National Debt Counsellors Privacy policy

NDC National Debt Counsellors (Pty) Ltd is committed to protecting your privacy. This privacy policy applies to all of the web pages related to the website, being: www.nationaldebtcounsellors.co.za

POLICY ON THE PROTECTION AND PROCESSING OF INFORMATION

 

  1. Definitions

1.1.        “NDC” means National Debt Counsellors;

1.2.        “Business” means the business of National Debt Counsellors, being the provision of the services of debt counselling, and which        includes all matters reasonably connected thereto, including matters relating to legal and corporate governance;

1.3.        “Information” means “personal information” and “special personal information” as defined in POPIA.

1.4.        “Information Officer” means the person described in clause 13;

1.5.        “Information Regulator” means the information regulator as that term is defined in Section 39 of POPIA;

1.6.        “Operator” means a Person who Processes Information on behalf of NDC in terms of a contract or mandate, without coming under the direct authority of NDC and may include, without limitation, NDC’ auditors, information technology service providers and related and/or inter-related persons  as that term is defined in Section 2 of the Companies Act No. 71 of 2008;

1.7.        “Person” means a person defined in POPIA, and “Persons” will have a corresponding meaning;

1.8.        “Policy” means this policy and any amendments made to it from time to time;

1.9.        “POPIA” means the Protection of Personal Information Act No. 4 of 2013;

1.10.     “Process” and “Processing” means anything that is done by NDC’ in relation to its Stakeholders’ Information, whether or not by automated means, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure and/or destruction of Information;

1.11.     “Stakeholder” means any Person whose Information NDC Processes, and this may include Information pertaining to NDC’ employees, candidates for employment, customers, suppliers, officers, business associates, partners, clients and the like.

 

  1. Background to POPIA

2.1.        POPIA is South Africa’s primary data protection law.

2.2.        The purpose of POPIA is to promote the protection of Information that is Processed by any Person, by prescribing certain minimum requirements for the Processing of Information.

2.3.        These minimum requirements must be met in order for a Person to Process Information and include those requirements set forth in clause 4 of this Policy.

2.4.        It is the policy of NDC that it will comply with the minimum requirements set forth in clause 4 of this Policy at all times.

 

  1. Purpose of this Policy

3.1.        From time to time in the conduct of its Business, NDC will come into possession of and will concomitantly Process the Information of its Stakeholders.

3.2.        The purpose of this Policy is to record how NDC will Process the Information of its Stakeholders and, in doing so, comply with the minimum requirements set forth in clause 4 of this Policy.

 

  1. Minimum Requirements for Processing Information

In order for NDC to Process Information in a manner which is consistent with POPIA, NDC must:

4.1.        Process the Information lawfully and in a reasonable manner that does not infringe the right to privacy of the Person whose Information is being Processed;

4.2.        Process the Information for a specific, explicitly defined and lawful purpose related to a function or activity of NDC;

4.3.        Process the Information only if, given the purpose for which it is Processed, it is adequate, relevant and not excessive and if:

4.3.1.    the Person whose Information will be Processed has consented to its Information being Processed;

4.3.2.    it is necessary to Process the Information to carry out actions for the conclusion or performance of a contract to which the Person whose Information will be Processed is a party; or

4.3.3.    it is necessary to Process the Information to comply with an obligation imposed by law on NDC or to protect a legitimate interest of NDC, the Person to whom the Information is supplied and/or the Person whose Information will be Processed;

4.4.        take reasonable steps to ensure that the Person whose Information will be Processed is aware of the Information that will be Processed, the source from which that Information will be collected and the purpose for which that Information will be Processed;

4.5.        take reasonable steps to ensure that the Information that is Processed is complete, accurate, not misleading and updated where necessary;

4.6.        take reasonable technical and organisational measures to secure the integrity and confidentiality of Information that is Processed so as to prevent the loss, damage or unauthorised destruction of Information and the unlawful access to or Processing of Information; and

4.7.        take reasonable steps to ensure that the Person whose Information will be Processed is aware of its rights in and to their Information.

 

  1. Purpose of and Processing Information

5.1.        NDC will only Process Information for a specific, explicitly defined and lawful purpose related to a function or activity carried out by it.

5.2.        NDC will accordingly Process the Information of its Stakeholders from time to time for the purpose of carrying on its Business and for good and lawful cause.

5.3.        Clause 5.1 and 5.2 above encompass situations including but not limited to assistance with credit insurance, instructions to attorneys and mandated payment distribution agents.

5.4.        NDC will ensure that it only Processes the Information of its Stakeholders for the specific purpose referred to in clause 5.2 of this Policy and will take reasonable steps to ensure that its Stakeholders are aware of that purpose.

