SPARKLE DUST CC

          (Registration / Identity Number: 2010/046708/23) 

          “Business” 

 

 

 MANUAL 

PREPARED IN TERMS OF THE REQUIREMENTS OF:

 

 

 SECTION 51 OF THE PROMOTION OF ACCESS TO INFORMATION ACT NO. 2 OF 2000 (“PAIA”) AND UPDATED IN LIGHT OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013 (“POPIA”) IN RESPECT OF THE BUSINESS.  

 

 

 

INDEX
1.     INTRODUCTION

2.     DEFINITIONS

3.     PURPOSE OF MANUAL

4.     BUSINESS DETAILS

5.     CONTACT DETAILS OF THE INFORMATION OFFICER 

6.     THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION

7.     PUBLICATION AND AVAILABILITY OF CERTAIN RECORDS IN TERMS OF PAIA

8.     GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA

9.     INFORMATION OR RECORDS NOT FOUND

10.  REMEDIES AVAILABLE TO THE REQUESTER UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMS OF PAIA

11.  PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA

12.  FEES

13.  DECISION TO GRANT ACCESS TO RECORDS

14.  AVAILABILITY OF THE MANUAL

15.  PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY

THE BUSINESS

 

ANNEXURES:

ANNEXURE 1:  SCHEDULE OF RECORDS

ANNEXURE 2:  LIST OF APPLICABLE LEGISLATION

ANNEXURE 3:  ACCESS REQUEST FORM: RECORD OF PRIVATE BODY

ANNEXURE 4:  FEES

ANNEXURE 5:  PART 1: PROCESSING OF PERSONAL INFORMATION IN

ACCORDANCE WITH POPIA

                                           PART 2: CATEGORIES OF DATA SUBJECTS

PART 3: CROSS BORDER TRANSFERS OF PERSONAL INFORMATION

PART 4: DESCRIPTION OF INFORMATION SECURITY MEASURES

ANNEXURE 6: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION

                 ANNEXURE 7: REQUEST FOR CORRECTION/DELETION OF PERSONAL

INFORMATION

      1          INTRODUCTION 

      1.1       The provisions of the PAIA

 

The Promotion of Access to Information Act 2 of 2000 (“PAIA”) gives effect to the right of access to information in records held by public or private bodies that is required for the exercise or protection of any rights as enshrined in the Bill of Rights forming part of The Constitution of The Republic of South Africa, 1996 (“the Constitution”).

 

PAIA gives effect to the provisions of Section 32 of the Constitution, which provides for the right of access to information. This is information held by the State but also information held by any another person. A person that is entitled to exercise a right or who needs information for the protection of any right, is entitled to access that information, subject to certain restraints.

 

Section 51 of PAIA creates a legal right to access records (as defined in section 1 of PAIA) of a private body (both natural and juristic), however this right may be negated in circumstances as set out under Chapter 4 of Part 3 of PAIA. In addition, in compliance with POPIA a responsible party who processes personal information must notify the person to whom personal information relates (“Data Subject”) of the manner in which the Data Subject can access their personal information held by the responsible party.

 

The Business has no subsidiaries, and its main business activity can be described as:

 

SELLING OF BAKING INGREDIENTS AND SUPPLIES

 

      2          DEFINITIONS 

2.1 Business means SPARKLE DUST CC (Registration / identity number: 2010/046708/23), currently situated at 566 SERENE STREET GARSFONTEIN

PRETORIA, ZA 0081; 

 

2.2 Conditions for Lawful Processing means the conditions for the lawful processing of Personal Information as fully set out in chapter 3 of POPIA;

 

      2.3       Constitution means the Constitution of the Republic of South Africa, 1996;

 

2.4 Client refers to any natural or juristic person that received or receives services from the Business;

 

      2.5       Data Subject has the meaning ascribed thereto in section 1 of POPIA;

 

2.6       Deputy Information Officer means the Business’s appointed personnel as referred to in clause 5 (if any);

 

2.7       Head of the Business means the “head” as defined in section 1 of PAIA and referred to in clause 5;

 

2.8       Information Officer means the Business’s appointed personnel as referred to in clause 5;

 

      2.9           Manual means this manual prepared in accordance with section 51 of PAIA and

regulation 4(1) (d) of the POPIA Regulations;

 

      2.10     PAIA means the Promotion of Access to Information Act, 2000;

 

      2.11     Personal Information has the meaning ascribed thereto in section 1 of POPIA;

 

2.12 Personnel refers to any person who works for, or provides services to or on behalf of the Business, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Business, which includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff as well as contract workers;

 

      2.13     POPIA means the Protection of Personal Information Act, 2013;

 

2.14     POPIA Regulations mean the regulations promulgated in terms of section 112(2) of POPIA;

 

2.15     Private Body has the meaning ascribed thereto in sections 1 of both PAIA and POPIA;

 

      2.16     Processing has the meaning ascribed thereto in section 1 of POPIA;

 

      2.17     Responsible Party has the meaning ascribed thereto in section 1 of POPIA;

 

2.18     Record has the meaning ascribed thereto in section 1 of PAIA and includes Personal Information;

 

      2.19     Requester has the meaning ascribed thereto in section 1 of PAIA;

 

      2.20     Request for Access has the meaning ascribed thereto in section 1 of PAIA; and

 

      2.21     SAHRC means the South African Human Rights Commission.

 

Capitalised terms used in this Manual have the meanings ascribed thereto in section 1 of POPIA and PAIA as the context specifically requires, unless otherwise defined herein.

 

 

      3          PURPOSE OF THE MANUAL 

This Manual:

 

3.1 For the purposes of PAIA, details the procedure to be followed by a Requester and the manner in which a Request for Access will be facilitated; and

 

3.2 For the purposes of POPIA, amongst other things, details the purpose for which Personal Information may be processed; a description of the categories of Data Subjects for whom the Business Processes Personal Information as well as the categories of Personal Information relating to such Data Subjects; and the recipients to whom Personal Information may be supplied.

