PAIA Manual

Note: Cookie Consent and Policy

  1. Section 11 provides that personal information may only be processed if there are a lawful basis for the processing. A lawful basis includes that the data subject or a competent person where the data subject is a child consent to the processing. The standard is to use a Cookie Consent for this.
  2. Why a Cookie Consent and Policy?
  3. A cookie can contain personal information.
  4. If personal information (including by using cookies) is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of many things (section 18).
  • Companies sometimes refer to the use of cookies in their privacy policy.
  1. Privacy Policy and a Cookie Policy are two different subjects that should be dealt with separately. The cookie policy deals specifically with the use of cookies on your site, whereas the privacy policy is a general document regarding all of the personal information processes on a website, including contact forms, mailing lists, etc.
  2. Cookies are a potential privacy risk, because they are able to track, store and share user behavior.
  3. Whereas most of the remaining Privacy Policy may be static, the cookies used on a website are dynamic and might change often.
  • The majority of the cookies in operation on a website are usually set by third parties, i.e. have another provenance than the website itself.
  • A cookie notification and policy are also the international standard as most websites already have cookie notices and policies. The risk of not having one may mean that visitors to your website will think that you are immature from a compliance perspective. They may also get the impression that you simply don’t take privacy seriously. This may have a serious impact on your reputation.

EECMS (Pty) Ltd Notification to Data Subject (Clients) when Collecting Personal Information

Contents

Collection of Personal Information. 2

What Personal Information do we collect?. 2

Our Contact Particulars. 3

Purpose for which the information is being collected. 3

Is the supply of the information voluntary or mandatory?. 4

Any particular law authorising or requiring the collection of the information. 4

Failure to provide the requested information. 4

Transfer the information to a third country. 5

Recipient or category of recipients of the information. 5

Your Rights as a Data Subject. 6

1….. Right to be Notified: 6

2….. Right of Access: 6

3….. Right to Correction, Destruction or Deletion: 6

4….. Right to Objection: 6

5….. Right with regards to Automated Processing: 6

6….. Right to Complain: 6

Complaint’s Process: 7

Our Information Officer: 7

Information Regulator. 7

 

 

 

 

Privacy Notification for the clients and future clients of EECMS (Pty) Ltd.

  1. Protecting client’s personal information is important to EECMS (Pty) Ltd (“the Organisation”. To do so, it follows general principles in accordance with applicable privacy laws.
  2. In terms of section 18 of the POPIA Act we need to make our Data Subjects aware of certain information and rights in terms of the POPIA Act. The POPIA Act do not described how we are to notify you, but the international standard is to do it with a Privacy Notification.
  3. This Privacy Notification lets you know what happens to any Personal Information that you give to us, or any that we may collect from or about you.
  4. This privacy notice applies to Personal Information processed by or on behalf of the Organisation where we act as Responsible Party.
  5. It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your Personal Information.
  6. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

Collection of Personal Information.

What Personal Information do we collect?

  1. Personal information is data that can be used to identify you. This information includes but is not limited to names, ages, identity numbers, registration numbers, addresses and other contact details, income and payments records, financial information and banking details. It does not include data where the identity has been removed (anonymous data).
  2. We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together.
    • Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
    • Contact Data includes billing address, delivery address, email address and telephone numbers.
    • Financial Data includes banking details, credit bureaux information, insurance details, outstanding loan balance. arrears information.
    • Transaction Data includes details about payments to and from you and other details of services to you.
    • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We collect your personal information in the following ways:

  1. Directly from you when you complete a application form, whether electronically or on hard copy.
  2. Indirectly from you when you interact with us electronically. When you are browsing our website (including our mobile application), We may collect information from you, such as your internet address and server logs. (All internet banking sessions are encrypted and personal information is stored according to internationally accepted banking information security practices.)
  3. Directly from other sources, such as public databases, and third parties, as well as other financial institutions, or
  4. Indirectly through your interactions with third parties.

Our Contact Particulars.

Organisation Name:

EECMS (Pty) Ltd

E-Mail us:

cp@eecms.co.za

Call us:

0798471750

Visit us:

www.eecms.co.za

Write to us:

12 Pebble Beach Crescent, Gordons Bay, Fairview Golf Estate, Western Cape, 7140

 

Purpose for which the information is being collected.

  1. We will only use Personal Information within the framework of the law. Most commonly, we will use your personal information in the following circumstances:
    • The processing is necessary to perform a contract with you or take steps to enter into a contract at your request.
    • The processing is necessary for us to comply with a relevant legal obligation.
    • The processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • You have consented to the processing.
    • We may also use your personal information in the following situations:
  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official purposes.
  1. We only collect Personal Information for the specific, explicitly defined and lawful purpose of conducting our business.
  2. Note that we may process Personal Information for more than one lawful ground depending on the specific purpose for which we are using the data. Please contact us if you need details about the specific legal ground, we are relying on to process your Personal Information where more than one ground has been set out.
  3. Direct Marketing
    • We may use your personal information to periodically send you direct marketing communications about products or our related services that we think may be of interest to you. This will be in the form of email, post, [SMS or targeted online advertisements]. We limit direct marketing to a reasonable and proportionate level, based on the information we have about you.
    • Where opt-in consent is required, we will ask for your consent.
    • You have a right to stop receiving direct marketing at any time – you can do this by following the opt-out or unsubscribe links located in the electronic communications (such as emails) you receive from us, by contacting us, or by emailing us.

