Dear Valued Client,
As you may be aware the Protection of Personal Information Act (POPI Act) came into law on the 1st of July 2020 and as the 1st of July 2021 all responsible parties must be complying. As a responsible party, Ruby Rapscallion undertakes to keep all your personal and/or business information provided private and confidential and to store this information according to the code of good practice in compliance with the POPI Act.
When it comes to the protection of personal information, the Protection of Personal Information Act 4 of 2013 (POPIA), is there to protect you. Here is more information on this Act, and what you should know about it:
WHAT IS POPIA?
POPIA was enacted in November 2013 to enhance the Constitutional right to privacy that we all enjoy and to ensure the safeguarding of personal information processed by public and private bodies. It sets out eight conditions which are the requirements for the processing of personal information. Key sections of POPIA came into force on the 1st July 2020, and responsible parties (such as Ruby Rapscallion) that process personal information of natural and juristic persons (data subjects) have until 1 July 2021 to ensure full compliance. As a responsible party, Ruby Rapscallion is entrusted with the personal information of many stakeholders such as members/policyholders, potential clients, staff and service providers and we are therefore obligated to process this information in line with the law.
WHAT IS DEFINED AS PERSONAL INFORMATION?
Personal information is information relating to an identifiable, living, natural person or existing juristic person, that relates to, among others, the race, gender, sex, marital status, sexual orientation, age, physical, mental, spiritual, economic, cultural, or social identity; their health, educational or financial history; as well as identifying numbers and addresses including biometric information belonging to either an identifiable living natural person or an existing juristic person.
EIGHT CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION
- Accountability: Ruby Rapscallion must be accountable for the personal information it processes or holds in its possession.
- Processing limitation: Personal information must be processed in a lawful and reasonable manner. The purpose for processing the information must be lawful, adequate, relevant, and not excessive.
- Purpose specification: The purpose for processing personal information must be specific, explicitly defined, and lawful.
- Further processing limitation: The reason for processing personal information further must be compatible with the original purpose of collection.
- Information quality: We are required to take practical steps to ensure that the personal information we process is complete, accurate, not misleading and updated.
- Openness: Personal information must be processed in a way that allows the data subject to know what is happening to their personal information.
- Security Safeguards: We must ensure that there are sufficient security safeguards in place to secure the integrity and confidentiality of the personal information in our possession.
- Data subject participation: Data subjects have a right to access to their personal information and to correct and update their personal information.
Your personal and/or business information is collected to issue documents (such as invoices, credit notes and statements/ and to communicate with you via mail, messaging or telephone for sales and informational purposes. Part of this information is also shared with our couriers for deliveries to be completed successfully to you. Your information will only be shared with outside parties if we are legally or ethically bound to do so. The information collected is securely stored digitally and/or in paper format and only authorized personnel are allowed access. You have a right to request access to your information to see how and where it is stored. You may request that your information be updated or deleted from our records, as long as, this deletion does not contradict the requirements set out in the Companies Act or the requirements for financial record keeping as set out by the South African Revenue Service.
Should you no longer wish to receive correspondence from us and/or want us to keep your information, kindly respond via email with “Opt-out/Delete” in the subject line. Should you require that your information be updated kindly respond via email with “Information Update” in the subject line and supply all the information to be updated in the body of the mail. Should we receive no response we will assume that you agree to continue receiving correspondence and that the information we have on record is correct and we still have permission to keep it and use it in the manner we have explained above.
Should you have further queries please contact us on: 083 270 4113 or email us at firstname.lastname@example.org
Thank you for your continued support,