 

 

 

      4          BUSINESS DETAILS 

      4.1       The details of the Business are as follows:

 

 

                            Physical address:                             566 SERENE STREET GARSFONTEIN PRETORIA,

ZA 0081

 

                            Postal address:                                566 SERENE STREET GARSFONTEIN PRETORIA,

                     ZA 0081                                                        

                            Telephone number:                   0118232255

 

                            Email address:                          enslinw@gmail.com

 

 

      5          CONTACT DETAILS OF THE INFORMATION OFFICER 

      5.1       The Information Officer’s contact details are as follows:

 

 

                     Name and surname:                         Werner ENSLIN

 

                     Physical address:                                    566 SERENE STREET GARSFONTEIN PRETORIA,

ZA 0081

 

                     Postal address:                                       566 SERENE STREET GARSFONTEIN PRETORIA,

ZA 0081

 

                 Telephone Number:                          0118232255

 

                 Email address:                                  enslinw@gmail.com

 

 

      6          THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION 

6.1 The SAHRC has compiled a guide, as contemplated in section 10 of the South African Human Rights Commission Act, 2013 (“the Act”) containing information to assist any person who wishes to exercise any right as contemplated in the Act.

 

      6.2       This guide is available from the SAHRC at:

 

Postal address
Private Bag 2700 Houghton 2041
Website
www.sahrc.org.za
Telephone number     
011 877 3600
Fax number
011 403 0684

      7       PUBLICATION AND AVAILABILITY OF CERTAIN RECORDS IN TERMS OF PAIA 

      7.1       Schedule of Records

 

The Schedule of Records as contained in Annexure 1 of this Manual details the

Records that are held and/or Processed by the Business for the purposes of PAIA and POPIA respectively. Such Access to such Records may not be granted if they are subject to the grounds of refusal which are specified in clause 8 below.

 

      7.2       List of applicable legislation

 

(1)              The Business retains records which are required in terms of legislation other than PAIA.

 

(2)              Certain legislation provides that private bodies shall allow certain persons access to specified records, upon request. Legislation that may be consulted to establish whether the Requester has a right of access to a record other than in terms of the procedure set out in the PAIA are set out in Annexure 2.

 

 

      8          GROUNDS FOR REFUSAL OF ACCESS TO RECORDS IN TERMS OF PAIA 

The following are the grounds on which the Business may, subject to the exceptions contained in Chapter 4 of PAIA, refuse a Request for Access in accordance with Chapter 4 of PAIA:

 

8.1 mandatory protection of the privacy of a third party who is a natural person, including a deceased person, where such disclosure of Personal Information would be unreasonable;

 

8.2       mandatory protection of the commercial information of a third party, if the Records contain:

 

(1)              trade secrets of that third party;

 

(2)              financial, commercial, scientific or technical information of the third party, the disclosure of which could likely cause harm to the financial or commercial interests of that third; and/or

 

(3)              information disclosed in confidence by a third party to the Business, the disclosure of which could put that third party at a disadvantage in contractual or other negotiations or prejudice the third party in commercial competition;

 

8.3            mandatory protection of confidential information of third parties if it is protected in terms of any agreement;

 

8.4            mandatory protection of the safety of individuals and the protection of property;

 

8.5            mandatory protection of Records that would be regarded as privileged in legal proceedings;

 

8.6            protection of the commercial information of the Business, which may include:

 

(1)              trade secrets;

 

(2)              financial/commercial, scientific or technical information, the disclosure of which could likely cause harm to the financial or commercial interests of the Business;

 

(3)              information which, if disclosed, could put the Business at a disadvantage in contractual or other negotiations or prejudice the Business in commercial competition; and/or

 

(4)              computer programs which are owned by the Business, and which are protected by copyright and intellectual property laws;

 

8.7            research information of the Business or a third party, if such disclosure would place the research or the researcher at a serious disadvantage; and

 

8.8            Requests for Records that are clearly frivolous or vexatious, or which involve an unreasonable diversion of resources.

 

 

      9          INFORMATION OR RECORDS NOT FOUND 

If the Business cannot find the records that the Requester is looking for despite reasonable and diligent search and it believes either that the records are lost or that the records are in possession but unattainable, the Requester will receive a notice in this regard from the Information Officer in the form of an affidavit setting out the measures taken to locate the document and accordingly the inability to locate the document.

 

 

10 REMEDIES AVAILABLE TO THE REQUESTER UPON REFUSAL OF A REQUEST FOR ACCESS IN TERMS OF PAIA 

10.1 The Business does not have internal appeal procedures. As such, the decision made by the Information Officer is final, and Requesters will have to exercise such external remedies at their disposal if the Request for Access is refused.

 

10.2 In accordance with sections 56(3) (c) and 78 of PAIA, a Requester may apply to a court for relief within 30 (thirty) days of notification of the decision for appropriate relief.

 

 

      11        PROCEDURE FOR A REQUEST FOR ACCESS IN TERMS OF PAIA 

11.1 A Requester must comply with all the procedural requirements as contained in section 53 of PAIA relating to a Request for Access to a Record.

 

11.2 A Requester must complete the prescribed Request for Access form attached as Annexure 3 and submit the completed Request for Access form as well as payment of a request fee (if applicable) and a deposit (if applicable), to the Information Officer at the postal or physical address, facsimile number or electronic mail address stated in clause 5 above.

 

11.3 The Request for Access form must be completed with enough detail so as to enable the Information Officer to identify the following:

 

(1)              the Record/s requested;

 

(2)              the identity of the Requester;

 

(3)              the form of access that is required, if the request is granted;

 

(4)              the postal address or fax number of the Requester; and

 

(5)              the right that the Requester is seeking to protect and an explanation as to why the Record is necessary to exercise or protect such a right.

 

11.4         If a Request for Access is made on behalf of another person, the Requester must submit proof of the capacity in which the Requester is making the request to the reasonable satisfaction of the Information Officer.

 

11.5         If an individual is unable to complete the prescribed form because of illiteracy or disability, such a person may make the request orally.

 

11.6         The Business will voluntarily provide the requested Records to a Personal Requester (as defined in section 1 of PAIA). The prescribed fee for reproduction of the Record requested by a Personal Requester will be charged in accordance with section 54(6) of PAIA and paragraph 11 below.

 

      12        FEES 

12.1 When the Request for Access is received by the Information Officer, the Information Officer will by notice require the Requester, other than a Personal Requester, to pay the prescribed request fee (if any), before further processing of the Request for Access.