Is the supply of the information voluntary or mandatory?

Supplying of certain types of information is mandatory in terms of legislation and regulations. For example, in terms of the Consumer Protection Act, a supplier of goods or services must provide a written record of each transaction to the consumer to whom any goods or services are supplied.

Any particular law authorising or requiring the collection of the information.

  1. If your Personal Information is collected in terms of a particular law authorising or requiring the collection of the information, we will take steps to ensure that you are aware of that. Legislation applicable include:
  2. The following are examples of laws that require us to collect and keep personal information:
    • The Electronic Communications and Transactions Act (ECT)
    • The Financial Intelligence Centre Act (FICA)
    • The Financial Advisory and Intermediary Services Act (FAIS)
    • The National Credit Act (NCA)
    • The Consumer Protection Act (CPA)
    • Long-term Insurance Act (LTIA).
    • Financial Sector Regulation Act (FSRA)

Failure to provide the requested information.

This personal information is required to enter into a contract with you (such as in anticipation of a services level agreement) or to perform a contract with you (such as to provide services at your request), and failure to provide any information may result in our inability to provide you the requested services or products.

Transfer the information to a third country.

If your Personal Information is transferred outside the Republic of South Africa to third party service providers, we will take steps to ensure that your Personal Information receives the same level of protection as if it remained within the Republic.

Recipient or category of recipients of the information

Your Personal Information will be treated as prescribed by the 8 Conditions for the Lawful Processing of Personal Information in the POPIA Act. We may share your Personal Information with:

  1. Partners & Affiliated Companies – Any partner or affiliated company.
  2. Service Providers – We may disclose the information we collect from you to third party contractors, technology and other service providers or agents who perform functions on our behalf, or are engaged with us. These service providers are allowed to access and use the information we make available to them only as needed to perform their functions and for no other purposes, subject to appropriate contractual restrictions and security measures.
  3. In Response to Legal Process – We may disclose the information we collect from you in order to comply with the law, a legal proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
  4. Third Parties –
  5. third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions, and transaction beneficiaries.
  6. third parties where you have a relationship with that third party, and you have consented to us sending information (for example social media sites or other third-party application providers);
  7. third parties for marketing purposes (e.g., our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities. For example, financial services organisations (such as banks, insurers, finance providers), payment solutions providers, software and services providers that provide business solutions);
  8. To Protect Us and Others – We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notification, or as evidence in litigation in which we are involved.
  9. Government – Government bodies, regulators and any other third party necessary to meet our legal and regulatory obligations.
  10. Professional Advisors – our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities.

Your Rights as a Data Subject.

As a Data Subject in terms of the POPIA Act, you do have the following rights:

1.         Right to be Notified:

The right to be notified that –

  • Personal Information about you is being collected – our Section 18 Privacy Notification; and
  • your Personal Information has been accessed or acquired by an unauthorised person;

2.      Right of Access:

The right to establish whether we hold Personal Information of you and to request access to your Personal Information – use our form 03.8_PAIA Form C_ Request for Access to Record of Private Body;

3.      Right to Correction, Destruction or Deletion:

The right to request, where necessary, the correction, destruction or deletion of your Personal Information – use our form 03.7_Request Correction Deletion Personal Information;

4.         Right to Objection:

The right to object –

  1. on reasonable grounds relating to your particular situation to the processing of your Personal Information;
  2. to the processing of your Personal Information –
  • at any time for purposes of direct marketing; or
  • for purposes of direct marketing by means of unsolicited electronic communications

–  use our form 03.6_Objection to the Processing of Personal Information.

5.         Right with regards to Automated Processing:

The right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of your Personal Information intended to provide a profile of you.

6.         Right to Complain:

The right to –

  1. submit a complaint to the Regulator regarding the alleged interference with the protection of the Personal Information of any Data Subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as; and
  2. to institute civil proceedings regarding the alleged interference with the protection of your Personal Information.

Complaint’s Process:

If you believe that this office has not replied to your access request or has not handled your Personal Information in a reasonable manner, please address your concerns first with our Information Officer. You may also choose to make a complaint to the Information Regulator.

Our Information Officer:

Information Officer:

Barry Schentke

Deputy Information Officer:

Christiaan Pieter du Toit

E-Mail Address:

barry@eecms.co.za / cp@eecms.co.za

Contact Number:

0715783076 / 0798471750

Address Postal:

469 Bluebird str, The Meadows @ Hazeldean, Tijgervalley 0081

 

Information Regulator

You can contact the Information Regulator if you have any complaints about this privacy notice or information, we hold about you.

Address Physical:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Address Postal:

P.O Box 31533, Braamfontein, Johannesburg, 2017

Tel No:

+27 (0) 10 023 5200

Email:

complaints.IR@justice.gov.za

Web Address:

https://www.justice.gov.za/inforeg/contact.html