 

  1. Source of Information

6.1.        NDC will only Process Information that it receives directly from a Stakeholder, save where:

6.1.1.    the Information is public record or has deliberately been made public by the Stakeholder;

6.1.2.    the Stakeholder has consented to the collection by NDC of the Information from another source;

6.1.3.    the collection of Information from a source other than the Stakeholder would not prejudice a legitimate interest of the Stakeholder, is necessary to maintain or comply with an obligation imposed on NDC by law or to maintain the legitimate interests of NDC or the Information will be used for legal proceedings;

6.1.4.   it is not reasonably practicable in the circumstances of the particular case to collect the Information directly from a Stakeholder, or to do so would prejudice a lawful purpose of the collection, or

6.1.5.    it has received the consent of a Stakeholder to Process Information about that Stakeholder that it receives from another source, in which event it may Process Information about a Stakeholder that it receives from another source.

 

  1. Awareness and Consent

7.1.        NDC is required to ensure that its Stakeholders are aware of the purpose for which their Information is being Processed, the manner in which it will be Processed and their rights in respect thereof. NDC will do this by:

7.1.1.    Providing a copy of this Policy on request;

7.1.2.    making a copy of this Policy available for inspection at its principal place of business at:

The Workstation, 1 Old Main Road, Umhlali, KwaZulu- Natal, 4390;

7.1.3.    using bona fide endeavours to communicate the existence of this Policy to those of its Stakeholders whose Information NDC has Processed prior to the date referred to in Section 114(1) of POPIA;

7.1.4.    referring to this Policy in its recruitment and/or job advertisements;

7.1.5.    incorporating this Policy by reference into, inter alia, the following documents:

7.1.5.1  employment agreements;

7.1.5.2  terms of engagement; and

7.1.5.3  any other contracts or agreements that NDC may enter into with its Stakeholders.

7.2         NDC will, where it is necessary or appropriate to do so, obtain the written consent of its Stakeholders to Process their Information in accordance with POPIA, inter alia, by:

7.2.1     requesting its Stakeholders to consent to the Processing by NDC of their Information;

7.2.2.    requiring applicable Stakeholders to sign any one or more of the documents contemplated in clause 7.1.5 of this Policy.

7.3.        NDC will catalogue and store the record of consents that it obtains from its Stakeholders.

 

  1. Retention and safeguarding of Information

8.1.        NDC is required to store, retain and secure the integrity and confidentiality of its Stakeholders’ Information by taking appropriate, reasonable technical and organisational measures to prevent the loss, damage or unauthorised destruction of their Information and to prevent any person from unlawfully accessing their Information.

8.2.        NDC will accordingly secure the integrity and confidentiality of its Stakeholders’ Information, inter alia, by ensuring that:

8.2.1.    Information that is in printed form is dealt with only by those representatives of NDC who need to deal with that Information;

8.2.2.    Information that is in printed form is stored in a secure cabinet or facility when it is not being Processed;

8.2.3.    all employees and officers of NDC who have access to or Process Information keep their workstations tidy and free of Information which is not then being Processed to ensure that any Information that is visible at workstations, and is not being Processed, is not disseminated other than in accordance with the provisions of this Policy;

8.2.4.    all Information in electronic form is stored in a database that is protected from unauthorised access by appropriate hardware and software;

8.2.5.    any hardware on which Information is stored is secure and password protected;

8.2.6.    employees and officers of NDC will ensure that Information is not displayed upon their computer hardware when they are not themselves Processing that Information on such hardware;

8.2.7.    where any device on which Information is stored is lost or stolen, the Information Officer is immediately notified and will use reasonable endeavours to attempt to recover and/or delete any Information stored upon that device.

8.3.        NDC will review the Information that it Processes and stores from time to time, and will destroy and/or delete any Information of its Stakeholders that is no longer required for the purpose in clause 5 of this Policy, or that it is no longer authorised or obliged to retain.

8.4.        In the event that it comes to the attention of NDC that its Stakeholders’ Information has been accessed, acquired or Processed by any unauthorised person:

8.4.1.    the Information Officer will notify the applicable Stakeholder or Stakeholders and the Information Regulator as soon as reasonably possible; and

8.4.2.    NDC will comply with such directions as the Information Regulator may prescribe.

 

  1. Disclosure of Information

9.1.        NDC will not hold its Stakeholders’ Information as its own and will make no claim to ownership thereof, unless a Stakeholder agrees otherwise.

9.2.        NDC will only disclose its Stakeholders’ Information to those of its employees and officers who need to know for the purpose described in clause 5 above and will not disclose Information to any third party unless the consent of the applicable Stakeholder to do so has been obtained.

9.3.        Notwithstanding the provisions of clause 9.2 of this Policy, NDC may disclose its Stakeholders’ Information without first obtaining consent:

9.3.1.    if NDC deems it appropriate to disclose that Information to an Operator for the purpose in clause  5 of this Policy; and/or

9.3.2.    if NDC is required by any applicable law or any applicable regulator to disclose that Information.

