Terms and Conditions
View our company terms and conditions
Policy On The Protection of Personal Information Act 04 of 2013
POLICY ON THE PROTECTION OF PERSONAL INFORMATION ACT 04 OF 2013 FOR BLANCHARD AFRICA (“BSA”)
Blanchard Africa, trading as Blanchard South Africa (“BSA”) is a leadership training, consulting and coaching services organisation established in July 2022. The primary business of BSA is to support learning that empowers leaders at all levels to create cultures of connection, and inspiring talent to deliver extraordinary results.
A. The Protection of Personal Information Act 4 of 2013, (“POPIA”/“the Act”) and the Regulations promulgated in terms thereof require the Information Officer as defined under the Act to develop, implement, monitor and maintain a compliance framework, (Regulation 4 of Regulations published under GG number 42110 dated 14 December 2018).
B. The purpose of the Act is to give effect to the Constitutional Right to privacy, by safeguarding personal information when processed by a responsible party subject to justifiable limitations.
C. BSA is committed to complying with and promoting the spirit purport of the Act.
D. BSA recognizes and respects the right of Data Subjects to have their Personal Information protected as conferred by the Act.
E. This Policy is hereby developed by BSA in compliance with the Act and Regulations in order to provide a compliance framework within which BSA, its officers and Employees shall Process Personal Information.
F. BSA through this policy makes a commitment to protect the rights of Data Subjects as required by the Act various pieces of legislation that apply to the processing of personal information.
1.1. This policy applies to all BSA Employees, officers, members, suppliers and the BSA Board and anyone who may process Personal Information for and on behalf of BSA.
1.2. The policy shall apply to all situations and business processes where Personal Information is processed, more importantly where such information may be made accessible to third parties.
1.3. The policy must be read together with the BSA PAIA Manual.
2.1. “Applicable Legislation” means all legislation applicable to BSA including POPI, National Archiving Act, Income Tax Act 58 of 1962; Value Added Tax Act 89 of 1991, Labour Relations Act 66 of 1995, Basic Conditions of Employment Act 75 of 1997, Employment Equity Act 55 of 1998, Skills Development Levies Act 9 of 1999,
BSA POPI Policy_v1_23092022
Unemployment Insurance Act 63 of 2001, Electronic Communications and Transactions Act 25 of 2002, Telecommunications Act 103 of 1996, Electronic Communications Act 36 of 2005, Consumer Protection Act 68 of 2008, National Credit Act 34 of 2005, and all legislation as listed under clause 7 of the BSA PAIA Manual.
2.2. “Data Subject” means the person to whom personal information relates as defined under the Act;
2.3. “Employee” means, for the purposes of this policy, any person employed permanently (full or part-time), temporary, or on a fixed-term contract, and include contractors and BSA Board, that may come into contact with, use, process or otherwise deal with Personal Information;
2.4. “Organisation” means BSA and as the context indicates may also mean Employees and officers;
2.5. “Personal information” shall mean, for purposes of this policy and as defined under the Act, information about an identifiable, natural person, and in so far as it is applicable, an identifiable, juristic person, including, but not limited to:
2.5.1. information relating to the race, gender, sex, pregnancy, marital status, national;
2.5.2. ethnic or social origin, colour, sexual orientation, age, physical or mental health;
2.5.3. well-being, disability, religion, conscience, belief, culture, language and birth of the person;
2.5.4. information relating to the education or the medical, criminal or employment history of the person or information relating to financial transactions in which the person has been involved;
2.5.5. any identifying number, symbol or other particular assigned to the person;
2.5.6. the address, fingerprints or blood type of the person;
2.5.7. the personal opinions, views or preferences of the person, except where they are about another individual or about a proposal for a grant, an award of a prize to be made to another individual;
2.5.8. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.5.9. the views or opinions of another individual about the person;
2.5.10. the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the person, but excluding the name of the other individual where it appears with the views or opinions of the other individual; and
BSA POPI Policy_v1_23092022
2.5.11. the name of the person where it appears with other personal information relating to the person or where the disclosure of the name itself would reveal information about the person;
2.5.12. but excludes information about a natural person who has been dead, or a juristic person that has ceased to exist, for more than 20 years;
2.6. “Policy” means this policy developed in terms of the Act and Regulations thereto;
2.7. “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
2.7.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.7.2. dissemination by means of transmission, distribution or making available in any other form; or
2.7.3. merging, linking, as well as restriction, degradation, erasure or destruction of information.
