{"id":3,"date":"2023-05-03T08:13:55","date_gmt":"2023-05-03T08:13:55","guid":{"rendered":"https:\/\/dsfurniture.co.za\/?page_id=3"},"modified":"2023-05-07T15:08:17","modified_gmt":"2023-05-07T15:08:17","slug":"popia-policy","status":"publish","type":"page","link":"https:\/\/dsfurniture.co.za\/index.php\/popia-policy\/","title":{"rendered":"POPIA Policy"},"content":{"rendered":"

BACKGROUND TO DATA PRIVACY IN SOUTH AFRICA<\/b><\/p>\n

The Protection of Personal Information Act, 4 of 2013, (\u201cPOPIA\u201d), which came into force on 1 July 2021, is a law which regulates the use and processing of a person and \/ legal entity\u2019s personal information, this being in response to, and in order to protect and give effect to a person and\/or legal entity\u2019s rights to privacy, including the right not to have their \/ its personal information and related data misused, abused or used for ulterior purposes.<\/p>\n

POPIA applies to personal information which belongs to individuals and legal entities (\u201cData Subjects\u201d) which is processed, be it in an automated or non-automated manner in South Africa, by another (\u201cResponsible Party\u201d) and places on any Responsible Party who is processing a data Subject\u2019s personal information, a duty to use it lawfully and only for a specific and defined purpose(s).<\/p>\n

In terms of POPIA, Douglas Stokes Furniture , as a Responsible Party, is required to appoint an Information Officer (\u201cIO\u201d) and Deputy Information Officers (\u201cDIOs\u201d), to be responsible for establishing a POPIA Compliance Framework, and who following this, are required to assess, analyse and understand what types of personal information Douglas Stokes Furniture is processing which belongs to Data Subjects and to thereafter develop certain processes and procedures, including a POPIA Policy, which have to be followed by all Douglas Stokes Furniture personnel when they process and use another\u2019s personal information.<\/p>\n

A Personal Information Impact Assessment as per the Douglas Stokes Furniture POPIA Compliance Framework has been carried out and created, which has indicated that Douglas Stokes Furniture , during the course of its business activities does and will continue to collect, store and process personal information about Douglas Stokes Furniture employees, its customers, suppliers and other third parties.<\/p>\n

Furthermore, the Impact Assessment has defined and revealed that Douglas Stokes Furniture processes a large amount of different types of personal information including names, addresses, opinions, financial details, medical details and the like which pertain to current, past and prospective employees and customers, suppliers, and others who Douglas Stokes Furniture communicates and deals with and which processing is carried out for a variety of purposes, including for business, compliance and legal purposes.<\/p>\n

Douglas Stokes Furniture also processes special purpose information including gender, sex, marital status, colour, age, race or ethnic origin, religious beliefs, trade union membership and the like for the purposes of recruitment, employment equity statistics, legal compliance and for the facilitation of union fees and memberships.<\/p>\n

Following the Personal Information Impact Assessment, Douglas Stokes Furniture is confident that whilst this personal information is held on paper or on a computer or other media, such storage is subject to the prescribed legal safeguards as specified in POPIA and other regulations.<\/p>\n

This Policy which applies to Douglas Stokes Furniture CC, and related South African subsidiaries, sets out how Douglas Stokes Furniture personnel are to go about processing and using another\u2019s personal information, which information needs to be processed lawfully and in accordance with POPIA.<\/p>\n

    \n
  1. 1. STATEMENT FROM THE Douglas Stokes Furniture BOARD OF DIRECTORS<\/b><\/li>\n<\/ol>\n
      \n
    1. \n
        \n
      1. 1.1 Douglas Stokes Furniture has a long and proud tradition of conducting business with the highest level of integrity, in accordance with the highest ethical standards and in full compliance with all applicable laws, including the law known as the Protection of Personal Information Act, 4 of 2013, (POPIA), which regulates the Processing of Personal Information.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
          \n
        1. \n
            \n
          1. 1.2 The Protection of Personal Information Policy has been developed at the direction of Douglas Stokes Furniture \u2019s Board of Directors in order to provide clear guidance to all directors, employees and those who Process Personal Information on behalf of Douglas Stokes Furniture on how they are to Process Personal Information, thereby ensuring that all Personal Information Processed by Douglas Stokes Furniture is done in a lawful, transparent and consistent manner and in full compliance with all and any applicable data protection laws which may from time to time apply to its operations, including POPIA and the General Data Protection Regulation 2016\/679 (GDPR) applicable in the EU (hereinafter referred collectively as the \u201cData protection laws\u201d).<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
              \n
            1. \n
                \n
              1. 1.3 Douglas Stokes Furniture requires compliance with all its policies, including this Protection of Personal Information Policy.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                  \n
                1. \n
                    \n
                  1. 2. INFORMATION PROCESSING TERMS AND DEFINITIONS<\/b><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                    POPIA makes use of certain terms and references, which will be used in this Policy, which are explained below:<\/p>\n

