THE PROTECTION OF PERSONAL INFORMATION ACT
(POPIA)
PRIVACY POLICY
1 Introduction
The purpose of this policy is to advise the client (data subject) of NEWCARBON services, both electronic and otherwise, why data is collected and processed, what data is in focus as well as how it is processed. NEWCARBON is committed to full compliance with the POPI Act insofar as the utilisation and disclosure of data subject personal information (PI) is concerned. Hence, technical and operational measures have been put in place to protect data subject privacy and NEWCARBON invites all data subjects and / or requesters to engage with its Information Officer (IO) in respect of any matter related hereto.
2 Scope of application
This policy applies to data subjects under the POPI Act and its principles extend to the Promotion of Access to Information Act (PAIA) in respect of requesters of records held by NEWCARBON. PI applies to both natural and juristic persons. Data subjects and requesters are invited to engage with the NEWCARBON Information Officer about any matter pertaining to the POPIA and PAIA, including but not limited to updating PI, deletion of PI, complaints in respect of how PI is being processed and updating consent for electronic direct marketing.
3 About NEWCARBON
NEWCARBON is an engineering company which design, develop, build and operate processing facilities for the manufacturing of biochar and bio-carbon products. Click here to connect to the NEWCARBON website for more details.
4 Definitions
“Cookies” are small data files sent from a server to your web browser or mobile device that is stored on your browser cache or mobile device.
“Data Subject” means the person to whom personal information relates.
“Information Officer” means the person acting on behalf of the Company and discharging the duties and responsibilities assigned to the “head” of the Company by the Acts. The Information Officer is duly authorised to act as such, and such authorisation has been confirmed by the “head” of the Company in writing.
‘‘Operator’’ means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
‘‘Personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person; (e) the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
“Personnel” means any person who works for or provides services to or on behalf of the Company and receives or is entitled to receive any remuneration. This includes, without limitation, directors (both executive and non-executive), all permanent, temporary, and part-time staff as well as contract workers.
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –
- The collection, receipt, recording, organisation, collation, storage, updating, or modification, retrieval, alteration, consultation or use;
- Dissemination by means of transmission, distribution or making available in any other form; or
- Merging, linking, as well as restriction, degradation, erasure or destruction of information.
“Record” means any recorded information, regardless of form or medium, which is in the possession or under the control of the Company, irrespective of whether it was created by the Company.
“Request” means a request for access to a record of the Company.
“Requestor” means any person, including a public body or an official thereof, making a request for access to a record of the Company and includes any person acting on behalf of that person.
“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose and means for processing personal information.
“Unique Identifier” means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.
5 Purpose of Collecting and Processing PI
NEWCARBON processes data subject PI for various purposes including for:
- Facilitating consulting services with data subjects
- Facilitation regarding to business management processes
- Fulfilling its contractual obligations to its clients and client contacts
- Complying with the provisions of statute and regulations
- Attending to the legitimate interests of data subjects
- Conduct market or customer satisfaction research
- Audit and record keeping purposes
In respect of the processing of PI as provided for the above, NEWCARBON will adhere to the conditions for the lawful processing of PI, based on its desire to provide data subjects services in their best interests as well as a legitimate interest of NEWCARBON to achieve its business objectives.
6 Period of holding Personal Information
NEWCARBON endeavours to provide the most accurate information possible to stakeholders, including data subjects. New Carbon seeks to verify the accuracy of its information as frequently as possible and to remove information that it learns to be inaccurate. Thus, NEWCARBON intends to process the information it has about data subjects for so long as it is accurate or until the data subject instructs NEWCARBON to refrain from processing it. To instruct NEWCARBON to refrain from collecting and / or processing PI, contact the Information Officer (contact details at the end of this document).
Notwithstanding the above, NEWCARBON shall hold PI for such period as may be required in terms of statutes such as the Companies Act and various labour laws.
7 Data Subject Rights
Data subjects have the right to request that NEWCARBON provide them with access to their PI, to rectify or correct their personal information, erase PI or restrict the processing of PI, including refraining from sharing it or otherwise providing it to any third parties. Data subjects also have the right to raise complaints with the Information Regulator. The afore-going rights may be subject to certain limitations pursuant to applicable law.
8 Sources of Personal Information (PI)
NEWCARBON gathers PI from several sources, which include directly from data subjects, publicly available sources such as websites, social media, commercial transactions with NEWCARBON, referrals, prospects, partner agreements, training engagements, conferences and the like. Given that PI can be extracted and / or obtained from several sources and consolidated into one CRM or other similar systems of record, it may be difficult or impossible to identify the exact source of one particular piece of information.
9 Categories of Personal Information (PI) collected and processed
NEWCARBON collects information about data subjects who may be clients, client contacts, prospective clients and prospective client contacts. It also collects information on its suppliers as well as third parties that are part of its scope of operation.
In respect of clients, client contacts, prospective clients and prospective client contacts NEWCARBON profiles business organizations and the contacts who work for the said organisations and it may have some or all of the following categories of personal information on data subjects, historical or current:
- Name and surname
- Identity Number
- Equity, Gender & Disability status
- Contact details (email, cell phone)
- Birth date
- Position held and responsibilities
- Areas of interest in respect of NEWCARBON offerings
- Record of services used
- Email correspondence and attachments
- Organisation details
- Office address and contact details
We collect and process your personal information mainly for the purpose of understanding the requirements and scope regarding to the consultation service rendered. Where possible, we will inform data subjects what information they are required to provide to NEWCARBON and what information is optional, as well as the consequences of not providing the said information. Website usage information may be collected using “cookies”.
10 Disclosure of information
NEWCARBON may disclose data subject PI to service providers who are involved in the delivery services data subjects. NEWCARBON will inform the data subject if such PI need to be disclosed.
NEWCARBON may also disclose data subject PI:
- Where it has a duty or a right to disclose in terms of law and / or industry codes; and
- where it believes it is necessary to protect its rights.
11 Information Security
NEWCARBON is legally obliged to provide adequate systems, technical and operational protection for the PI that it holds and to prevent unauthorized access to as well as prohibited use of PI. NEWCARBON will therefore on a regular basis review its security controls and related processes to ensure that the PI of data subjects remains secure.
NEWCARBON has conducted an impact assessment across all of its functions and used the findings thereof to manage risk optimally as well as to provide iterative improvements on an ongoing basis. NEWCARBON policies and procedures cover the following aspects –
- Physical security;
- Computer and network security;
- Access to personal information;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Governance and regulatory issues;
- Monitoring access and usage of private information;
- Investigating and reacting to security incidents.
NEWCARBON also ensures that it conclude contracts with Operators as required by POPI and it requires appropriate security, privacy and confidentiality obligations of these operators in order to ensure that personal information is kept secure. The same protocols apply to any party to whom NEWCARBON may pass PI on to for the purposes mentioned herein.
12 How to contact us
Tel: +27 44 020 0054
Email: +27 44 020 0054