 

      12.2     Prescribed request fees are set out in Annexure 4.

 

12.3 If the search for a Record requires more than the prescribed hours for this purpose, the Information Officer will notify the Requester to pay as a deposit, the prescribed portion of the access fee (being not more than one third) which would be payable if the Request for Access is granted.

 

12.4 The Information Officer will withhold a Record until the Requester has paid the fees set out in Annexure 4.

 

12.5 A Requester whose Request for Access to a Record has been granted, must pay an access fee for reproduction and for search and preparation, and for any time reasonably required in excess of the prescribed hours to search for and prepare the Record for disclosure, including making arrangements to make it available in a requested form provided for in PAIA.

 

12.6 If a deposit has been paid in respect of a Request for Access which is refused, the Information Officer will repay the deposit to the Requester.

 

 

      13        DECISION TO GRANT ACCESS TO RECORDS 

13.1 The Business will decide whether to grant or decline the Request for Access within 30 (thirty) days of receipt of the Request for Access and must give notice to the Requester with reasons (if required) to that effect.

 

13.2 The period referred to above may be extended for a further period of not more than 30 (thirty) days if the Request for Access is for a large number of Records or the Request for Access requires a search for Records held at another office of the Business and the Records cannot reasonably be obtained within the original 30 (thirty) day period.

 

13.3 The Business will notify the Requester in writing should an extension of time as contemplated above be required.

 

      13.4    If, in addition to a written reply from the Information Officer, the Requester wishes to

be informed of the decision on the Request for Access in any other manner, the Requester must state the manner and particulars so required.

 

 

      14        AVAILABILITY OF THE MANUAL 

14.1     This Manual is made available in terms of PAIA and section 4 of the Regulations to POPIA.

 

14.2 This Manual is further available at the offices of SAHRC and at the offices of the Business for inspection during normal business hours. No fee will be levied for inspection as contemplated in this clause.

 

14.3 Copies of the Manual can be obtained from the Information Officer. A fee will be levied for copies of the manual in accordance with Annexure 4.

 

 

15    PROTECTION OF PERSONAL INFORMATION THAT IS PROCESSED BY THE BUSINESS 

15.1 Chapter 3 of POPIA provides for the minimum Conditions for Lawful Processing of Personal Information by a Responsible Party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA.

 

15.2 The Business needs Personal Information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is Processed and the purpose for which it is Processed is determined by the Business. The Business is accordingly a Responsible Party for the purposes of POPIA and will ensure that the Personal Information of a Data Subject:

 

(1)              is processed lawfully, fairly and transparently. This includes the provision of appropriate information to Data Subjects when their data is collected by the Business, in the form of privacy or data collection notices. The Business must also have a legal basis (for example, consent) to process Personal Information;

 

(2)              is processed only for the purposes for which it was collected;

 

(3)              will not be processed for a secondary purpose unless that processing is compatible with the original purpose.

 

(4)              is adequate, relevant and not excessive for the purposes for which it was collected;

 

(5)              is accurate and kept up to date;

 

(6)              will not be kept for longer than necessary;

 

(7)              is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that Personal Information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by the Business, in order to protect against access and acquisition by  unauthorised persons and accidental loss, destruction or damage;

 

(8)              is processed in accordance with the rights of Data Subjects, where applicable. Data Subjects have the right to:

 

(a)             be notified that their Personal Information is being collected by the Business. The Data Subject also has the right to be notified in the event of a data breach;

 

(b)             know whether the Business holds Personal Information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Manual;

 

(c)             request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;

 

(d)             object to the Business’s use of their Personal Information and request the deletion of such Personal Information (deletion would be subject to the Business’s record keeping requirements);

 

(e)             object to the processing of Personal Information for purposes of direct marketing by means of unsolicited electronic communications; and

 

(f)               complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.

 

 

15.3         Purpose of the Processing of Personal Information by the Business:

 

As outlined above, Personal Information may only be Processed for a specific purpose. The purposes for which the Business Processes or will Process Personal Information is set out in Part 1 of Annexure 5.

 

15.4         Categories of Data Subjects and Personal Information/special Personal Information relating thereto

 

As per section 1 of POPIA, a Data Subject may either be a natural or a juristic person. Part 2 of Annexure 5 sets out the various categories of Data Subjects that the Business Processes Personal Information on and the types of Personal Information relating thereto.

 

15.5         Cross-border flows of Personal Information

 

Section 72 of POPIA provides that Personal Information may only be transferred out of the Republic of South Africa if the:

 

(1)              recipient country can offer such data an “adequate level” of protection. This means that its data privacy laws must be substantially similar to the Conditions for Lawful Processing as contained in POPIA; or

 

(2)              Data Subject consents to the transfer of their Personal Information; or

 

(3)              transfer is necessary for the performance of a contractual obligation between the Data Subject and the Responsible Party; or

 

(4)              transfer is necessary for the performance of a contractual obligation between the Responsible Party and a third party, in the interests of the Data Subject; or

 

(5)              the transfer is for the benefit of the Data Subject, and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were, the Data Subject, would in all likelihood provide such consent.

 

Part 3 of Annexure 5 sets out the planned cross-border transfers of Personal Information and the condition from above that applies thereto.

 

15.6         Description of information security measures to be implemented by the Business

 

Part 4 of Annexure 5 sets out the types of security measures to implemented by the Business in order to ensure that Personal Information is respected and protected. A preliminary assessment of the suitability of the information security measures implemented or to be implemented by the Business may be conducted in order to ensure that the Personal Information that is processed by the Business is safeguarded and Processed in accordance with the Conditions for Lawful Processing.

 

15.7         Objection to the Processing of Personal Information by a Data Subject

 

Section 11 (3) of POPIA and regulation 2 of the POPIA Regulations provides that a

Data Subject may, at any time object to the Processing of his/her/its Personal Information in the prescribed form attached to this manual as Annexure 6 subject to exceptions contained in POPIA.

 

15.8         Request for correction or deletion of Personal Information

 

Section 24 of POPIA and regulation 3 of the POPIA Regulations provides that a Data Subject may request for their Personal Information to be corrected/deleted in the prescribed form attached as Annexure 7 to this Manual.

