Meropa Communication (PTY) LTD takes the protection of personal information seriously and aims to comply with POPIA.
- This Personal Information Sharing Policy (the policy) applies to all staff working for Meropa Communication (PTY) LTD which includes all permanent and temporary staff, contractors, and agency workers who are subject to the conditions and scope of this policy. This policy is in addition to other requirements which may be necessary for specific operations and it is your responsibility to familiarise yourself with this policy.
- “Personal information” means any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Personal information includes, for example, names and addresses, e-mail addresses, recruitment details, financial history and the like. It also includes opinions about individuals as well as facts and also applies to corporate contacts.
- “Special personal information” is information such as religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life or criminal behaviour.
- Purpose definition and limitation
- Personal information can only be collected and further processed for lawful, specific and explicitly defined purposes related to a function or activity of Meropa Communication (PTY) LTD.
- After personal information has been collected by Meropa Communication (PTY) LTD it cannot be processed for purposes which are incompatible with the original ones.
- For example, this means that personal information processed by the HR department for HR purposes will likely not be able to be lawfully processed company for marketing purposes.
- Personal information to be kept confidential
- Meropa Communication (PTY) LTD must keep personal information confidential and safe from undue disclosures.
- That means that sharing personal information with an external third party is an exception to the confidentiality rule, and must be analysed in detail to ensure lawfulness, notably considering:
- Whether the purpose for which the external third party requires the personal information is compatible to
the original purpose for which the information was collected;
- Whether sharing the personal information with the external third party will constitute a transborder flow
of information; and
- Whether sharing the personal information with the external third party will likely put the information at
risk due to the poor security measures the third party has in place.
PROCEDURES TO FOLLOW
- If you receive a request for personal information you must: (a) notify the Information Officer who will guide you.
- If you are required to share personal information, you must consider whether the personal information is to be shared internally (i.e. within Meropa Communication (PTY) LTD) or externally (i.e. with an agent, a public authority, an unconnected third party or other entities within Meropa Communication (PTY) LTD.
- If you are unsure which category the personal information sharing falls into, please contact the Information Officer for further advice.
- You should document at all times any questions asked, answers given and authorisation gained by any parties involved when dealing with a personal information sharing request.
- Where you are asked to share personal information with unconnected third parties / public authorities, the Information Officer will handle the process himself/herself.
- We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.
- From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.
- We also create a back-up for operational and safety purposes.
- We will promptly notify you if we become aware of any unauthorised use, disclosure or processing of your Personal Information.
Personal information relating to clients should not be shared with third parties, without seeking further guidance from the Information Officer.
CONSEQUENCES OF NON-COMPLIANCE
It is essential that all staff comply with all relevant parts of this policy. Any failure to comply with this policy could have serious consequences for MEROPA COMMUNICATION (PTY)LTD and its employees. Failure to comply may lead to: disciplinary action, including summary dismissal (without notice or a payment in lieu of notice) for serious or repeated breaches; civil or criminal proceedings; and/or personal liability for those responsible.
This policy has been reviewed and approved by the Information Officer, and is subject to change without prior notice.
CONTACT DETAILS OF THE IO
Name: Jacinta Sequeira
Address: Building 9, Inanda Office Business Park, 54 Wierda Road, Wierda Valley West, Sandton, Johannesburg, 2196
E-mail address: email@example.com
Telephone number: 0115067300