THE PROTECTION OF PERSONAL INFORMATION ACT
CUSTOMER PRIVACY NOTICE
This Notice explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”). At Vedder & Moffat CC (and including this website) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
About the Company
Vedder & Moffat CC
The information we collect
We collect and process clients’ personal information mainly to contact them for the purposes of understanding their requirements, and delivering services accordingly. For this purpose we will collect contact details including their name and organization’s details. We collect information directly from the client where they provide us with their personal details. Where possible, we will inform them what information they are required to provide to us and what information is optional. Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
How we use your information
We will use clients‘ personal information only for the purposes for which it was collected and agreed with them. In addition, where necessary their information may be retained for legal or research purposes.
- To gather contact information;
- To confirm and verify their identity or to verify that they are an authorised user for security purposes;
- For the detection and prevention of fraud, crime, money laundering or other malpractice;
- To conduct market or customer satisfaction research or for statistical analysis;
- For audit and record keeping purposes;
- To comply with South African Law on Legal Proceedings;
- In connection with legal proceedings.
Disclosure of information
We may disclose clients‘ personal information to our service providers who are involved in the delivery of products or services to them. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
We may also disclose clients‘ information:
- Where we have a duty or a right to disclose in terms of law or industry codes;
- Where we believe it is necessary to protect our rights.
We are legally and ethically obliged to provide adequate protection(appropriate, reasonable technical and organizational measures) for the personal information we hold and to prevent unauthorized/unlawfull access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that clients‘ personal information remains secure.
Our security policies and procedures cover:
- Physical security;
- Risk assessment tests;
- Maintenance of safeguards;
- Verifying effectiveness of safeguards;
- Computer and network security;
- Access to personal information;
- De-identified data which can not be reinstated;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Governance and regulatory issues;
- Monitoring access and usage of private information;
- Investigating and reacting to security incidents(both internaly and externaly).
When we contract in third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass clients‘ personal information agrees to treat their information with the same level of protection as we are obliged to.
If and when any employee of the company share clients‘ personal information with suppliers or other third parties, the employee will first need to establish from our information officer if they have an POPIA Policy and Procedure protocol in place that has been reviewed and approved by the company’s representative.
The supplier or third party should also be informed to notify the company within reasonable time about a breach.
The company must also notify the Regulator and data subject of the breach as soon as reasonably possible by the means deemed necessary by the chief compliance officer.
The notification must include enough information for the data subject so that they know what measures to take to protect themselves against further breaches.
Your Rights: Access to information
You have the right to request a copy of the personal information we hold about you. To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate.
Definition of personal information
According to the Act ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act, the company also includes the following items as personal information:
- All addresses including residential, postal and email addresses.
- Change of name – for which we require copies of the marriage certificate or official change of name document issued by the state department.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website.