2.8. “Purpose” means the BSA’s purpose to Processing of Personal Information as set out under the Organisation’s PAIA Manual;
2.9. “Special Personal Information” means information relating to a person’s (a) religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or (b) criminal behaviour, as defined under the Act;
2.10. “Responsible Party” means, for purposes of this policy, all persons to whom this policy applies, whom, whether alone or in conjunction with others determines the purpose and means of processing Personal Information.
3. COLLECTION OF PERSONAL INFORMATION
BSA collects Personal Information from various Data Subjects for varying purposes e.g. individuals and organisations who wish to receive services from BSA. Such information must be collected in accordance with the provisions of the Act and this policy.
3.1. While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to: Name, email address, telephone number, address.
4. CONDITIONS OF LAWFUL PROCESSING OF PERSONAL INFORMATION
Section 4(1) of the Act requires that all Processing of Personal Information be done in a lawful manner. Anyone who Processes Personal Information for and on behalf the Organisation must do so in terms of the below conditions in order to ensure compliance with the Act:
4.1. Ensure that all the conditions and measures giving effect to conditions of the lawful processing of personal information as set out in the Act and this policy are complied
BSA POPI Policy_v1_23092022
with at the time of the determination of the purpose and means of the Processing and during the Processing.
4.2. Personal Information must only be processed for a specific, explicit and lawfully defined purpose, related to the functions and activities of BSA.
4.3. In the event of a requirement to use Personal Information outside the consented purpose, (“further processing”), then a further consent for the further processing must be obtained from the Data Subject prior to such further processing.
4.4. Personal Information must be collected directly from the Data Subject, should there be a need to collect the information from another source, the consent of the Data Subject must be obtained prior thereto.
4.5. Only up to date and correct Personal Information must be processed, and the Responsible Persons must ensure that the security measures put in place by BSA, as set out in the BSA PAIA Manual are used to secure the confidentiality and privacy of the Personal information.
4.6. No one should sell or make available the BSA databases for the distribution of any material without the Data Subjects’ consent.
4.7. Only relevant Personal Information required for the specified purpose should be collected- nothing in excess of that.
4.8. All communications of a marketing or general communications nature must be subject to an “opt out” functionality, which has to be adhered to strictly. The Data Subject’s consent must be obtained on Form 4 as set out in the Regulations published under GG number 42110 dated 14 December 2018.
4.9. All requests for Personal Information and other information from any person or entity whatsoever shall be dealt with in accordance with the provisions of the BSA PAIA Manual and in line with this policy.
4.10. The Data Subject must be provided access to their Personal Information related upon written request and other request for access to personal and other information from any person or entity must be dealt with in terms of BSA PAIA Manual and in line with this policy.
4.11. All processing of Personal Information must immediately cease, in the event that the Data Subject withdraws its consent to the Processing or objects to the processing of Personal Information in the manner prescribed by law, except where BSA is by law obliged to continue such Processing.
4.12. Personal information must be corrected or deleted upon request by the data subject to do so, except where there is a legal or contractual obligation to retain.
5. SECURITY AND ACCESS
5.1. The Organisation uses the following security measures to secure Personal Information in its possession: Electronic information is secured by firewalls, cloud and data encryption and password secured access.
BSA POPI Policy_v1_23092022
5.2. Anyone who requires access to Personal Information to fulfil the purposes of the Organisation and any legal obligations and under such circumstances where the information is legally required to be provided, is given access to the Personal Information.
5.3. The Organisation regularly verifies that the abovementioned safeguards are effectively implemented and continually updated in response to any new risks or deficiencies.
5.4. The Organisation shall notify the Data Subject in writing, should the Personal Information relating to the data subject be compromised or should there be a suspicion that the Personal Information is compromised.
6. STORAGE AND DESTRUCTION
6.1. All Personal Information in the possession of the Organisation must be stored, retained and destroyed in accordance with the legislation applicable to the specific information.
6.2. Personal Information shall not be retained longer than required to fulfil the purpose for the Processing or longer than required by Applicable Legislation.
6.3. Once the purpose for Processing or the retention period provided under Applicable Legislation expires, the Personal Information must be destructed and/or deleted and/or returned to the Data Subject as may be required by Applicable Law and in a manner that complies with such Applicable Law.
7. PURPOSE AND USE OF PERSONAL INFORMATION
7.1. We will not share, sell, rent or trade your Personally Identifiable Information with other parties. We may share your information with Authorised Third Party Service Providers. We provide services and products through third parties. These “Third Party Service Providers” perform functions on our behalf.
7.2. When Processing Personal Information as part of any activity, the Responsible Party must:
7.2.1. identify the nature and extent to which one will deal with (a) Personal Information and (b) Special Personal Information;
7.2.2. identify the types of processing that will take place (e.g. collection, dissemination and destruction, or: collection, recording and storage, etc.);
7.2.3. identify the purpose for which the specific processing is undertaken, clearly indicating whether such purpose is permitted by a law (e.g. invoicing requiring a VAT number);
7.2.4. confirm that consent has been obtained from Data Subjects, which consent shall constitute a contract between the Organisation and the Data Subject and shall describe:
BSA POPI Policy_v1_23092022
22.214.171.124. the purpose of the Processing or further processing of the Personal Information if any;
126.96.36.199. the type of Processing of the Personal Information;
188.8.131.52. timelines related to the Processing;
184.108.40.206. the destruction or storage of the Personal Information; and
220.127.116.11. utilise the security assurances and measures undertaken by BSA to protect the data and Personal Information.
7.3. Information held by the Organisation
The Organisation holds information as set out under the BSA PAIA Manual and only for its purposes.
7.4. Personal information about children and special personal information
7.4.1. BSA does not process Personal Information about children except:
18.104.22.168. upon prior consent of a legal guardian or parent or the child where applicable, or competent person as described in the Act;
22.214.171.124. if necessary for the establishment, exercise or defence of a right or obligation in law;
126.96.36.199. if necessary to comply with an obligation of international public law;
188.8.131.52. for historical, statistical or research purposes to the extent that the purpose serves a public interest and the processing is necessary for the purpose concerned or it appears to be impossible or would involve a disproportionate effort to ask for consent, and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the child to a disproportionate extent; or
184.108.40.206. if the Processing is of personal information which has deliberately been made public by the child with the consent of a competent person; or
220.127.116.11. Upon authorisation by the Information Regulator upon application and after publication in the Gazette and upon such conditions as may be imposed by the Information Regulator.
7.4.2. Special Personal Information must only be processed with Data Subject’s consent or if otherwise as may be required by law.
7.5. Information shared by BSA
BSA will only share information with third parties:
BSA POPI Policy_v1_23092022
7.5.1. upon the specific consent of the Data Subject and on written declaration that such third parties comply with the Act and related data legislation and regulations, or
7.5.2. if otherwise required to do so by any Applicable Law.
8. REVIEW AND AMENDMENT
This policy shall be reviewed every two years or more frequently as may be required and may be amended from time to time as may be required by law, for corrections of material errors, as the case may be.
9. TRAINING AND COMMUNICATION
All existing Employees, officers and BSA Board members and any person who may Process Personal Information for and on behalf of BSA shall be trained on an annual basis on this policy and underlying legal sources on which it is based. The training will also form part of new Employee induction.
The Information Officer shall maintain a report in relation to POPIA and PAIA regarding remedial steps taken in instances of non-compliance, including but not limited to:
10.1. destruction of personal information;
10.2. de-identification of personal information;
10.3. implementation of requisite security measures;
10.4. implementation of access control measures;
10.5. implementation of consents, contracts and policies or service level agreements within business activities and/or with third parties and contractors;
10.6. disciplinary action against Employees violating this policy;
10.7. the submission of regular progress reports;
10.8. obtaining expert assistance, where required; and
10.9. undergoing of training on POPIA and PAIA of designated staff.
11. INFORMATION OFFICE
11.1. The following may be directed to the Chief Information Officer in writing to firstname.lastname@example.org
Any complaints by any person including, employees, third parties, Board members on any violation of this policy or data privacy.
BSA POPI Policy_v1_23092022
11.1.2. Objections, withdrawals, amendments and deletions
Any objections to processing of personal information, withdrawal of consents, requests to amend or delete Personal Information.
11.2. Objections, requests for withdrawals, amendments and deletions must be made on the forms as provided for in the Regulations published under GG number 42110 dated 14 December 2018, which forms shall be made available on our website.