 

 

 

 

 

 

 

Information Officer Signature                                          Head of Organisation Signature

 

Date: ____ / ____ / __________                                     Date: ____ / ____ / __________

 

 

 

Annexure 1

 

Description of the subjects on which the Business holds records, and the categories of records  held on each

subject. Each of these records are available on request in terms of PAIA

 

      1          Client Services Records 

      1.1       Client correspondence;                                        1.7             Proposal and tender documents;

 

      1.2       Client fee files;                                                     1.8       Project plans;

 

      1.3       Client contracts;                                                   1.9       Risk    management records;          Solution

                                                                                                       methodologies;

      1.4       Client business                                                

                     information;                                                         1.10            Standard terms and conditions of supply of

                                                                                                       goods and/or services;

      1.5       Legal documentation;

 

      1.6       Working papers.

 

 

 

      1          Corporate Governance 

      1.1       Codes of conduct;                                                1.4            Executive committee meeting minutes;

 

1.2       Corporate social investment 1.5       Legal compliance records; records;          

                                                                                           1.6       Policies.

      1.3       Board meeting minutes; and

 

 

 

      1          Finance and Administration 

      1.1       Accounting records;

 

1.2       Annual financial statements;

 

1.3       Agreements; Banking records;

 

      1.4       Correspondence;

 

      1.5       Purchase orders.

      1.6       Remittances;

 

      1.7        Invoices and statements;

 

      1.8        Tax records and returns;

 

      1.9        Statistics SA returns; and

      1          Human Capital 

      1.1       BEE statistics;

 

      1.2         Career development records;

 

      1.3       Personnel information;

 

      1.4       Employment equity reports;

 

      1.5        General terms of employment;

 

      1.6       Letters of employment;

 

      1.7       Leave records.

 

 

 

      1.8       PAYE records and returns;

 

      1.9        Performance management records;

 

1.10     Assessments; Policies and procedures;

 

      1.11     UIF returns;

 

      1.12     Retirement benefit

 

1                 Information Management and Technology

 

1.1            Agreements;             1.3       Information policies; and

 

1.2            Equipment    1.4       standards, procedures and guidelines. register;

 

 

1                 Learning and Education

 

1.1            Training material;      6.4       Training agreements.

 

1.2            Training records and statistics;

 

      6.3       Learnership Programmes.

 

 

1                 Library and Information and Research Centre

 

1.1            External       1.4       Periodicals; and publications;      

                                                                                           1.5       Research files and articles.

1.2            Internal

publications;

 

1.3            Reference

works;
      1.13      Medical Aid records; and

      1           Marketing and Communication 

      1.1       Proposal documents;

 

      1.2       New business development;

 

      1.3         Brand information management;

 

      1.4       Marketing strategies;

 

      1.5       Communication strategies;

      1.6       Agreements;

 

      1.7       Client relationship programmes;

 

1.8       Marketing publications and brochures; and

 

      1.9       Sustainability programmes.

 

      1          Operations 

      1.1       Access control records;

 

      1.2       Agreements;

 

      1.3        Archival administration documentation;

 

      1.4       Communication strategies;

 

      1.5       General correspondence;

 

      1.6       Patents and Trade Mark documents;

 

      1.7       Insurance documentation;

 

      1.8       Service level agreements;

 

 

 

      1          Secretarial Services 

 

      1.9        Standard trading terms and

conditions of supply of services and

goods;

 

      1.10      Travel documentation;

 

1.11     Procurement agreements and documentation;

 

      1.12     Used order books;

 

      1.13     Vehicle registration documents; and

 

1.14 Cellular phone registration documents, including RICA.

1.1 Applicable statutory documents, including but not limited to, certificates of incorporation and certificates to commence business;

 

                  1.2       Corporate structure documents;

 

                  1.3       Memoranda and Articles of Association;

 

                  1.4       Share registers;

 

                  1.5       Statutory Returns to relevant authorities;

 

                  1.6       Share certificates;

 

                  1.7       Shareholder agreements;

 

                  1.8       Minutes of meetings; and

 

                  1.9       Resolutions passed.

Annexure 2

 

LIST OF APPLICABLE LEGISLATION 

Administration of Adjudication of Road Traffic Offences Act 46 of 1998
Basic Conditions of Employment Act 75 of 1997
Bills of Exchange Act 34 of 1964
Broad-Based Black Economic Empowerment Act 53 of 2003
Companies Act 71 of 2008
Compensation for Occupational Injuries and Diseases Act 130 of 1993
Competition Act 89 of 1998
Constitution of South Africa Act 108 of 1996
Consumer Protection Act 68 of 2009
Copyright Act 98 of 1987
Criminal Procedure Act 51 of 1977
Electronic Communications and Transactions Act 2 of 2000
Employment Equity Act 55 of 1998
Health Act 63 of 1977
Income Tax Act 58 of 1962
Labour Relations Act 66 of 1995
Long Term Insurance Act 52 of 1998
National Building Regulations and Building Standards Act 103 of 1997
National Credit Act 34 of 2005
National Environmental Management Act 107 of 1998
National Environmental Management: Air Quality Act 39 of 2004
National Environmental Management: Waste Act 59 of 2008
National Water At 36 of 1998
National Road Traffic Act 93 of 1996
Occupational Health and Safety Act 85 of 1993
Patents Act 57 of 1987
Prescription Act 18 of 1943
Promotion of Access to Information Act 2 of 2000
Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000
Protected Disclosures Act 26 of 2000
Protection Of Personal Information Act 4 of 2013
Regulation of Interception of Communications and Provisions of Communication Related

Information Act 70 of 2002
Sales and Service Matters Act 25 of 1964
Securities Services Act 36 of 2004
Securities Transfer Act 25 of 2007
Skills Development Act 97 of 1997
Skills Development Levies Act 9 of 1999
South African Reserve Bank Act 90 of 1989
The South African National Roads Agency Limited & National Roads Act 7 of 1998
Trademarks act 194 of 1993
Unemployment Insurance Act 63 of 2001
Unemployment Insurance Fund Contributions Act 4 of 2002
Value-Added Tax Act 89 of 1991  

Although we have used our best endeavours to supply a list of applicable legislation, it is possible that this list may be incomplete. Whenever it comes to our attention that existing or new legislation allows a Requester access on a basis other than as set out in PAIA, we shall update the list accordingly. If a Requester believes that a right of access to a record exists in terms of other legislation listed above or any other legislation, the Requester is required to indicate what legislative right the request is based on, to allow the Information Officer the opportunity of considering the request in light thereof.

