THE PROTECTION OF PERSONAL INFORMATION ACT
OUR DUTY TO YOU
The Protection of Personal Information Act (POPI) is now in operation and we need to comply. POPI regulates how we handle your personal information while we do our work.
POPI is intended to balance 2 competing interests, these are:
- Your constitutional right to privacy (which requires your personal information to be protected): and
- The needs of our society to have access to and to use your personal information for legitimate purposes, for example, to enable us to do our work for you.
POPI obliges us to inform you of our process, and that is the main purpose of this correspondence. If you wish to have greater insight into the way in which we implement POPI, you may ask for a copy of our company’s internal POPI Compliance Manual. So, without further ado, here is what you need to know:
THE COLLECTION AND PROCESSING OF PERSONAL INFORMATION
- We will collect the majority of your personal information from yourself. Please cooperate with us when we do so. We will also collect your personal information from any intermediary that might have referred you to us, and from public records.
- We will be collecting your personal information to enable us to fulfil the mandate that we have been given by you. This might be the sale or purchase of a property, or the lease or hire of a property.
- You are legally obliged to supply the information that we need to comply with the Financial Intelligence Centre Act (FICA). This information is required to combat money laundering and the financing of terrorism. Any other information that we ask for will be required to enable us to do our work. You have a choice as to whether you will supply us with this other information. Please note that if you fail to supply the information we ask for, we will not be able to do our work properly. You might also be placing yourself in breach of a contract, or the law.
- We will be passing your personal information on to all third parties that require it for the purposes of doing their work which is related to what we are doing for you. For example, if we are working with another estate agency to fulfil our mandate to you, and they need your information on a deed of sale, we will share the required information with them.
- You can rest assured that unless we are legally obliged to share your personal information, we will only share so much of your personal information as is needed by the authority that requires it, and we will only do so when it is necessary for us to do our work for you. In addition, all of our staff are bound by confidentially clauses in their letters of employment.
- If there is an international component to the work which we are doing for you, and if we are required to share your personal information with an overseas recipient, you are entitled to ask us how your personal information will be protected in this foreign country, and we will endeavor to assist you.
- You have the right of access to your personal information and the right to correct any errors relating to the information that we have on record. In addition, you have the right to object to us continuing to process your personal information. In this regard, please note that if you do exercise this right, we will not be able to do our work properly. In addition, this might place you in breach of a contract.
- We are obliged by law to retain our records for a period of time after we have completed our work. During this period, your personal information will also remain protected. After this period has expired, your personal information will be destroyed in a way that de-identifies you.
THE SECURITY OF OUR SYSTEMS
- [Our website uses specialist security software – Shield Security. This helps to ensure data breaches do not occur and our website and data are protected against hacking attempts and intrusion.Shield Security protects site visitors and works to block potential hacks while monitoring web traffic and filesystem changes.
The learn more about Shield Security, please follow this link.
- The Shield Security plugin never stores any sensitive, personally identifiable information in any cookie at any time.
- In the case that the Shield Security plugin needs to redirect a visitor or any request, it may use a cookie to prevent repeated/infinite redirect loops.
- For registered/logged-in users, the Shield Security plugin uses a cookie to track user sessions and control display of certain in-plugin admin notices.
Data Storage: User Sessions
For logged-in users, the Shield Security plugin stores information on the username, the IP address and the time of last login and last activity.
This information is purged upon logout or data cleanup.
Data Storage: Audit Trail
The Shield Security plugin has an Audit Trail feature that will log the following information:
- Audit Trail message that may include email addresses
- Logged-in username (where applicable)
- Originating IP address of the request
For logged-in users this represents information that may be used to locate (by IP address) and identify individuals and their activity on the site.
This information is stored for security purposes by the site administrator.
This data will be retained and then automatically purged from the database after a fixed time period, as determined by the site administrator. (Currently this is set to 14 days.)
What personal data we collect and why we collect it
When you register for the site, you may be asked to provide certain personal data for display on your profile. The “Name” field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator.
User information provided during account registration can be modified or removed on the Profile > Edit panel. In most cases, users also have control over who is able to view a particular piece of profile content, limiting visibility on a field-by-field basis to friends, logged-in users, or administrators only. Site administrators can read and edit all profile data for all users.
