A: PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
JOHN LEE PROPERTIES CC POPI POLICY 2021
JLP is a Company functioning within the real estate space that is obligated to comply with the Protection of Personal Information Act 4 of 2013.
POPI requires JLP to inform their clients as to the manner in which their personal information is used, disclosed and destroyed.
JLP guarantees its commitment to protecting its client’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
The Policy sets out the manner in which JLP deals with their client’s personal information as well as stipulates the purpose for which said information is used. The Policy is made available on JLP’s website www.johnleeprop.co.za and by request from JLP’s head office.
2.1 Clients includes, but are not limited to, tenants, landlords, creditors as well as the affected personnel and/or departments related to a service division of the Company;
2.2 Confidential information refers to all information or data disclosed to or obtained by the Company by any means whatsoever and shall include, but not be limited to:
2.3 Constitution – Constitution of the Republic of South Africa Act 108 of 1996.
2.4 Data refers to electronic representations of information in any form.
2.5 Documents include books, records, security or accounts and any information that has been stored or recorded electronically and or physically.
2.6 Electronic communication refers to a communication by means of data messages.
2.7 Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
2.8 Electronic transactions include e-mails send and received.
3.1 Wikus Albertus and Johan Rudman will be tasked with the responsibility of compliance in the Company.
3.2 JLP has a POPI policy and procedure in place and ensures that there is a culture in line with the protection of personal information in the company.
Section 10 of POPI states that “Personal information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
With the client’s consent JLP collects and processes client’s personal information pertaining to the client’s needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, JLP will inform the client as to the information required and the information deemed optional. Examples of personal information JLP collects include, but are not limited to:
JLP aims to have agreements in place with all product suppliers, insurers and third party service providers to ensure a mutual understanding with regards to the protection of the client’s personal information. JLP’s suppliers will be subject to the same regulations as applicable to JLP.
With the client’s consent, JLP may also supplement the information provided with information JLP receives from other providers in order to offer a more consistent and personalized experience in the client’s interaction with JLP.
For the purpose of this Policy, clients include potential and existing clients.
4.1 Personal information will be obtained directly from the client.
4.2 Consent from the client is essential before gathering or processing any personal information and clients will undersign that they consent accordingly.
4.3 If the personal information has been gathered from a third party, it is a requirement that the third party will undersign that the client has consented to information being shared.
4.4 Only information that is required for the specific purpose for which it is gathered will be stored. In the event that the company collects more information than required for the intended purpose for future use, the company shall obtain the necessary consent from the client (this will be regarded as “Further processing” in the Act).
4.5 Should the company wish to re-use existing personal information for any other purpose other than what the information was gathered for, permission will be requested from the client again.
4.6 Upon the gather of personal information from the client, the client will be advised what the purpose for the information gathered will be and the time period that the information will be held for.
4.7 To ensure that the personal information is reliable and accurate at all times, the company will request the information directly from the client. If it is not possible for the client to produce their own information or if the information is captured from one format to another for example from a paper to an IT system, the information will be revised by a senior authorized person for the accuracy thereof.
4.8 Personal information will be gathered directly (in person) if possible, telephonically (in order to provide confirmation of e-mail / electronic method) or e-mail.
4.9 The client will be informed of how the data will be used at the time of gathering the information. (The company’s POPI Policy will be provided for the client for undersigning wherein they acknowledge to the purpose for which their information is being gathered.)
4.10 Proof of consent will be by way of signature by the client.
4.11 When gathering information, the client will be given details of the responsible person in the company including contact details.
4.12 At the time the personal information is gathered, the client shall be advised of his / her rights to complain to the Information Regulator if misuse is suspected. The Information Regulator’s information and contact details will be provided to the client.
4.13 The client will be advised of his / her rights to access his / her information and to object to the processing of said information upon undersigning of an agreement.
5.1 The client’s personal information will only be used for the purpose for which it was collected and as agreed.
The information is collected for the purpose of qualifying a tenant by running a full credit history as well as for ongoing communication.
The client shall have the right to know what information the company has and for what purpose it was gathered, and the client shall sign that they acknowledge same.
Personal information will only be gathered for specific, explicit and lawful purposes.
This may include:
5.2 According to Section 11 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for the JLP Company processing of personal information:
The JLP Company may disclose a client’s personal information to any of the JLP Company’s subsidiaries, joint venture companies and or approved product – or third-party service providers whose services or products clients elect to use. The JLP Company has agreements in place to ensure that compliance with confidentiality and privacy conditions are met.