Annexure 3

 

 

ACCESS REQUEST FORM – RECORD OF PRIVATE BODY
(Section 53(1) of the Promotion of Access to Information Act, 2000) [Regulation 10]  

 

 

 

COMPLETION OF ACCESS REQUEST FORM

 

1                 The Access Request Form must be completed.

 

2                 Proof of identity is required to authenticate the identity of the requester. Attach a copy of the requester’s identification document.

 

3                 Type or print in BLOCK LETTERS an answer to every question.

 

4                 If a question does not apply, state “N/A”.

 

5                 If there is nothing to disclose in reply to a question, state “nil”.

 

6                 When there is insufficient space on a printed form, additional information may be provided on an attached folio, and each answer on such folio must reflect the applicable title.

 

 

1                 Particulars of Private body

The Information Officer:

 

                                 Name and surname:                         Werner ENSLIN

 

                                 Physical address:                           566 SERENE STREET GARSFONTEIN PRETORIA, ZA 0081

 

                                 Postal address:                              566 SERENE STREET GARSFONTEIN PRETORIA, ZA 0081

 

                             Telephone Number:                          0118232255

 

                                 Email address:                                 enslinw@gmail.com

 

2                 Particulars of Requester (if natural person)

 

a)  The particulars of the person who requests access to the record must be given below.

b)  The address and/or fax number in the Republic to which the information is to be sent must begiven.     

c)  Proof of the capacity in which the request is made, if applicable, must be attached.  

 

Full names and surname: …………………………………………………………………………………………..

Identity number: ………………………………………………………………………………………………………..

Postal address: ……………………………………………………………………………………………………………

Fax number: ……………………………………………………………………………………………………………..

Telephone number: ………………………………………………………………………………………………………

Email address: ………………………………………………………………………………………………………………………..

Capacity in which request is made, when made on behalf of another person:

…………………………………………………………………………………………………………………………………….

 

                  3           Particulars of Requester (if a legal entity)

 

a)  The particulars of the entity that requests access to the record must be given below.

b)  The address and/or fax number in the Republic to which the information is to be sent.

c)  Proof of the capacity in which the request is made, if applicable, must be attached.  

 

Name: …………………………………………………………………………………………..

Registration number: ……………………………………………………………………………………………………….

Postal address: ……………………………………………………………………………………………………………

Fax number: ……………………………………………………………………………………………………………..

Telephone number: ………………………………………………………………………………………………………

Email address: ………………………………………………………………………………………………………………………..

 

4                   Particulars of person on whose behalf request is made

 

This section must be completed ONLY if a request for information is made on behalf of anotherperson.                                                                                                       

Full names and surname: …………………………………………………………………………………………….. Identity number: ………………………………………………………………………………..

 

5                   Particulars of record

 

a)

Provide full particulars of the record to which access is requested, including the reference number if that is known to you, to enable the record to be located.

If the provided space is inadequate, please continue on a separate folio and attach it to this form. The
requester must sign all the additional folios.  

1.  Description of record or relevant part of the record:

 

 

 

 

 

 

 

 

2.  Reference number, if available:

 

 

 

3.  Any further particulars of record

 

 

 

 

 

6                 Fees

 

a)  A request for access to a record, other than a record containing personal information about yourself,

will be processed only after a non-refundable request fee of R35,00 has been paid.

b)  The fee payable for access to a record depends on the form in which access is required and the reasonable time required to search for and prepare a record.

c)   You will be notified of the amount required to be paid as the access fee.

d)  If you qualify for exemption of the payment of any fee, please state the reason for exemption.  

 

Reason for exemption from payment of fees:

 

 

7                 Form of access to record

 

Mark the appropriate box with an X.

NOTES:

(a)      Compliance with your request in the specified form may depend on the form in which the record is available.

(b)      Access in the form requested may be refused under certain circumstances. In such a case you will be  informed whether access will be granted in another form.

(c)       The fee payable for access to the record, if any, will be determined partly by the form in which access is requested.

 

 

1. If the record is in written or printed form: 

              copy of record*                                  inspection of a record
2. If record consists of visual images

(photographs, slides, video recordings, computer-generated images, sketches, etc):

view the images copy of the images

the images*

transcription of
3. If record consists of recorded information that can be reproduced in sound:

listen to the soundtrack (audio cassette)

transcription of soundtrack* (written or printed document)
4. If record is held on computer or in an electronic or machine-readable form:

printed copy of record*

printed copy of copy information derived from record* or

in computer readable form* (stiffy compact disc)
*If you are requesting a copy or transcription of a record (above), do you wish the copy or transcription to be posted to you?

Postage is payable
YES
NO

 

 

8                 In the event of disability

 

 

If you are prevented by a disability to read, view or listen to the record in the form of access provided for in 1 to 4 hereunder, state your disability and indicate in which form the record is required.
Disability:

Form in which record is required:

 

 

9                 Particulars of right to be exercised or protected

 

If the provided space is inadequate, please continue on a separate folio and attach it to this form. The requester must sign all the additional folios.  

1.      Indicate which right is to be exercised or protected:

 

 

 

 

 

 

2.      Explain why the record requested is required for the exercise or protection of the aforementioned right:

 

 

 

 

 

 

 

10              Notice of decision regarding request for access

 

You will be notified in writing whether your request has been approved/denied. If you wish to be informed in another manner, please specify the manner and provide the necessary particulars toenable compliance        with your request.  

How would you prefer to be informed of the decision regarding your request for access to the record?  

 

 

 

 

 

 

                  Signed at on this                               day of 20                       

 

 

 

 

SIGNATURE OF REQUESTER/ PERSON ON WHOSE BEHALF THE REQUEST IS MADE

 

 

 

 

Annexure 4

 

FEES 

 

1                 The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof.

 

2                 The fees for reproduction referred to in regulation 11(1) are as follows:  

R
(a)
For every photocopy of an A4-size page or part thereof
1,10
(b)
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form
0,75
(c)
For a copy in a computer-readable form on –

(d)
(i)
For a transcription of visual images, for an A4-size page or part thereof
40,00

(ii)
For a copy of visual images
60,00
(e)
(i)
For a transcription of an audio record, for an A4-size page or part thereof
20,00

(ii)
For a copy of an audio record
30,00 

 

3                 The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2) is R50,00.

 

4                 The access fees payable by a requester referred to in regulation 11(3) are as follows:  

R
(1)
(a)
For every photocopy of an A4-size page or part thereof
1,10

(b)
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form
0,75

(c)
For a copy in a computer-readable form on –

(d)
(i)
For a transcription of visual images, for an A4-size page or part thereof
40,00

(ii)
For a copy of visual images
60,00

(e)
(i)
For a transcription of an audio record, for an A4-size page or part thereof
20,00

(ii)
For a copy of an audio record
30,00

(f)
To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.  