This site records certain user actions, in the form of “activity” data. Activity includes updates and comments posted directly to activity streams, as well as descriptions of other actions performed while using the site, such as new friendships, newly joined groups, and profile updates.
The content of activity items obey the same privacy rules as the contexts in which the activity items are created. For example, activity updates created in a user’s profile is publicly visible, while activity items generated in a private group are visible only to members of that group. Site administrators can view all activity items, regardless of context.
Activity items may be deleted at any time by users who created them. Site administrators can edit all activity items.
The content of private messages is visible only to the sender and the recipients of the message. With the exception of site administrators, who can read all private messages, private message content is never visible to other users or site visitors. Site administrators may delete the content of any message.
We use a cookie to show success and failure messages to logged-in users, in response to certain actions, like joining a group. These cookies contain no personal data, and are deleted immediately after the next page load.
When a logged-in user creates a new group, we use a number of cookies to keep track of the group creation process. These cookies contain no personal data, and are deleted either upon the successful creation of the group or after 24 hours.
What we collect and store
While you visit our site, we collect information about you during the process of creating comments or reviews of products. We’ll track:
- Author name, author email, author IP, date, title, content and review url: we’ll use this to create reviews of products
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Author name, author email, author IP, date, title and content of the reviews you have made
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
We keep your contact information private unless you agree to show your details on your profile page.
How we protect your data
We have a very powerful Shield and Firewall to keep hackers and purges unable to enter this site to obtain and collect any data, ensuring that our protection wall is always updated and Fireproof.
What data breach procedures we have in place
Powerful Shield Protector and a team working around the clock to ensure your data safety. If in any event data are stolen, all authorities are notified immediately and our system are then rebooted to avoid such attacks.
What third parties we receive data from
We are partnered with trustworthy third parties whom we receive data from, but it does not mean your data are collected in any means.
What automated decision making and/or profiling we do with user data
We do not use your data for anything, normally we will only tell clients our counter of users for gaining visitors to their products or services. However if you are reported your profile will be investigated and if you are a threat to other users your account will be deleted and blocked for future use.]
Should you have any issues with the way in which we are processing your personal information, you are entitled to lodge a complaint with the Information Regulator, whose contact details are:
33 Hoofd Street
Forum III, 3rd Floor Braampark
P.O Box 31533
Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: email@example.com.
We trust however that our processing of your personal information will be handled in a way that complies with all the relevant laws and that your rights to privacy will be protected as required by law.
[Address details if letterhead not used]
Form 2: Clients consent to process personal information
[ESTATE AGENCY LETTERHEAD]
CONSENT TO PROCESS (USE) PERSONAL INFORMATION IN TERMS
OF THE PROTECTION OF PERSONAL INFORMATION ACT
I/We the undersigned
(NAME & ID / PASSPORT NUMBER)
hereby give my/our consent for the processing (use) of our personal information by SOUTH AFRICA CLASSIFIEDS ESHOP MARKETPLACE (PTY) LTD for the purposes of carrying out the following work:
(PLEASE TICK THE APPROPRIATE BOX):
- Assisting me with the sale of a property, physical & downloadable products/services
- Assisting me with the purchase of a property, physical & downloadable products/services
- Assisting me with the leasing of my property, physical & downloadable products/services
- Assisting me with securing a property to rent
- The valuation of a property, physical & downloadable products/services
- Other (please specify) _______________________________________________
This consent specifically includes the right to work with my/our bank account details as and when required to ensure that I/we receive payments or refunds due to me/us.
This consent is furnished on condition that my/our personal information shall be used and processed in accordance with the Protection of Personal Information Act.
SIGNED AT ___________________________(place) ON ________________________(date)
Form 3: Objection to processing of personal information
(Form 1 of the Regulations)
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
- Affidavits or other documentary evidence as applicable in support of the objection may be
- If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each
- Complete as is
|A||DETAILS OF DATA SUBJECT|
surname/ registered name of data subject:
|Unique Identifier/ Identity Number|
|Residential, postal or business address:|
|Code ( )|
|Fax number / E-mail address:|
|B||DETAILS OF RESPONSIBLE PARTY|
|Name(s) and surname/ Registered name of responsible party:|
|Residential, postal or business address:|
|Code ( )|
|Fax number/ E-mail address:|
|C||REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please
provide detailed reasons for the objection)
Signed at …………………………………… this …………………. day of ………………………20…………
Signature of data subject/designated person