The JLP Company may also share client personal information with and obtain information about clients from third parties for the reasons already discussed above. The Third Party will undersign that the client has consented to such information being shared.
JLP may also disclose a client’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect JLP’s rights.
It is a requirement of POPI to adequately protect personal information, JLP will continuously review its security controls and processes to ensure that personal information is secure.
The following procedures are in place in order to protect personal information:
8.1.1 Clients have the right to access the personal information JLP holds about them. Clients also have the right to ask JLP to update, correct or delete their personal information on reasonable grounds.
8.1.2 Once a client objects to the processing of their personal information, JLP may no longer process said information.
8.1.3 JLP will take all reasonable steps to confirm its client’s identity before providing details of their personal information or making changes to their personal information.
8.1.4 When advising the client of the information the company hold and for what purpose the company holds it, the client will be provided with details of how to update their information or withdraw consent.
8.1.5 It is advisable to develop procedures for automatically checking the accuracy of information on a regular basis, by sending a validation request to the client. The aforementioned includes giving the client the option to request at any time (via e-mail and / or via telephone) to update their information and to notify the client at reasonable periods of their right to update their information.
8.1.6 Clients may request their information from our company in writing via e-mail whether the company is in possession of their personal information. This request shall not be declined and my not be charged for. The full nature and details of the information being held shall also be provided for on request, but a charge may be levied for this information.
8.1.7 The client has the right to correct the personal information that the company is in possession of. The client also has the right to withdraw consent at any time. As mentioned above, the client may at any time either via e-mail or telephonically correspond with the company to request the correction of their personal information.
8.2 The details of JLP’s Information Officer and Head Office are as follows:
8.2.1 INFORMATION OFFICER DETAILS
NAME: WIKUS ALBERTSE
TELEPHONE NUMBER: 083 288 7721
FAX NUMBER: N/A
E-MAIL ADDRESS: email@example.com
8.2.2 DEPUTY INFORMATION OFFICER DETAILS
NAME: JOHAN RUDMAN
TELEPHONE NUMBER: 082 570 2764
FAX NUMBER: N/A
E-MAILS ADDRESS: firstname.lastname@example.org
8.2.3 HEAD OFFICE DETAILS
TELEPHONE NUMBER: 087 230 8417
FAX NUMBER: N/A
POSTAL ADDRESS: PO BOX 76383, LYNNWOODRIDGE, 0040
PHYSICAL ADDRESS: 40 TREVOR STREET, MURRAYFIELD, 0184
E-MAIL ADDRESS: email@example.com
9.1 Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once a year.
9.2 Clients are advised to access JLP’s website periodically to keep abreast of any changes.
9.3 Where material changes take place, clients will be notified directly, or changes will be stipulated on JLP’s website.
This manual is made available at the Head Office and on the Website.
B: POLICY ON THE COMPANY’S INTERNAL RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION & ELECTRONIC TRANSACTIONS
1.1 To exercise effective control over the retention of documents and electronic transactions:
1.2 Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. Documents are also necessary for defending legal action, for establishing what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
1.3 To ensure that the Company’s interests are protected and that the Company’s and client’s rights to privacy and confidentiality are not breached.
1.4 Queries may be referred to the Company Secretary.
All documents and electronic transactions generated within and/or received by the Company.
3.1 All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances (also see clause 3.2 below):
3.2 Disclosure to 3rd parties:
A responsible party must, in terms of a written contract between the responsible party and operator, ensure that the operator establishes and maintains the required security measures. The operator must advise immediately if there is the possibility that personal data has been accessed or acquired by any unauthorized person.
All employees have a duty of confidentiality in relation to the Company and clients.
In addition to the provisions of clause 3.1 above, the following are also applicable:
Our client’s right to confidentiality is protected in the Constitution. Information may be given to a 3rd party if the client has consented in writing to that person receiving the information.
3.3 Requests for the company information:
3.4 The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
3.5 The client shall be advised via e-mail or in writing immediately if it is suspected that their personal information has been accessed by unauthorized persons. Sufficient information shall be provided to allow the client to put measures in place to safeguard themselves against potential consequences of the security compromise.