5                 For purposes of section 54(2) of PAIA, the following applies:

 

5.1             Six hours as the hours to be exceeded before a deposit is payable; and

 

5.2             one third of the access fee is payable as a deposit by the requester.

 

6                 The actual postage is payable when a copy of a record must be posted to a requester.

Annexure 5

 

Part 1

 

PROCESSING OF PERSONAL INFORMATION IN ACCORDANCE WITH POPIA 

 

 

Purpose of the Processing of Personal Information  

Type of Processing  

1

 

2

 

2.1

 

2.2

 

2.3

 

2.4

 

2.5

 

2.6

 

2.7

 

3

 

4

 

5
To provide services to the Client in accordance with terms agreed to by the Client;

To undertake activities related to the provision of services and transactions, including:

to fulfil foreign and domestic legal, regulatory and compliance requirements and comply with any applicable treaty or agreement with or between foreign and domestic governments applicable to the Business

to verify the identity of Client representatives who contact the Business or may be contacted by the Business;

for risk assessment, information security management, statistical, trend analysis and planning purposes;

to monitor and record calls and electronic communications with the Client for quality, training, investigation and fraud prevention purposes; for crime detection, prevention, investigation and prosecution; to enforce or defend the Business’s rights; and to manage the Business’s relationship with the Client.

The purposes related to any authorised disclosure made in terms of agreement, law or regulation;

Any additional purposes expressly authorised by the Client; and

Any additional purposes as may be notified to the Client or Data

Subjects in any notice provided by the Business 

Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

 

 

 

 

 

 

Part 2 

Categories of Data Subjects and categories of Personal Information relating thereto

 

 

Categories of Data Subjects of and categories of Personal Information relating thereto  

 

Data Subject
Personal Information Processed
Client:

 

o  Corporate

Client Profile information including, account details, payment information, corporate structure, client risk rating and other client information including to the extent the categories of information relate to individuals or representatives of clients (e.g., shareholders, directors, etc.) required for the above-mentioned purposes

 

o  Individual;

Name; contact details (Business E-Mail Address, Business Telephone Number), client details (Home Facsimile Number, Home Postal Address, Home Telephone Number, Personal

Cellular, Mobile Or Wireless Number, Personal E-Mail Address); regulatory identifiers (e.g. tax identification number); Account information (Bank Account Currency Code, Bank Account Id,

Bank Account Name, Bank Account Number, Bank Account Type, Bank account balance); transaction details and branch details; “knowyour client” data, photographs; other identification and verification data as contained in images of ID card, passport and other ID documents; images of client signatures) 

•        Natural Persons;

 

•        Juristic

Persons. 

Personal data relating to a Data Subject received by or on behalf of the Business from the

Client, Client affiliates and their respective representatives and related parties in the course of providing accounts and services to the Client or in connection with a transaction or services. Client personal data

may include names, contact details, identification and verification information, nationality and residency information, taxpayer identification numbers, voiceprints, bank account and transactional information

(where legally permissible), to the extent that these amount to personal data under POPIA. 

Payment beneficiaries: Bank Account Currency

Code, Bank Account Id, Bank Account Name, Bank Account Number, Bank Account Type; beneficiary address, transaction details; payment narrative and, for certain data

transferred from the UK only, National Insurance numbers.

 

Personnel:

 

Name; employee ID number; business contact details (address/telephone number/email address)

 

 

 

 

 

 

 

Part 3 

Cross border transfers of Personal Information 

When making authorized disclosures or transfers of personal information in terms of section 72 of POPIA, Personal Data may be disclosed to recipients located in countries which do not offer a level of protection for those data as high as the level of protection as South Africa.

 

 

 

Part 4 

Description of information security measures 

The Business undertakes to institute and maintain the data protection measures to accomplish the following objectives outlined below. The details given are to be interpreted as examples of how to achieve an adequate data protection level for each objective. The Business may use alternative measures and adapt to technological security development, as needed, provided that the objectives are achieved.

 

1                 Access Control of Persons

 

The Business shall implement suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data are processed.

 

2                 Data Media Control

 

The Business undertakes to implement suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by the Business and containing personal data of Clients.

 

3                 Data Memory Control

 

The Business undertakes to implement suitable measures to prevent unauthorized input into data memory and the unauthorized reading, alteration or deletion of stored data.

 

4                 User Control

 

The Business shall implement suitable measures to prevent its data processing systems from being used by unauthorized persons by means of data transmission equipment.

 

5                 Access Control to Data

 

The Business represents that the persons entitled to use the Business’s data processing system are only able to access the data within the scope and to the extent covered by their respective access permissions (authorization).

 

6                 Transmission Control

 

The Business shall be obliged to enable the verification and tracing of the locations / destinations to which the personal information is transferred by utilization of the Business’s data communication equipment / devices.

 

7                 Transport Control

 

The Business shall implement suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission thereof or during the transport of the data media.

 

 

8                 Organization Control

 

The Business shall maintain its internal organization in a manner that meets the requirements of this Manual.

Annexure 6

 

OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE

PROTECTION OF PERSONAL INFORMATION ACT, 2013

 

REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018 

Note:

 

1                 Affidavits or other documentary evidence as applicable in support of the objection may be attached.

 

2                 If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.

 

3                 Complete as is applicable.

 

 

A  

DETAILS OF DATA SUBJECT  

Name(s) and surname/ registered name of data subject:

Unique Identifier/ Identity Number

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

B  

DETAILS OF RESPONSIBLE PARTY  

Name(s) and surname/ registered name of data subject:

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

C  

REASONS FOR OBJECTION IN TERMS OF

SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection)

 

Signed at …………………………………… this …………………. day of ………………………20………… 

……………………………………………………

 

Signature of data subject/designated person

Annexure 7

 

REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013

 

REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018

 

[Regulation 3] 

Note:

 

1.     Affidavits or other documentary evidence as applicable in support of the request may be attached.

 

2.     If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.

 

3.     Complete as is applicable.

 

Mark the appropriate box with an “x”.

