Effective Date: 2023/10/16
1. Introduction
At “Needs,” we are dedicated to protecting personal information and ensuring that data privacy is respected and upheld. This policy details our commitment and outlines the principles behind the responsible handling of personal information in compliance with the Protection of Personal Information Act (“POPIA”).
2. Scope of the Policy
This policy applies to all personal information collected, processed, stored, and disposed of by “Needs,” regardless of its format. All employees, contractors, and third parties working with “Needs” are expected to comply with this policy.
3. Collection of Personal Information
– We collect personal information directly from individuals where possible, with clear consent and under a lawful basis, or from authorized third parties.
– We limit the collection of personal information to what is necessary related to our business purposes and legal requirements.
4. Processing and Use of Personal Information
– Personal information is processed fairly, transparently, and in accordance with individuals’ rights.
– Data is used solely for the purposes explicitly agreed upon with the data subject or within the expectations of the law.
5. Data Security and Protection
– We implement and maintain technological, organizational, and physical security measures to protect personal information from loss, unauthorized access, or disclosure.
– Access to personal information is restricted to authorized personnel who require it for their job functions.
6. Data Accuracy and Retention
– We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date.
– Personal information is not kept longer than necessary for the purposes for which it was collected or as required by law.
7. Data Subject’s Rights and Participation
– We respect the rights of individuals regarding their personal information, such as their rights to access, correction, objection, and deletion.
– Requests concerning personal information will be processed in a timely manner, in accordance with POPIA regulations.
8. Third-Party Disclosure and Transfer
– Personal information is not disclosed or shared with third parties without informed consent, except as required by law or to deliver contracted services.
– When transferring personal information, domestically or internationally, we ensure protective measures are in place to maintain data security and compliance with POPIA.
9. Breach Response and Notification
– We have implemented protocols to identify, manage, and report data breaches promptly and, where applicable, notify affected individuals and the Information Regulator in compliance with POPIA.
– Employees are trained to respond effectively to any data breach incidents.
10. Compliance, Monitoring, and Auditing
– Regular compliance audits are conducted to assess and ensure adherence to this policy.
– Deficiencies identified during audits are promptly rectified.
11. Policy Enforcement
Violations of this policy may result in disciplinary action, including termination of employment or contractual relationships, and may lead to legal consequences.
12. Policy Review
This policy will be reviewed periodically and updated to reflect changes in laws, business practices, or in response to any identified risks.
13. Contact Information
For any questions, requests, or concerns related to this policy or your personal information, please contact our Information Officer or the designated representative at +27 71 581 7191 / info@needs.co.za.