PROTECTION OF PERSONAL INFORMATION ACT (POPIA) POLICY
The Protection of Personal Information Act (POPIA) is South Africa's legislation that regulates the processing of personal information. Here’s a basic policy framework you can use for handling personal information under the POPIA.
1. PURPOSE
BPW Axles (Pty) Ltd is committed to safeguarding personal information and upholding the privacy rights of all individuals. This policy aims to outline the measures and practices adopted by BPW Axles (Pty) Ltd to comply with the Protection of Personal Information Act, No. 4 of 2013 (POPIA). The purpose is to ensure that personal information is processed in a lawful, transparent, and responsible manner to protect the privacy rights of individuals.
2. SCOPE
This policy applies to all employees, contractors, and third party service providers who process personal information on behalf of BPW Axles (Pty) Ltd including customers, employees, and other individuals whose data is processed.
3. PRINCIPLES OF THE PERSONAL INFORMATION PROCESSING
In accordance with POPIA, all personal information will be processed according to the following principles:
3.1. Lawfulness, fairness, and transparency: Personal information will be processed in a lawful, fair, and transparent manner.
3.2. Purpose specification: Personal information will only be collected for a legitimate purpose and not further processed in a manner incompatible with the initial purpose.
3.3 Data minimization: Personal information will be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
3.4. Accuracy: Personal information will be accurate, complete, and kept up to date, as required.
3.5. Retention limitation: Personal information will be kept for no longer than necessary to fulfil the purpose for which it was collected.
3.6. Security: Personal information will be processed in a manner that ensures its security, including protection from unauthorized access, disclosure, and destruction.
4. CONSENT
Before processing personal information, BPW Axles (Pty) Ltd will obtain explicit consent from individuals, except in cases where processing is permitted by law without consent. Consent will be sought in a manner that allows individuals to make an informed decision. No employee of BPW Axles (Pty) Ltd may unlawfully, and without consent, access or request personal information of a colleague or co-workers unless said employee has given written consent.
5. DATA SUBJECT RIGHTS IN ACCORDANCE WITH POPIA, DATA SUBJECTS HAVE THE FOLLOWING RIGHTS:
5.1. Right to access their personal information.
5.2. Right to request the correction or deletion of personal information.
5.3 Right to object to the processing of personal information in certain circumstances.
5.4. Right to withdraw consent at any time, where consent is the basis for processing.
6. SECURITY MEASURES
BPW Axles (Pty) Ltd is committed to implementing appropriate technical and organizational measures to safeguard personal information. These measures include:
6.1. Encryption of sensitive data.
6.2. Regular audits and assessments of data security.
6.3 Staff training on data protection practices.
6.4. Restricting access to personal information on a need-to know basis.
7. DATA BREACH MANAGEMENT
In the event of a personal data breach, BPW Axles (Pty) Ltd will promptly assess the breach, notify the Information Regulator, and inform the affected individuals where necessary. Corrective measures will be taken to mitigate the risk and impact of the breach.
8. CROSS-BORDER TRANSFERS
Personal information may be transferred across borders only if the recipient jurisdiction ensures an adequate level of protection of personal information, in line with POPIA requirements. Prior approval will be sought for international transfers.
9. THIRD-PARTY PROCESSING
When personal information is processed by third parties, BPW Axles (Pty) Ltd will ensure that contracts with third-party service providers include terms that require them to process personal information in compliance with POPIA.
10. MONITORING AND COMPLIANCE
BPW Axles (Pty) Ltd will regularly monitor and review its practices and policies to ensure compliance with POPIA. Any non compliance will be addressed promptly, and corrective actions will be taken.
11. ENFORCEMENT AND PENALTIES
Failure to comply with the provisions of this policy may result in disciplinary action, including but not limited to termination of employment or contracts. Additionally, non-compliance with POPIA may lead to penalties and fines as prescribed by law.
12. CHANGES TO THIS POLICY
This policy will be reviewed periodically to ensure ongoing compliance with POPIA and relevant data protection laws. Any amendments will be communicated to all employees and stakeholders.
APPROVED BY
SE PRETORIUS
MANAGING DIRECTOR
A copy of the full information Manual is available at:
BPW Axles (Pty) Ltd
Corner Kitty and Donald Street
Chrisville, Johannesburg
South Africa