 

Request for:

 

 

Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.

 

Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information.

 

 

 

A  

DETAILS OF DATA SUBJECT  

Name(s) and surname/ registered name of data subject:

Unique Identifier/ Identity Number

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

B  

DETAILS OF RESPONSIBLE PARTY  

Name(s) and surname/ registered name of data subject:

Residential, postal or business address:

Contact number(s):

Fax number / E-mail address:

 

C  

REASONS FOR OBJECTION IN TERMS OF

SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection)  

D  

REASONS FOR *CORRECTION OR

DELETION OF THE PERSONAL

INFORMATION ABOUT THE DATA

SUBJECT IN TERMS OF SECTION

24(1)(a) WHICH IS IN POSSESSION OR

UNDER THE CONTROL OF THE

RESPONSIBLE PARTY; and or

REASONS FOR *DESTRUCTION OR

DELETION OF A RECORD OF

PERSONAL INFORMATION ABOUT THE

DATA SUBJECT IN TERMS OF SECTION

24(1)(b) WHICH THE RESPONSIBLE

PARTY IS NO LONGER

AUTHORISED TO RETAIN. (Please provide detailed reasons for the request)

 

SPARKLE DUST CC (“Business”) PRIVACY POLICY

INDEX 

1.        INTRODUCTION

2.        COLLECTION OF PERSONAL INFORMATION

3.        CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS

4.        SPECIAL PERSONAL INFORMATION

5.        PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING

6.        DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

7.        INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

8.        DATA SECURITY

9.        DATA ACCURACY

10.     DATA MINIMISATIONS

11.     DATA RETENTION

12.     YOUR LEGAL RIGHTS

13.     COOKIES AND SIMILAR TECHNOLOGIES (IF APPLICABLE) 

14.     DIRECT MARKETING

15.     CONTACT DETAILS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

            1.         INTRODUCTION 

1.1 The Business is committed to protecting and respecting your privacy. This privacy policy (“this Policy”) sets out how the Business uses, protects and processes any information that we collect from a Data Subject (“you”) and that you provide to us.

 

            1.2      The Business abides by the Protection of Personal Information Act, No 4 of 2013 (POPIA).

 

1.3     By providing us with your Personal Information, you –

 

            1.3.1           agree to this Policy and authorise us to process such information as set out herein; and

 

1.3.2       authorise the Business, its service providers and business partners to process your Personal Information for the purposes stated in this Policy.

 

1.3 We will not use your Personal Information for any other purpose than that set out in this Policy and will endeavour to protect your Personal Information that is in our possession from unauthorised alteration, loss, disclosure or access.

 

            1.4   Please note that we reserve the right to amend and update this Policy from time to time.

 

1.5 This Policy applies to the Business’s employees and/or any other person, including without detracting from the generality thereof, any juristic or natural person, employees, prospective employees, employment candidates, service providers, Operators, customers and consumers, governmental, provincial and municipal agencies or entities, regulators, persons making enquires and/or third parties, including all associated, related and/or family members of such Data Subjects or any person who may be acting on behalf of/or in a representative capacity in respect of the Data Subject, and from whom the Business receives Personal Information.

 

1.6 The Business will only process Personal Information referred to in section 57(1) of POPIA upon obtaining prior authorisation in accordance with section 58(1) of POPIA and subject to section 57(3) of POPIA.

 

1.7 Capitalised terms used in this Policy have the meanings ascribed thereto in section 1 of POPIA, unless otherwise defined herein.

 

 

            2.         COLLECTION OF PERSONAL INFORMATION 

2.1  We collect and process your Personal Information mainly to provide access to our service/s and to help us improve our offerings.

 

2.2  The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.

 

2.3 We collect information directly from you where you provide us with your personal details, for example when you apply for employment, solicit services from us or when you submit either your details or enquiries to us.

 

2.4 Where possible, we will inform you what information you are required to provide to us and what information is optional.

 

2.5 Website usage information is collected using “cookies” which allows us to collect standard internet visitor usage information (if applicable).

 

2.6 We will not intentionally collect and process the Personal Information of a Child unless we have the permission of a Competent Person.

 

            3.         CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS 

The Personal Information we may process includes, but is not limited to the following:

 

3.1 Name and physical address, email addresses, telephone numbers, contact details, and details of your public social media profile(s);

 

            3.2     Demographic attributes, when tied to Personal Information that identifies you;

 

3.3     Transactional data, including products and services ordered, financial details and payment methods;

 

3.4 Data from surveys and publicly available information, such as social media posts and professional profiles available in the public domain, e.g. LinkedIn, Twitter or Facebook;

 

3.5     Your curriculum vitae, skillset (if not already covered in your CV), job preferences, your eligibility to work, current and desired salary and employment conditions;

 

3.6     Information about a device you use, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, and the preferred language;

 

3.7 Consent records:  records of any consents you may have given, together with the date and time, means of consent and any related information;

 

3.8 Employer details: where you interact with us in your capacity as an employee of an organisation, the name, address, telephone number and email address of your employer, to the extent relevant; and

 

3.9 Payment details:  billing address; payment method; bank account number or credit card number; invoice records; payment records; SWIFT details; IBAN details; payment amount; payment date; and records of cheques;

 

3.10 Data relating to your visits to our website: your device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; and other technical communications information (if applicable).

 

            4.         SPECIAL PERSONAL INFORMATION 

Where we need to process your Special Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, with your consent and in accordance with applicable laws.

