    We use a cookie to show success and failure messages to logged-in users, in response to certain actions, like joining a group. These cookies contain no personal data, and are deleted immediately after the next page load.

    We use cookies on group, member, and activity directories to keep track of a user’s browsing preferences. These preferences include the last-selected values of the sort and filter dropdowns, as well as pagination information. These cookies contain no personal data, and are deleted after 24 hours.

    When a logged-in user creates a new group, we use a number of cookies to keep track of the group creation process. These cookies contain no personal data, and are deleted either upon the successful creation of the group or after 24 hours.

    What we collect and store

    While you visit our site, we collect information about you during the process of creating comments or reviews of products. We’ll track:

    • Author name, author email, author IP, date, title, content and review url: we’ll use this to create reviews of products

    Who on our team has access

    Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

    • Author name, author email, author IP, date, title and content of the reviews you have made

    How long we retain your data

    If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

    For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

    What rights you have over your data

    If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

    Where we send your data

    Visitor comments may be checked through an automated spam detection service.

    Your contact information

    We keep your contact information private unless you agree to show your details on your profile page.

    Additional information

    How we protect your data

    We have a very powerful Shield and Firewall to keep hackers and purges unable to enter this site to obtain and collect any data, ensuring that our protection wall is always updated and Fireproof.

    What data breach procedures we have in place

    Powerful Shield Protector and a team working around the clock to ensure your data safety. If in any event data are stolen, all authorities are notified immediately and our system are then rebooted to avoid such attacks.

    What third parties we receive data from

    We are partnered with trustworthy third parties whom we receive data from, but it does not mean your data are collected in any means.

    What automated decision making and/or profiling we do with user data

    We do not use your data for anything, normally we will only tell clients our counter of users for gaining visitors to their products or services. However if you are reported your profile will be investigated and if you are a threat to other users your account will be deleted and blocked for future use.]

Should you have any issues with the way in which we are processing your personal information, you are entitled to lodge a complaint with the Information Regulator, whose contact details are:

33 Hoofd Street

Forum III, 3rd Floor Braampark

P.O Box 31533

Braamfontein, Johannesburg, 2017

Complaints email: complaints.IR@justice.gov.za

General enquiries email: inforeg@justice.gov.za.

We trust however that our processing of your personal information will be handled in a way that complies with all the relevant laws and that your rights to privacy will be protected as required by law.

Kind regards

ESTATE AGENCY

[Address details if letterhead not used]

 

 

Form 2: Clients consent to process personal information

 

[ESTATE AGENCY LETTERHEAD]

CONSENT TO PROCESS (USE) PERSONAL INFORMATION IN TERMS

OF THE PROTECTION OF PERSONAL INFORMATION ACT

 

I/We the undersigned

____________________________________________________________________________

____________________________________________________________________________

(NAME & ID / PASSPORT NUMBER)

hereby give my/our consent for the processing (use) of our personal information by SOUTH AFRICA CLASSIFIEDS ESHOP MARKETPLACE (PTY) LTD for the purposes of carrying out the following work:

(PLEASE TICK THE APPROPRIATE BOX):

  • Assisting me with the sale of a property, physical & downloadable products/services
  • Assisting me with the purchase of a property, physical & downloadable products/services
  • Assisting me with the leasing of my property, physical & downloadable products/services
  • Assisting me with securing a property to rent
  • The valuation of a property, physical & downloadable products/services
  • Other (please specify) _______________________________________________

______________________________________________________________________

 

This consent specifically includes the right to work with my/our bank account details as and when required to ensure that I/we receive payments or refunds due to me/us.

This consent is furnished on condition that my/our personal information shall be used and processed in accordance with the Protection of Personal Information Act.

 

SIGNED AT ___________________________(place) ON ________________________(date)

 

 

__________________________________                ___________________________________

CUSTOMER                                                                                                                 CUSTOMER

 

Form 3: Objection to processing of personal information

(Form 1 of the Regulations)

FORM 1
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)

 

REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018

[Regultion 2]

Note:

  1. Affidavits or other documentary evidence as applicable in support of the objection may be
  2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each
  3. Complete as is

 

A DETAILS OF DATA SUBJECT
Name(s) and

surname/ registered name of data subject:

  
Unique Identifier/ Identity Number  
Residential, postal or business address:  
 
 
Code (        )
Contact number(s):  
Fax number / E-mail address:  
B DETAILS OF RESPONSIBLE PARTY
Name(s) and surname/ Registered name of responsible party:  
Residential, postal or business address:  
 
 
 
Code (        )
Contact number(s):  
Fax number/ E-mail address:  
C REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please

provide detailed reasons for the objection)
 
 

Signed at …………………………………… this …………………. day of ………………………20…………

 

 

……………………………………………………

Signature of data subject/designated person