PROTECTION OF PERSONAL INFORMATION POLICY
Home » PROTECTION OF PERSONAL INFORMATION POLICY
Welcome to JustJumps's POPI
- Definitions
- “Company” means Just Jump (Pty) Ltd with registered physical address of 21 Narnia Village, Knysna, 6571
- “Data subject” refers to the natural or juristic person to whom personal information relates, such as an individual client, customer or a company that supplies the Company with products or other goods.
- “Personal Information” is any information that can be used to reveal a person’s identity. Personal information relates to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person (such as a company), including, but not limited to information concerning:
- race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language and birth of a person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the per son;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person;
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
- “Information Asset” means any piece or collection of information, stored, defined and managed as a single unit so that we can understand it, share and protect it effectively and get the most value from it.
- “Information Officer” means the individual who is responsible for ensuring the Company’s compliance with POPIA.
- Where no Information Officer is appointed, the head of the Company will be responsible for performing the Information Officer’s duties.
- Once appointed, the Information Officer must be registered with the South African Information Regulator established under POPIA prior to performing his or her duties. Deputy Information Officers can also be appointed to assist the Information Officer.
- INTRODUCTION
- The right to privacy is an integral human right recognised and protected in the South African Constitution and in the Protection of Personal Information Act 4 of 2013 (“POPIA”).
- POPIA aims to promote the protection of privacy through providing guiding principles that are intended to be applied to the processing of personal information in a context -sensitive manner.
- Through the provision of service, the Company is necessarily involved in the collection, use and disclosure of certain aspects of the personal information of clients, customers, employees and other stakeholders.
- A person’s right to privacy entails having control over his or her personal information and being able to conduct his or her affairs relatively free from unwanted intrusions.
- Given the importance of privacy, the Company is committed to effectively managing personal information in accordance with POPIA’s provisions.
- Purpose
- This policy and compliance framework establishes measures and standards for the protection and lawful processing of Personal Information within our Company and provides principles regarding the right of individuals to privacy and to reasonable safeguarding of their Personal Information.
- This policy and compliance framework establishes measures and standards for the protection and lawful processing of Personal Information within our Company and provides principles regarding the right of individuals to privacy and to reasonable safeguarding of their Personal Information.
- Scope
- All employees, companies, departments and individuals directly associated with us are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.
- Any service provider that provides information technology services, including data storage facilities, to our Company must adhere to the requirements of the POPI Act to ensure adequate protection of Personal Information held by them on our behalf. Confirmation of this adherence must be obtained from relevant service providers and stored on our Company data repository.
- Legislative Framework and References
- This policy is underpinned by South African Laws, international norms and standards, and best practices.
- This policy is underpinned by South African Laws, international norms and standards, and best practices.
- The framework and references include the following:
- Protection of Personal Information Act No. 4 of 2013
- Just Jump (Pty) Ltd Privacy Policy
- Aim
- The aim of this Policy is to inform and clarify the purpose for which we will process Personal Information, as well as the protection of our Information Assets from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.
- The aim of this Policy is to inform and clarify the purpose for which we will process Personal Information, as well as the protection of our Information Assets from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.
- Policy Framework
- Accountability
- We will take reasonable steps to ensure that Personal Information obtained from Data Subjects are stored safely and securely.
- Processing limitation
- We will collect Personal Information directly from Data Subjects.
- Once in our possession we will only process or release the Data Subject`s information with their consent, except where we are required to do so by law. In the latter case we will always inform the Data Subject.
- Specific purpose
- We will collect Personal Information from Data Subjects to enable us to process the information for a specific purpose/ project in relation to what it was collected for.
- Limitation on further processing
- Personal Information will not be processed in a way that is incompatible with the purpose for which the information was collected.
- Information quality
- We will to the best of our ability ensure that Data Subject`s information is complete, up to date and accurate before we use it.
- To ensure we do this, we may need to request Data Subjects, from time to time, to update their information and confirm that it is still relevant. If we are unable to reach a Data Subject for this purpose, we will convert their data to anonymous historical data.
- Transparency
- Where Personal Information is collected from a source other than directly from a Data Subject (for example: Social media, portals) we will ensure that the data subject is informed:
- that their information is being collected;
- of the individual collecting their information; and
- the specific reason for the collection their information.
- Security safeguards
- We will ensure technical and organisational measures to secure the integrity of Personal Information, and guard against the risk of loss, damage or destruction thereof.
- We will ensure that Personal Information is only used for legitimate purposes with the Data Subject`s consent, and accessed only by authorised employees of the Company.
- Participation of individuals
- Data Subjects are also entitled to correct any information held by us.
- Data Subjects are also entitled to correct any information held by us.
- Where Personal Information is collected from a source other than directly from a Data Subject (for example: Social media, portals) we will ensure that the data subject is informed:
- Accountability
- Roles and Responsibilities
- The Information Officer is responsible for:
- Conducting a preliminary assessment
- The development, implementation and monitoring of this policy and compliance framework
- Ensuring that this policy is supported by appropriate documentation
- Ensuring that documentation is relevant and kept up to date
- Ensuring this policy and subsequent updates are communicated to relevant managers, representatives, staff and associates, where applicable.
- The Information Officer is responsible for:
- Operational Considerations
- Monitoring
- The Information Officer is responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes.
- All employees, departments and individuals directly associated with will be trained, according to their functions, in the regulatory requirements, policies and guidelines that govern the protection of personal information.
- Operating controls
- We shall establish appropriate standard operating procedures/ policies that are consistent with this policy and regulatory requirements. This will include:
- Allocation of Information Security responsibilities
- Incident reporting and management
- User identity addition or removal.
- Information security training.
- Data backup.
- We shall establish appropriate standard operating procedures/ policies that are consistent with this policy and regulatory requirements. This will include:
- Monitoring
- Policy compliance
- Any breach/es of this policy may result in disciplinary action as set out in the applicable employment agreement.
- Any breach/es of this policy may result in disciplinary action as set out in the applicable employment agreement.
- Information Officer Details
- Name: Paula Hinks
- Email address: paula@justjump.co.za
- Physical Address: 21 Narnia Village, Knysna, 6571