 

            5.         PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING 

5.1 We will only process your Personal Information in the furtherance of our main business activity in the following sector:

 

                     SELLING OF BAKING INGREDIENTS AND SUPPLIES

 

We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected.  We may subject your Personal Information to Processing during the course of various activities, including, without limitation, the following –

 

            5.1.1           operating our business;

 

5.1.2 to analyse, develop, improve and optimize the use, function and performance of our products and services;

 

            5.1.3           compliance with applicable law; and

 

            5.1.4           to manage the security of our sites, networks and systems;

 

            5.1.5         for the purpose of making contact with you and attending to your enquiries or requests;

 

5.1.6 for the purpose of carrying out actions for the conclusion and performance of a contract between the Business and yourself / the Data Subject;

 

5.1.7 for the purpose of pursuing your and/or the Business’s legitimate interests, or that of a third party to whom the Personal Information is supplied;

 

5.1.8 for the purpose of providing, maintaining and improving the Business’s products and services, and to monitor and analyse various usage and activity trends pertaining thereto;

 

5.1.9 for the purpose of performing internal operations, including management of employees, the performance of all required functions of the Business, attending to financial matters including budgeting, planning, invoicing, facilitating and making payments sending receipts and generally providing commercial support, where needed, requested or required;

 

5.1.10 for the purpose of preventing fraud and abuse of the Business’s processes, systems, procedures and operations, including conducting internal and external investigations and disciplinary enquires and hearings;

 

            5.1.11          for safety and security purposes; and 

 

            5.1.12         to comply with applicable laws.

 

5.2    You agree that the Business may use all the Personal Information which you provide to the Business, which the Business requires for the purposes of pursuing its business objectives and strategies.

 

            6.         DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES 

6.1  We may disclose your Personal Information to our clients and business partners, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your Personal Information – 

 

            6.1.1              if required by law;

 

6.1.2          to third party Operators (including, but not limited to, data processors such as providers of data hosting services and document review technology and services), located anywhere in the world, subject to 6.2;

 

6.1.4 to provide information to third party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services and customer services;

 

            6.1.5                   to any relevant party for the purposes of the prevention, investigation, detection or

prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security; and

 

6.1.7      to any relevant third-party provider, where our website uses third party advertising, plugins or content.

 

6.2     If we engage a third-party Operator to process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA.  We will

review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to –

 

6.2.1              only process such Personal Information in accordance with our prior written instructions; and

 

6.2.2              use appropriate measures to protect the confidentiality and security of such Personal Information.

 

            7.         INTERNATIONAL TRANSFER OF PERSONAL INFORMATION 

            7.1  We may transfer your Personal Information to recipients outside of the Republic of South Africa.

 

7.2 Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the Business’s products and services.

 

            8.         DATA SECURITY 

8.1 We implement appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.

 

8.2 Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.

 

8.3 Due to the fact the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.

 

            9.         DATA ACCURACY 

The Personal Information provided to the Business should be accurate, complete and up to date. Should Personal Information change, the onus is on the provider of such data to notify the Business of the change and provide the Business with the accurate data.

 

 

            10.       DATA MINIMISATIONS 

The Business will restrict its Processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.

 

            11.       DATA RETENTION 

The Business shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.

 

            12.       YOUR LEGAL RIGHTS 

You may have rights under the South African and other laws to have access to your Personal Information and to ask us to rectify, erase and restrict use of your Personal Information. You may also have rights to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information.

 

            13.       COOKIES AND SIMILAR TECHNOLOGIES (IF APPLICABLE) 

            13.1         We may process your Personal Information by our use of cookies and similar technologies.

 

13.2 Cookies are small software programs that install themselves on your computer or your mobile device. They store data specific to a particular user and remember your preferences about our website. Cookies are stored on your computer or mobile device for various lengths of time. Every time you return to our website and browse it, cookies record this data, which is then transmitted to us or to third parties with whom we work.

 

13.3 We may collect information about your computer, including where available, your operating system, browser type, third-party software installed on your device, installation and uninstallation rates, the language of your device and computers manufacturer, screen size and model of the device and any other technical information for system administration and to report aggregate information to our advertisers. This statistical data about our users’ browsing actions and patterns is derived from your Personal Information but is not considered Personal Information in law as does not identify any individual.

 

13.4    When you visit our website, we may place cookies onto your device, or read cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may process your Personal Information through cookies and similar technologies.

 

 

            14.       DIRECT MARKETING 

We may process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time.

 

            15.       CONTACT DETAILS 

You may contact us at: 

Information Officer

            Attention:          Werner ENSLIN 

            Telephone:       0118232255

            Email:               enslinw@gmail.com

CONSENT FORM FOR THE PROCESSING OF PERSONAL INFORMATION 

Capitalised terms used in this consent form have the meanings ascribed thereto in section 1 of Protection of Personal Information Act 4 of 2013.

 

 

I/We, the undersigned

 

 If legal entity:

___________________________________ (Name of entity), with registration number: _____________________________________________________ herein represented by ___________________________. 

Or

 

If natural person:

__________________________________________________ (Name and surname), with identity number _________________________.

(Hereinafter referred to as the “Data Subject”) 

 

Hereby expressly and explicitly grant my Consent to SPARKLE DUST CC (“Business”) to Process my Personal Information, on the express understanding that:

 

1. This constitutes the Data Subject’s Consent, as required under the Protection of Personal Information Act 4 of 2013 (“POPI”).

 

1.           The Data Subject confirm that the Data Subject’s Personal Information, provided is accurate, up to date, not misleading and is complete in all respects, save where same may change and then in such event, the Data Subject undertake to advise the Business or its Operator (s) of these changes.

 

2.           The Data Subject, in providing the required Personal Information to the Business and/or to its Operator, Consent and give the Business permission to process the Data Subject’s Personal Information as and where required and acknowledge that the Data Subject understand the purposes for which the Personal Information is required and for which it will be used.

 

3.           Furthermore, should any of the Personal Information which has been provided by the Data Subject concern or pertain to a legal entity whom the Data Subject represent, the Data subject in such event confirm that Data Subject have the necessary authority to act on behalf of such legal entity/Data Subject and that he/she has the right to provide the Personal Information and/or the required Consent to use said Personal Information, on behalf of the aforementioned legal entity.

 

4.           Furthermore, should any of the Personal Information belong to any of my dependants and/or beneficiaries who are underage, I in my capacity as their legal guardian and Competent Person give the Business the appropriate permission to process their Personal Information for the purposes for which these details were given.

 

5.           Lastly, the Data Subject hereby agree to the Business’s Privacy Policy, which is located on the Business’s website, alternatively available upon request by the Data Subject to the Business. The Data Subject specifically agree that they understand the terms contained in the Privacy Policy and confirm that same is binding on the Data Subject.

 

 

 

 

            ______________________________                   ______________________________

SIGNATURE DATE

 

 

0
    0
    Your Cart
    Your cart is emptyReturn to Shop
    Open chat
    Hello
    How can we help you?