                      \n
                    1. \n
                        \n
                      1. 2.1 \u201cConsent\u201d <\/b>means in relation to POPIA, any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Information about them;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                          \n
                        1. \n
                            \n
                          1. 2.2 \u201cData Subject\u201d <\/b>means any individual or legal entity;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                              \n
                            1. \n
                                \n
                              1. 2.3 \u201cOperator\u201d <\/b>means any person who Processes Personal Information on behalf of a Responsible Party as a contractor or sub-contractor, in terms of a contract or mandate, without coming under the direct authority of the Responsible Party;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                  \n
                                1. \n
                                    \n
                                  1. 2.4 \u201cProcessing Notices\u201d <\/b>means a notice setting out the prescribed information that must be provided to Data Subjects before collecting his, her or its Personal Information, (also known as \u201csection 18 POPIA notices\u201d, \u201cprivacy notices\u201d or \u201cdata protection notices\u201d).<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                      \n
                                    1. \n
                                        \n
                                      1. 2.5 \u201cPersonal Information\u201d <\/b>means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                          \n
                                        • \n
                                            \n
                                          • \u2022 name, address, contact details, date of birth, place of birth, identity number, passport number;<\/li>\n
                                          • \u2022 bank details;<\/li>\n
                                          • \u2022 qualifications, expertise, employment details;<\/li>\n
                                          • \u2022 tax number;<\/li>\n
                                          • \u2022 vehicle registration;<\/li>\n
                                          • \u2022 dietary preferences;<\/li>\n
                                          • \u2022 financial details including credit history;<\/li>\n
                                          • \u2022 next of kin \/ dependants;<\/li>\n
                                          • \u2022 education or employment history; and<\/li>\n
                                          • \u2022 Special Personal Information<\/b>, being including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
                                              \n
                                            1. \n
                                                \n
                                              1. 2.6 \u201cPersonnel\u201d <\/b>means Douglas Stokes Furniture directors, employees and any other person who may Process Personal Information on behalf of Douglas Stokes Furniture .<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                                  \n
                                                1. \n
                                                    \n
                                                  1. 2.7 \u201cProcessing, Process, Processed\u201d <\/b>means in relation to Personal Information, the collection, receipt, recording, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further Processing, including physical, manual and automatic and in relation thereto which may be held on a \u201cRecord\u201d <\/b>which means any recorded information housing Personal Information Processed by Douglas Stokes Furniture , or its Personnel, regardless of form or medium.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                                      \n
                                                    1. \n
                                                        \n
                                                      1. 2.8 \u201cPurpose\u201d <\/b>means the underlying reason why a Responsible Party or Controller needs to Process a Data Subject\u2019s Personal Information.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                                          \n
                                                        1. \n
                                                            \n
                                                          1. 2.9 \u201cResponsible Party\u201d <\/b>means, in relation to POPIA, the person or legal entity who is Processing a Data Subject\u2019s Personal Information.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                                              \n
                                                            1. \n
                                                                \n
                                                              1. 3. SCOPE AND APPLICATION<\/b><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                                                                This Policy applies to any persons who Process Personal Information on behalf of Douglas Stokes Furniture , including Douglas Stokes Furniture directors, employees and Operators, who will hereinafter be referred to collectively as \u201cPersonnel\u201d.<\/p>\n

                                                                  \n
                                                                1. \n
                                                                    \n
                                                                  1. 4. LAWFUL BASIS FOR PROCESSING<\/b><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                                                                    In terms of POPIA, where Personal Information is Processed such Processing must be done lawfully and in a reasonable manner that does not infringe on the privacy of the Data Subject. In order to discharge the above obligations, Personnel must comply with the Processing guides, rules and procedures set out below.<\/p>\n

                                                                      \n
                                                                    1. \n
                                                                        \n
                                                                      1. 5. CONSENT<\/b><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
                                                                          \n
                                                                        1. \n
                                                                            \n
                                                                          1. 5.1 A Data Subject does not have to Consent to the Processing of his, her or its Personal Information where there is a lawful basis for such Processing. A lawful basis for Processing in terms of the Data Processing laws, is where:<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n