4.1 HARD COPIES & ELECTRONIC DATA:
4.2 COMPANIES ACT NUMBER 71 OF 2008
With regards to the Companies Act, Number 71 of 2008 and the Companies Amendment Act Number 3 of 2011, hard copies of the documents mentioned below must be retained for 7 (SEVEN) years:
Copies of the documents mentioned below must be retained indefinitely:
4.3 CONSUMER PROTECTION ACT NUMBER 68 OF 2008
The Consumer Protection Act seeks to promote a fair, accessible and sustainable marketplace and therefore requires a retention period of 3 (THREE) years for information provided to a consumer by an intermediary such as:
4.4 BASIC CONDITIONS OF EMPLOYMENT ACT NUMBER 75 OF 1997
The Basic Conditions of Employment Act requires a retention period of 3 (THREE) years for the documents mentioned below:
Written particulars of an employee after termination of employment.
4.5 EMPLOYMENT EQUITY ACT NUMBER 55 OF 1998
Section 26 and the General Administrative Regulations, 2009, Regulation 3(2) requires a retention period of 3 (YEARS) for the documents mentioned below:
Section 21 and Regulations 4(10) and (11) require a retention period of 3 (THREE) years for the report which is sent to the Director General as indicated in the Act.
4.6 UNEMPLOYMENT INSURANCE ACT NUMBER 63 OF 2002
The Unemployment Insurance Act, applies to all employees and employers except:
Section 56(2)(c) requires a retention period of 5 (FIVE) years from the date of submission for the documents mentioned below:
4.7 TAX ADMINISTRATION ACT NUMBER 28 OF 2011
Section 29 of the Tax Administration Act states that records of documents must be retained to:
Section 29(3)(a) requires a retention period of 5 (FIVE) years from the date of submission for taxpayers that have submitted a return and an indefinite retention period until the return is submitted then a 5 (FIVE) year period applies for taxpayers who were meant to submit a return, but have not.
Section 29(3)(b) requires a retention period of 5 (FIVE) years from the end of the relevant tax period for taxpayers who were not required to submit a return but had capital gains/losses or engaged in any other activity that is subject to tax or would be subject to tax but for the application of a threshold or exemption.
Section 32(a) and (b) require a retention period of 5 (FIVE) years but records must be retained until the audit is concluded or the assessment or decision becomes final, for documents indicating that a person has been notified or is aware that the records are subject to an audit or investigation and the person who has lodged an objection or appeal against an assessment or decision under the TAA.
4.8 INCOME TAX ACT NUMBER 58 OF 1962
Schedule 4, paragraph 14(1)(a) – (d) of the Income Tax Act requires a retention period of 5 (FIVE) years from the date of submission for documents pertaining to each employee that the employer shall keep:
Schedule 6, paragraph 14(a) – (d) requires a retention period of 5 (FIVE) years from the date of submission or 5 (FIVE) years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to:
4.9 VALUE ADDED TAX ACT NUMBER 89 OF 1991
Section 15(9), 16(2) and 55(1)(a) of the Value Added Tax Act and Interpretation Note 31, 30 March requires a retention period of 5 (FIVE) years from the date of submission of the return for the documents mentioned below:
4.10 ELECTRONIC STORAGE
4.10.1 The internal procedure requires that electronic storage of information, important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval thereof. This will be done in conjunction with the departments concerned.
4.10.2 Scanned documents:
If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 (ONE) year after the date of scanning, with the exception of documents pertaining to personnel. Any document containing information on the written particulars of an employee including: remuneration and ate of birth of an employee under the age of 18 (EIGHTEEN) years must be retained for a period of 3 (THREE) years after termination of employment.
4.10.3 Section 51 of the Electronic Communications Act Number 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 (ONE) year or for as long as the information is used. It is also required that all personal information which has become obsolete must be destroyed.
5.1 The company will account for what information are in our possession and for what purpose it was gathered and a date on which the information must be destroyed.
5.2 Documents may be destroyed after the termination of the retention period. Registration will request departments to attend to the destruction of their documents and these requests shall be attended to as soon as possible.
5.3 Each department is responsible for attending to the destruction of its documents which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by the Company pending such return.
5.4 After completion of the process in 5.2 above, the General Manager of the department shall in writing authorize the removal and destruction of the documents in the authorization document. These records will be retained by Registration.
5.5 The documents are then made available for collection by the removers of the Company’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
5.6 Documents may also be stored off-site, in storage facilities approved by the Company.
5.7 Information held in hard copy will be shredded and information held on the company’s electronic data base will be permanently deleted.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.