Respecting and protecting your privacy and Personal Information (refer to the definition of Personal Information at the end of this policy statement) is very important to DMI Engineering (Pty) Ltd. It is also a Constitutional right and good business practice requirement which we take very seriously.
In line with the 8 Conditions for Lawful Procession of Personal Information as set out in the Protection of Personal Information Act no 4 of 2013 (the Act), we –
- Accept joint responsibility and accountability with you to responsibly manage and protect your Personal Information when providing our services and solutions to you;
- Undertake to collect and process only such Personal Information which is necessary given the purpose for which it is processed and to assist you with your required solutions, conclude the necessarily related agreements and consider the legitimate legal interests of everyone concerned, as required by the Act. We will at all times respect your right to withdraw your consent for the processing of your Personal Information;
- Undertake to only use your Personal Information for the purpose for which the information is essential to enable us to assist you or provide solutions to you;
- Undertake not to share or further process your Personal Information with anyone or for any reason if not required for assisting you with your solutions or as required in terms of legislation or regulations;
- Undertake to take reasonably practicable steps to ensure that information is complete, accurate, not misleading and, where necessary, is updated;
- Undertake to be open and transparent on the nature, extent and reasons for processing Personal Information;
- Undertake to safeguard and protect your Personal Information in our possession;
- Undertake to freely confirm what Personal Information we hold of you, to update and rectify the Personal Information upon request and to keep it for no longer than required.
By providing us with your Personal Information, you agree to this Policy and authorise us to process such information as set out herein and you authorise DMI Engineering (Pty) Ltd for the purposes set out herein.
We will not use your Personal Information for any other purpose than that set out in this Policy and we will take the necessary steps to secure the integrity and confidentiality of Personal Information in our possession and under our control by taking appropriate and reasonable measures to prevent loss of, damage to or unauthorised destruction of your Personal Information and to prevent the unlawful access to, or processing of Personal Information.
2. REASONS FOR PROCESSING PERSONAL INFORMATION
We, or the entities who provide or assist with the solutions you required (if any), need to collect, use and keep your Personal Information as prescribed by relevant legislation and regulations and for reasons such as:
- To provide all relevant services in accordance with your mandate to us as set out in the engagement letter and our maintain our relationship;
- To respond to your queries;
- To confirm and verify your identity or to verify that you are an authorised user for security purposes;
- To comply with all legislative or regulatory requirements related to services provided to you by us;
- To fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, to communicate with you and to carry out instructions and requests
- For any other operational purposes required to assist you with the solutions you require;
- To comply with our legal obligations to you, for example health and safety obligations while you are on any of our premises, or to a third party;
- In connection with possible requirements by the Information Regulator or other Government agencies allowed by law, legal proceedings, or court rulings.
3. BUSINESS ACTIVITIES FOR WHICH PERSONAL INFORMATION IS PROCESSED
- Recruitment and Employment purposes
- Administering, managing and developing our businesses and services;
- Security, quality and risk management activities;
- Complying with any requirement of law or regulations that are applicable to us
4. SHARING OR TRANSFER OF PERSONAL INFORMATION
Our employees will have access to your Personal Information to administer and manage our services and internal business processes. In general, we do not share your Personal Information with third parties (other than with Credit Guarantee Insurance Corporation of Africa Limited (“CGIC”), a licensed non-life insurer, in terms of our trade-credit insurance policy with them. CGIC will process this personal information for underwriting, policy administration, claims management and related insurance purposes) or unless we have a lawful basis for doing so.
This will only be done in strict adherence to the requirements of the Act.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of legislation, regulations or industry codes;
- Where we believe it is necessary to protect our rights;
- When explicitly requested by you;
- With professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal Information may be shared with these advisers as necessary in connection with the services they have been engaged to provide.
5. INFORMATION SECURITY
We are legally obliged to provide adequate protection for the Personal Information we hold and to stop unauthorised access and use thereof. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your Personal Information remains secure.
Generally accepted standards of technology and operational security have been implemented to protect information from loss, misuse, alteration, or destruction. All DMI Engineering (Pty) Ltd’s employees are trained on information security and are required to keep Personal Information confidential and only authorised persons have access to such information.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
6. RETENTION OF PERSONAL INFORMATION
We shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.
7. YOUR RIGHTS: ACCESS TO INFORMATION
You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us via the numbers/addresses provided below or on our website and specify what information you require. We might need proof of authorisation or a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
8. AMENDMENTS TO YOUR INFORMATION
You have the right to ask us to update, correct or delete your personal information. We will require proof of identity and/or authority before making changes to personal information we may hold of you. We would appreciate it if you would keep your personal information accurate and up to date.
9. HOW TO CONTACT US
If you have any queries about this notice, you need further information about our privacy practices, wish to withdraw consent, exercise preferences or access or correct your personal information, please contact us at: firstname.lastname@example.org or the numbers/addresses listed on our website.
Any additional information or concerns can be found and raised with the Information Regulator, who can be contacted as shared below, but please feel free to contact me/us first to discuss any questions or concerns you may have:
Information Regulator: Philip de Wet
Tel: 012 742 3950
Personal Information is defined by the Protection of Personal Information Act (the Act) as:
“Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person”.