POLICY STATEMENT AND MANUAL OF:
PROTECTION OF PERSONAL, INFORMATION AND
RETENTION OF DOCUMENTS
and all its subsidiaries
(Hereinafter referred to as “VC”)
(Registration number: 2020/517242/07)
TABLE OF CONTENTS
The “VC” Group is a group of companies functioning within the distribution and supply chain network, Performing Arts and production space, streaming, security, manufacturing, and events that is obligated to comply with The Protection of Personal Information Act 4 of 2013.
POPI requires the “VC” Group to inform their clients as to the way their personal information is used, disclosed, and destroyed. The “VC” Group guarantees its commitment to protecting its client’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
The Policy sets out the way the “VC” Group deals with their client’s personal information as well as and stipulates the purpose for which said information is used.
The Policy is made available on the “VC” company website www.virtualcolletive.africa, and by request from the “VC” head office.
DCM Wildstone security
“Personal Information may only be processed if, given the purpose for which it is processed, is adequate, relevant and not excessive.”
Purpose of Processing
The Company uses the Personal Information under its care in the following ways:
- Rendering service according to instructions given by clients
- Staff administration
- Keeping of accounts and records
- Complying with tax laws
Examples of personal information we collect include but is not limited to: – The Client’s Identity number, name, surname, address both home and business, postal code, and phone number.
The Client’s Personal Information will only be used for the purpose for which it was collected and as agreed.
This may include:
- Providing products or services to clients.
- Conducting credit reference searches or verification.
- Confirming, verifying, and updating client details.
- For the detection and prevention of fraud.
- Conducting market or customer satisfaction research.
- For audit and record keeping purposes.
- In connection with legal proceedings.
- In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
Personal information may only be processed if certain conditions, listed below are met.
- The client’s consents to the processing
- The necessity of processing: to conduct an accurate analysis of the client’s needs
- Processing complies with an obligation imposed by law
- Processing protects a legitimate interest of the client — it is in the client’s best interest to have a full and proper needs analysis performed to provide them with an applicable and beneficial product or service.
- Processing is necessary for pursuing the legitimate interests of the “VC” Group or of a third party to whom information is supplied
“VC” may disclose a client’s personal information to any of the “VC” group companies or subsidiaries, joint venture companies and or approved product- or third-party service providers whose services or products client select to use.
“VC” has agreements in place to ensure that compliance with confidentiality and privacy conditions
“VC” may also disclose a client’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect “VC” rights.
The Company employs up to date technology to ensure the confidentiality, integrity, and availability of the Personal Information under its care. Measures include:
- Virus protection software and update protocols – Logical and physical access control.
- Secure setup of hardware and software making up the IT infrastructure.
- Outsourced Service Providers who process Personal Information on behalf of the Company are contracted to implement security controls.
- Each new employee will be required to sign an employment contract containing relevant consent clauses for the use and storage of employee information.
- Every employee currently employed within the “VC” Group will be required to sign an addendum to their employment contracts containing relevant consent clauses for the use and storage of employee information.
- “VC” archived client information is stored on site, which is also governed by POPI, access is limited to these areas to authorized personal.
- “VC” product suppliers, insurers and other third-party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information.
- All electronic files or data are BACKED UP by the In-Tech Business Solutions which is also responsible for system security that protects third party access and physical threats. The Group IT Division is responsible for Electronic Information Security.
- All the user terminals on our internal computer network and our servers must be protected by passwords which must be changed on a regular basis.
- Consent to process client information is obtained from clients (or a person who has been given authorization from the client to provide the client’s personal information) during the introductory, appointment and needs analysis stage of the relationship.
- Should it appear that the personal information of a client has been accessed or acquired by an unauthorized person, we must notify the Information Regulator and the relevant client/s, unless we are no longer able to identify the client/s. This notification must take place as soon as reasonably possible.
- Such notification must be given to the Information Regulator first as it is possible that they, or another public body, might require the notification to the client/s be delayed.
- The notification to the client must be communicated in writing in one of the following ways, with a view to ensuring that the notification reaches the client:
- by mail to the client’s last known physical or postal address
- by email to the client’s last known email address 3.3 by publication on our website or in the news media; or
3.4 as directed by the Information Regulator.
- This notification to the client must give sufficient information to enable the client to protect themselves against the potential consequences of the security breach, and must include:
- a description of the possible consequences of the breach
- details of the measures that we intend to take or have taken to address the breach
- the recommendation of what the client could do to mitigate the adverse effects of the breach; and
- if known, the identity of the person who may have accessed, or acquired the personal information.
Clients have the right to access the personal information “VC” holds about them. Clients also have the right to ask “VC” to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, the “VC” Group may no longer process said personal information. “VC” will take all reasonable steps to confirm its clients’ identity before providing details of their personal information or making changes to their personal information.
On production of proof of identity, any person is entitled to request that we confirm, free of charge, whether we hold any personal information about that person in our records.
Name: Philip Potgieter
Telephone number: 012 991 5924
Cell number: 083 676 1214
E-mail address: email@example.com
Please Download the POPIA act here: