Privacy Policy

The information we collect

We collect and process your personal information mainly to contact you for the purposes of understanding your requirements, and delivering services accordingly.  For this purpose we will collect contact details including your name and organisation.

We collect information directly from you where you provide us with your personal details.  Where possible, we will inform you what information you are required to provide to us and what information is optional.

Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.

How we use your information

We will use your personal information only for the purposes for which it was collected and agreed with you.  In addition, where necessary your information may be retained for legal or research purposes. 

For example:

  • To gather contact information;
  • To confirm and verify your identity or to verify that you are an authorised user for security purposes;
  • For the detection and prevention of fraud, crime, money laundering or other malpractice;
  • To conduct market or customer satisfaction research or for statistical analysis;
  • For audit and record keeping purposes;
  • In connection with legal proceedings.

Disclosure of information

We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.

We may also disclose your information:

  • Where we have a duty or a right to disclose in terms of law or industry codes;
  • Where we believe it is necessary to protect our rights.

Our Undertaking to our Clients

  1. Verifier undertakes to follow POPI at all relevant times and to process personal information lawfully and reasonably, so as not to infringe unnecessarily on the privacy of our clients
  2. We undertake to process information only for the purpose for which it is intended, to enable us to do our work, as agreed with our clients.
  3. Whenever necessary, we shall obtain consent to process personal information.
  4. Where we do not seek consent, the processing of our client’s personal information will be following a legal obligation placed upon us, or to protect a legitimate interest that requires protection.
  5. We shall stop processing personal information if the required consent is withdrawn, or if a legitimate objection is raised.
  6. We will use your personal information only for the purposes for which it was collected and agreed with you.  In addition, where necessary your information may be retained for legal or research purposes. For example:
    • To gather contact information;
    • To confirm and verify your identity or to verify that you are an authorised user for security purposes;
    • For the detection and prevention of fraud, crime, money laundering or other malpractice;
    • To conduct market or customer satisfaction research or for statistical analysis;
    • For audit and record keeping purposes;
    • In connection with legal proceedings.
  7. We shall advise our clients of the purpose of the collection of the personal information.
  8. We shall retain records of the personal information we have collected for the minimum period as required by law unless the client has furnished their consent or instructed us to retain the records for a longer period.
  9. We shall destroy or delete records of the personal information (so as to deidentify the client) as soon as reasonably possible after the time period for which we were entitled to hold the records have expired.
  10. We shall restrict the processing of personal information:
    1. where the accuracy of the information is contested, for a period sufficient to enable us to verify the accuracy of the information;
    2. where the purpose for which the personal information was collected has been achieved and where the personal information is being retained only for the purposes of proof;
    3. where the client requests that the personal information is not destroyed or deleted, but rather retained; or
    4. where the client requests that the personal information be transmitted to another automated data processing system.
  11. The further processing of personal information shall only be undertaken:
    1. if the requirements of paragraphs 6 above have been met;
    2. where the further processing is necessary because of a threat to public health or public safety or to the life or health of the client, or a third person;
    3. where this is required by the Information Regulator appointed in terms of POPI.
    4. We undertake to ensure that the personal information which we collect and process is complete, accurate, not misleading and up-to-date.
    5. We undertake to retain the physical file and the electronic data related to the processing of the personal information.
    6. We undertake to take special care with our client’s bank account details, and we are not entitled to obtain or disclose or procure the disclosure of such banking details unless we have the client’s specific consent.

Disclosure of information

  1. We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
  2. We may also disclose your information:
    1. Where we have a duty or a right to disclose in terms of law or industry codes;
    2. Where we believe it is necessary to protect our rights.

Security Safeguards

  1. We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
  2. Our security policies and procedures cover:
    • Physical security;
    • Computer and network security;
    • Access to personal information;
    • Secure communications;
    • Security in contracting out activities or functions;
    • Retention and disposal of information;
    • Acceptable usage of personal information;
    • Governance and regulatory issues;
    • Monitoring access and usage of private information;
    • Investigating and reacting to security incidents.
  3. When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
  4. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.

Security Breaches

  1. Should it appear that the personal information of a client has been accessed or acquired by an unauthorised person, we will immediately notify the Information Regulator and the relevant client/s, unless we are no longer able to identify the client/s. This notification will take place as soon as reasonably possible.
  2. Such notification will be given to the Information Regulator first as it is possible that they, or another public body, might require the notification to the client/s be delayed.
  3. The notification to the client will be communicated in writing as per below with a view to ensuring that the notification reaches the client:
    1. by email to the client’s last known email address;
    2. as directed by the Information Regulator.
  4. This notification to the client must give sufficient information to enable the client to protect themselves against the potential consequences of the security breach, and must include:
    1. a description of the possible consequences of the breach;
    2. details of the measures that we intend to take or have taken to address the breach;
    3. the recommendation of what the client could do to mitigate the adverse effects of the breach; and 
    4. if known, the identity of the person who may have accessed, or acquired the personal information.

Information Officer

  1. Our Information Officer is designated to be our Managing Director. Our MD may however delegate his authority to a senior staff member, who is part of our management team. Our information Officers duties and responsibilities include:
    1. Ensuring compliance with POPI.
    2. Dealing with requests which we receive in terms of POPI.
    3. Working with the Information Regulator in relation to investigations.
  2. Our Information Officer will designate in writing as many Deputy Information Officers as are necessary to perform the tasks mentioned in paragraph 1 above.
  3. Our Information Officer and our Deputy Information Officers have been registered with the Information Regulator
  4. In carrying out their duties, our Information Officer and Deputy Information Officers undertake to ensure that:
    1. our compliance manual is developed, implemented, monitored, maintained and made available;
    2. regular personal information impact assessments are done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
    3. that internal measures are developed together with adequate systems to process requests for information or access to information; and
    4. that internal awareness sessions are conducted  regarding the provisions of POPI, the Regulations, codes of conduct or information obtained from the Information Regulator

Direct Marketing

  1. We may only carry out direct marketing (using any form of electronic communication) to clients if:
    1. they were given an opportunity to object to receiving direct marketing material by electronic communication at the time that their personal information was collected; and
    2. they did not object then or at any time after receiving any such direct marketing communications from us.
  2. We may approach a person to ask for their consent to receive direct marketing material only once, and we may not do so if they have previously refused their consent.
  3. All direct marketing communications must disclose our identity and contain contact details to which the client may send a request that the communications cease.

Offences and penalties

  1. POPI provides for serious penalties for the contravention of its terms. For minor offences a guilty party can receive a fine or be imprisoned for up to 12 months. For serious offences the period of imprisonment rises to a maximum of 10 years. Administrative fines for the company can reach a maximum of R10 million. Breaches of this Compliance Manual will also be viewed as a serious disciplinary offence.
  2. It is therefore imperative that we comply strictly with the terms of this Compliance Manual and protect our clients personal information in the same way as if it was our own.

How to contact us

If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses as listed on our website.