GLOBITAL PTY LTD (ACN 604 671 150)

GLOBITAL SOUTH AFRICA (PTY) LTD  (Registration Number: 2016/401649/07)

(‘Globital’ for ease of reference)

Policy in Terms of the South African Protection of the Personal Information Act, No. 3 of 2013 (‘Act’) and European Union General Data Protection Regulation (‘GDPR’) as well as the Australian Privacy Act of 1988 (‘Privacy Act’) (as is amended)

 

 

  • INTRODUCTION

 

      1. By virtue of Globital’s business, it naturally from time to time comes into possession of various items classified as personal information.
      2. Globital undertakes to ensure that its employees, directors, affiliates, partners and/or clients adhere to the strictest levels of confidentiality and respect the individual’s right of privacy.
      3. Globital utilises conformity with the Act in order to concurrently comply with GDPR and the Privacy Act to the extent required by Globital in its jurisdiction.

 

  • Accountability

 

      1. To the extent that Globital gathers personal information which it provides to a third party contracted to it, Globital acts in the capacity of an Operator as is defined in the Act (a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party).
      2. To the extent that Globital can be considered to be the party processing personal information, it shall be acting in the capacity of being a Responsible Party in terms of the Act.
      3. Globital shall at all material times comply with its obligations in terms of the Act depending on its capacity in which it is acting in the circumstances.
      4. Should Globital process or store any personal information, it confirms that the processing or storage thereof shall be for the specific reason which it was processed or stored, which it deems to be adequate and relevant, and not excessive.
      5. Globital shall record all personal information processed and maintain same to the extent required in terms of the law (as may be amended from time to time).

 

  • Purpose

 

      1. The purpose of this policy is to outline Globital’s approach to the storage and processing of personal information in line with the Act. In this regard, Globital:
        1. Strives to process personal information lawfully and reasonably, and without infringing on the privacy of the owner of the personal information;
        2. Strives to ensure the protection of personal information and constitutional rights;
        3. Shall establish conditions in accordance with applicable laws that prescribe minimum threshold requirements for the lawful processing and storage of personal information;
        4. Comply with voluntary and compulsory measures, including those established by the Regulator in order to promote the protection of personal information rights;
        5. Shall only use personal information collected for the purpose of which it was collected;
        6. Shall not release data to the media or general public unless required to do so by law.

 

  • Storage of data

 

      1. All personal information received by Globital shall be stored, only where Globital in its opinion is of the view that it requires to store such personal information for the purpose of which it was collected.
      2. All personal information stored by Globital shall be on-site and/or on Globital’s secure servers (whether hosted by Globital or a trusted third party) and secured using Globital’s reasonable measures and encryption.
      3. Personal information will be retained for the period required by Globital and/or for the period required by law.
      4. Globital may store data for a longer period of time should it be of the view that personal information may be required in the future for a specific purpose. Appropriate safeguards will be put in place in terms of the Act should the need arise. 
      5. Should Globital delete, erase or destroy data, such deletion/erasure/destruction shall be permanent.
      6. Only specific, vetted, persons within Globital shall:
        1. have the ability to access and review personal information provided on a “need to know basis”;
        2. be entitled to share or distribute the personal information for its specific purpose or as may be required by law.
      7. The persons within Globital who have access to personal information shall be bound by Globital’s confidentiality undertakings.
      8. Globital will use its reasonably best endeavours to ensure that the service providers it uses are trusted and reputable.

 

  • Unlawful disclosure of personal information

 

      1. Any unlawful or unintended disclosure of personal information or breach of the Act shall be immediately reported to the Regulator and dealt with in terms of the Act.
      2. Affected persons shall be notified within a reasonable time after Globital has undertaken its own internal (and where necessary, external) investigations.

 

  • Persons wishing to access personal information

 

      1. In the event that a third party wishes to access personal information stored by Globital, the third party shall request access in writing to Globital, who will act in accordance with the Act at all times.
      2. If Globital cannot comply with the third party’s request, it shall provide written reasons where possible.
      3. All requests for information shall be made in writing to Globital containing the identity of the person submitting the request, particulars as may be requested by Globital
      4. As a general rule, Globital will only disclose third party information where compelled by law or by court-authorised subpoena.

 

  • Information regulator

 

      1. In terms of the Act, the Information Regulator has been established and will be endowed with various power and authority once the Act is in effect.
      2. The Information Regulator will, amongst other things, seek to provide education on the collection and use of personal information, monitor and enforce compliance with the Act, handle complaints, conduct research, assist with the preparation of sectoral codes of conduct and generally assist with the implementation of the Act and assist the general public on information related issues, where required
      3. Any complaint in respect of any personal information processed by Globital and/or its related security companies may be referred to the relevant Information Regulator in writing. 

 

  • Severability

 

Any clause which does not comply with legislation shall be considered as pro non scripto in so far that it cannot be rectified to comply with legislation or Globital’s POPI policy.

 

 

  • Globital’s website/portal users

 

    1. All website/portal users undertake that their log-in and password will not be disclosed to third parties and will be used solely for personal use, and that the user will take the necessary precaution of keeping such information safe.
    2. Globital shall not be liable for any security breaches occurring on its website whatsoever, including by virtue in the event of its negligence.