POPI act

THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA)

CLIENT/ USER PRIVACY PROTOCOLS POLICY

 

Preamble

The purpose of this policy is to advise the client/ user (data subject) of LEKKER ROOIBOS, both electronic and otherwise, why data is collected and processed, what data is in focus, and how it is processed. LEKKER ROOIBOS is committed to full compliance with the POPI Act insofar as the utilisation and disclosure of data subject personal information (PI) is concerned. Hence, technical and operational measures have been implemented to protect data subject privacy. LEKKER ROOIBOS invites all data subjects and requesters to engage with its Information Officer (IO) in respect of any matter related hereto.

 

Scope of application

This policy applies to data subjects under the POPI Act, and its principles extend to the Promotion of Access to Information Act (PAIA) regarding requesters of records held by LEKKER ROOIBOS. PI applies to both natural and juristic persons. Data subjects and requesters are invited to engage with the LEKKER ROOIBOS' IO  about any matter about the POPIA and PAIA, including but not limited to updating PI, deletion of PI, complaints in respect of how PI is being processed and updating consent for electronic direct marketing. The "Information Officer" portal on the website facilitates these types of engagement.

 

About LEKKER ROOIBOS 

LEKKER ROOIBOS is a skincare and nutritional supplement provider. More details can be obtained in the "About LEKKER ROOIBOS" link to its website.

 

Definition of Personal Information (PI)

"Personal information" means information relating to an identifiable, living, natural person, and where it is applicable, and identifiable, existing juristic person, including, but not limited to— 

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; 

(b) information relating to the education or the medical, financial, criminal or employment history of the person; 

(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignments to the person; 

(d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; 

(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; 

(g) the views or opinions of another individual about the person; and 

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

 

Purpose of Collecting and Processing PI

LEKKER ROOIBOS processes PI for various purposes, including for – 

  • Engaging in various forms of direct marketing 
  • Facilitating transactions with data subjects
  • Collecting data for statistical purposes to improve its services
  • Fulfilling its contractual obligations to its clients and client contacts
  • Complying with the provisions of statutes and regulations
  • Attending to the legitimate interests of data subjects
  • Identifying prospects for enhanced service delivery and business sustainability
  • Tracking subject data activity on the website and its links, as well as their transactions with LEKKER ROOIBOS
  • Confirm and verify subject data identity or verify that they are authorised users for security purposes;
  • Conduct market or customer satisfaction research
  • Audit and record-keeping purposes
  • In connection with legal proceedings.

 

Lawful Basis

In respect of the processing of PI as provided for above, LEKKER ROOIBOS will adhere to the conditions for the lawful processing of PI, based on its desire to provide data subjects services in their best interests as well as a legitimate interest of LEKKER ROOIBOS to achieve its business objectives. 

 

 

 Period of holding Personal Information

LEKKER ROOIBOS endeavours to provide the most accurate information possible to stakeholders, including data subjects. LEKKER ROOIBOS seeks to verify the accuracy of its information as frequently as possible and to remove information that it learns to be inaccurate. Thus, LEKKER ROOIBOS intends to process the information it has about data subjects for so long as it is accurate or until the data subject instructs LEKKER ROOIBOS to refrain from processing it.

Notwithstanding the above, LEKKER ROOIBOS shall hold PI for such period as may be required in terms of statutes such as the Companies Act and various labour laws.

 

Data Subject Rights 

Data subjects have the right to request that LEKKER ROOIBOS provide them with access to their PI, to rectify or correct their personal information, erase PI or restrict the processing of PI, including refraining from sharing it or otherwise providing it to any third parties. Data subjects also have the right to raise complaints with the Information Regulator. The afore-going rights may be subject to certain limitations under applicable law. 

 

 

 Sources of Personal Information (PI)

LEKKER ROOIBOS gathers PI from several sources, which include directly from data subjects, publicly available sources such as websites, social media, commercial transactions with LEKKER ROOIBOS, referrals, and prospects. Given that PI can be extracted and obtained from several sources and consolidated into one CRM or similar systems of record, it may be difficult or impossible to identify the exact source of one particular piece of information. 

 

 Categories of Personal Information (PI) collected and processed

LEKKER ROOIBOS gathers information about data subjects who may be clients, client contacts, prospective clients and prospective client contacts. It also contains information on its employees and suppliers as well as third parties that are part of its scope of operation. 

In respect of clients, client contacts, prospective clients and prospective client contacts LEKKER ROOIBOS profiles business organisations and the contacts who work for the said organisations, and it may have some or all of the following categories of personal information on data subjects, historical or current –

  • Name and surname
  • Areas of interest in respect of LEKKER ROOIBOS offerings
  • Record of services used 
  • E-mail correspondence and attachments
  • Customer contact details
  • Organisation e-mail address
  • Organisation and data subject Social media URL's

Other information that is available in the public domain.

 

We collect and process your personal information mainly to contact data subjects to understand their requirements and deliver services accordingly. Where possible, we will inform data subjects what information they are required to provide to LEKKER ROOIBOS and what information is optional, as well as the consequences of not providing it.

Website usage information may be collected using "cookies" which allows LEKKER ROOIBOS to collect standard internet visitor usage information.

 Disclosure of information

LEKKER ROOIBOS may disclose data subject PI to its service providers involved in the delivery of products or services data subjects. LEKKER ROOIBOS has agreements to ensure that it complies with the privacy requirements as required by the POPI Act.

LEKKER ROOIBOS may also disclose data subject PI:

  • Where it has a duty or a right to disclose in terms of law and/ or industry codes;
  • Where it believes it is necessary to protect its rights.

 

Information Security

LEKKER ROOIBOS is legally obliged to provide adequate systems, technical and operational protection for the PI that it holds and to prevent unauthorised access to and prohibited use of PI. LEKKER ROOIBOS will, therefore, regularly review its security controls and related processes to ensure that the PI of data subjects remains secure.

LEKKER ROOIBOS has conducted an impact assessment across all of its functions and used the findings to manage risk optimally and provide iterative improvements on an ongoing basis. LEKKER ROOIBOS policies and procedures cover the following aspects -

  • Physical security;
  • Computer and network security;
  • Access to personal information;
  • Secure communications;
  • Security in contracting out activities or functions;
  • Retention and disposal of information;
  • Acceptable usage of personal information;
  • Governance and regulatory issues;
  • Monitoring access and usage of private information;
  • Investigating and reacting to security incidents.

LEKKER ROOIBOS also ensures that it contracts with Operators as required by POPI and it requires appropriate security, privacy and confidentiality obligations of these operators in order to ensure that personal information is kept secure. The same protocols apply to any party to whom LEKKER ROOIBOS may pass PI on to for the purposes mentioned herein.

 How to contact us - Head Office and Information Officer

Our Head Office physical address is -

_______________________________________

The information officer is –

Elsie Correia

E-mail – elsie@lekkerrooibos.co.za

Mobile - 0827895960