Privacy Policy
Protection of Personal Information Act (POPIA) Compliance Statement
Introduction
The Protection of Personal Information Act (POPIA) is South Africa's primary legislation for data protection, designed to safeguard the privacy of individuals and regulate the processing of personal information. POPIA became effective on 1 July 2021. This policy outlines how The Human Touch complies with POPIA and demonstrates our commitment to protecting your personal information.
Our Commitment
The Human Touch is dedicated to protecting the personal information we handle. We have implemented a comprehensive data protection program to ensure compliance with POPIA, demonstrating our commitment to privacy and security.
How We Are Preparing for POPIA
We have established the following measures to ensure our compliance with POPIA:
- Information Audit: We conduct regular audits to identify and assess the personal information we hold, its source, how it is processed, and whom it may be disclosed to.
- Policies & Procedures:
- Data Protection: Our data protection policy is designed to meet POPIA's requirements, ensuring accountability, governance, and privacy by design.
- Data Retention & Erasure: We have updated our data retention policies to comply with POPIA’s data minimisation and storage limitation principles, including procedures for the lawful erasure of personal data.
- Data Breaches: Our breach response procedures are in place to identify, assess, investigate, and report personal data breaches promptly. Employees are trained to follow these procedures.
- International Data Transfers & Third-Party Disclosures: When transferring personal data outside South Africa, we use appropriate safeguards and ensure compliance with POPIA requirements for data protection.
- Subject Access Requests (SARs): Our procedures for handling SARs are designed to provide requested information within the legal timeframe and free of charge, including verification steps and response templates.
- Legal Basis for Processing: We review our processing activities to ensure they are legally justified under POPIA and maintain records of processing activities as required.
- Privacy Notice/Policy: Our Privacy Notice is updated to clearly inform individuals about why we collect their personal information, how it is used, their rights, and our safeguarding measures.
- Obtaining Consent: We have revised our consent mechanisms to ensure clear, informed, and affirmative consent for processing personal data, with easy options for withdrawal.
- Direct Marketing: Our direct marketing processes include clear opt-in mechanisms, unsubscribe options, and compliance with POPIA’s marketing requirements.
- Data Protection Impact Assessments (DPIAs): For high-risk processing activities, including special categories of data, we conduct DPIAs to assess and mitigate risks in line with POPIA.
- Processor Agreements: We ensure that any third-party processors meet POPIA’s requirements through compliant agreements and ongoing due diligence.
- Special Categories Data: Special category data is processed in compliance with POPIA’s strict conditions, including high-level encryption and explicit consent where required.
Data Subject Rights
Individuals have the right to access, correct, or request the erasure of their personal information. We provide clear processes for:
- Accessing personal data held about them
- Understanding the purpose and categories of processing
- Identifying recipients and retention periods
- Correcting or completing inaccurate data
- Requesting data erasure or restriction of processing
- Opting out of direct marketing
- Objecting to automated decision-making
- Lodging complaints or seeking legal remedies
Information Security & Technical and Organisational Measures
We implement robust security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. Our policies and procedures are continuously updated to ensure the highest level of data protection.
Roles and Responsibilities
Our designated Data Protection Officer (DPO) oversees compliance with POPIA, supported by a team responsible for data privacy and protection. The DPO and team promote awareness, assess readiness, identify gaps, and implement necessary measures.
Employee Training
We provide ongoing training for all employees to ensure understanding and compliance with POPIA. This training is part of our induction process and annual refresher courses.
Contact Us
For any questions regarding our compliance with POPIA or our data protection practices, please contact our Business Operations Manager, who also serves as the Data Protection Officer, at info@thehtgroup.co.za.