9.4.        NDC will not transfer the Information of any of its Stakeholders to any third party in any country in which NDC operates, other than South Africa, unless:

9.4.1.    NDC has obtained the consent of the affected Stakeholder to do so;

9.4.2.    the third party has agreed to Process that Information on substantially the same terms as those recorded in this Policy and/or in any agreement entered into between NDC and the Stakeholder;

9.4.3.    the transfer is necessary for the conclusion or performance of a contract between the Stakeholder and NDC;

9.4.4.    the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Stakeholder between NDC and a third party; or

9.4.5.    the transfer is for the benefit of the Stakeholder, and it is not reasonably practicable to obtain the consent of the Stakeholder to that transfer or, if it were reasonably practicable to obtain such consent, the Stakeholder would, in NDC’ view, likely give it.

 

  1. Information Quality

10.1.     NDC is required to take reasonably practicable steps to ensure that the Information of its Stakeholders that it Processes is complete, accurate, not misleading and updated where necessary.

10.2.     NDC will accordingly ask its Stakeholders to verify the completeness and accuracy of the Information provided by them from time to time.

 

  1. Unsolicited Information

In the event that a Stakeholder makes Information available to NDC which is gratuitous and/or not required for the purpose referred to in clause 5, this Policy (save in respect of this clause 11) will not apply, and NDC will use its bona fide efforts to secure that Information, and proceed to delete, erase or destroy that Information as soon as practicable after its receipt.

 

  1. Stakeholder Participation and Rights in and to its Information

12.1       Each Stakeholder, after having provided adequate proof of identity to NDC, has the right to:

12.1.1.  request that NDC confirms, free of charge, whether or not it holds Information about that Stakeholder;

12.1.2.  request the record of or a description of the Information that NDC holds about that Stakeholder;

12.1.3.  request that NDC correct or delete any Information in its possession or under its control about the Stakeholder that is inaccurate, irrelevant, excessive, out of date, incomplete or misleading, or destroy or delete a record of any Information about it that NDC is no longer authorised to retain;

12.1.4.  withdraw its consent for NDC to Process its Information at any time, but the withdrawal of consent will not affect:

12.1.4.1.             the Processing of its Information before the withdrawal of consent; and

12.1.4.2.             the Processing of any of its Information that is required by NDC to comply with law and/or finalise    the performance of any agreement that it has entered into with the Stakeholder concerned.

12.2.     Should any Stakeholder wish to exercise any of the rights referred to above, it can do so by contacting the Information Officer who can be contacted in the manner described in clause 13 of this Policy, and  the Information Officer will give effect to the Stakeholder’s request or withdrawal.

 

  1. Information Officer

13.1.     NDC will appoint an Information Officer.

13.2.     The name and contact details of the Information Officer can be obtained by visiting NDC’ website, or by sending an email to the following email address: info@nationaldebtcounsellors.co.za

13.3.     The Information Officer will be responsible for, inter alia:

13.3.1.  ensuring that NDC Processes the Information of its Stakeholders in a lawful and reasonable manner that does not unreasonably infringe its Stakeholders’ right to privacy;

13.3.2.  providing regular training and support to the employees and officers of NDC who have access to or Process Information, so that they can do so lawfully and in terms of this Policy;

13.3.3.  creating awareness about the provisions of this Policy, including by way of the mechanisms contemplated in clause 7 of this Policy; and

13.3.4.  ensuring that it applies due diligence in the monitoring of developments in relation to the law pertaining to protection of Information, and in amending and/or updating NDC’ approach to such protection, including by way of updating and/or amending this Policy.

13.4.    The Information Officer will be trained appropriately to give effect to this Policy, and will address any reasonable queries or concerns that any Stakeholders may have regarding this Policy or the Processing of their Information as contemplated in it.

 

  1. Information Regulator

In the event that a Stakeholder has any queries or concerns that cannot be addressed by the Information Officer, the Stakeholder has the right to contact the Information Regulator. The Information Regulator’s details are as follows:

  • Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
  • Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017
  • Email address: complaints.IR@justice.gov.za and inforeg@justice.gov.za.
  1. Status of Policy

This Policy has been adopted by and will apply to NDC

 

  1. Amendments

NDC may alter or amend this Policy or any part thereof at any time. NDC will use reasonable endeavours not to change this Policy too often, and to bring to its Stakeholders’ attention any material changes to it, but its Stakeholders will be required to ensure that they keep up to date with the latest version of the Policy that is available on NDC’ website and at NDC’ principal place of business.

 

  1. Domicilium

NDC chooses as its domicilium citandi et executandi for all purposes under the website, including the giving of any notice, the payment of any sum, the serving of any process, as follows:

1 Old Main Road

Umhlali

4390

 

If you do not accept our Privacy Policy, you must immediately cease your use of the website and log off of the website. Your continued use of the website following the posting of changes hereto signifies your acceptance of the changes.