Protection of Personal Information Act (POPI Act)POPIA
Bill Fix (PTY) LTD
Registration Number: 2021 / 614103 / 07
(“BF”)
Declaration: Protection of Personal Information
This declaration is signed as a demonstration of BF’s commitment to protect personal information. It does not intend to create any legal rights, partnerships or other legal obligations that are not contained in existing agreements concluded between the Parties.
1.BACKGROUND:
1.1.The Protection of Personal Information Act came into operation on the 1st of July 2021 which among others, places certain obligations on parties.
1.2.BF has entered into agreements with their Clients in terms of which BF provides certain billing services to their Clients.
1.3.BF wish to confirm that it has adequate safeguards in place with respect to the protection of the privacy of their Client’s and other Data Subjects Personal Information and that it complies with its obligations under the governing Applicable Laws in respect of the collection, processing, reporting and retention of BF and Private Information.
2.DEFINITIONS
In this Declaration the capitalised terms below shall, unless the context indicates otherwise, be assigned the following meanings:
2.1.“Applicable Law(s)” means all laws and regulations applicable to the Processing of Personal Information, including, but not limited to the Protection of Personal Information Act ( Act No. 4 of 2013), The National Credit Act (Act no 34 of 2005) Act, the Electronic Communications and Transactions Act, 2002, the Promotion of Access to Information Act, 2000 and any other South African Law related to Personal Information and data protection, and, to the extent applicable, any implementation Act, or any privacy or telecommunications Act provided by the Applicable Law;
2.2.“Data Subject” means an identified or identifiable natural or juristic person to whom Personal Information relates;
2.3.“Personal Information” means any information relating to a Data Subject, including, but not limited to:
2.3.1.information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
2.3.2.information relating to the education or the medical, financial, criminal or employment history of the person;
2.3.3.any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
2.3.4.the biometric information of the person;
2.3.5.the Personal opinions, views or preferences of the person;
2.3.6.correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.3.7.the views or opinions of another individual about the person; and
2.3.8.the name of the person if it appears with other Personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
2.4.“Process” or “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
2.4.1.the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.4.2.dissemination by means of transmission, distribution or making available in any other form; or
2.4.3.merging, linking, as well as restriction, degradation, erasure or destruction of information.
3.Undertakings in respect of a Client’s Personal Information.
3.1.BF may from time to time obtain, process and retain a Client’s personal information for the purposes of entering into and performing in terms of an agreement concluded by the parties.
3.2.BF has implemented processes and controls to ensure that it and each of BF’s Employees only Processes a Client’s Personal Information in accordance with the Applicable Laws and further only in so far as necessary to perform in terms of the activities under the Agreement.
3.3.BF has implemented appropriate administrative, organisational, physical and technical safeguards to protect the confidentiality, integrity and availability of the Client’s Personal Information consistent with the Applicable Laws, including, without limitation, to protect the Personal Information against destruction, loss, unauthorised disclosure or access, or any other form of unlawful processing.
3.4.Upon termination of the Agreement or after the end of the provision of services in terms of the Agreement (whichever is earlier), BF shall delete all copies of such Personal Information unless the Applicable Laws (or any other law) and or operational requirements prohibits BF from deleting all or part of the Client’s Personal Information.
3.5.With respect to any of the Client’s Personal Information that BF is unable to return or destroy following termination of the Agreement or after the end of the provision of Processing services in terms of this Agreement (whichever is earlier), BF shall continue to protect such Personal Information in accordance with the terms of the Agreement and this Agreement and shall not actively Process the Personal Information.
4.Undertakings in respect of a Data Subject’s Personal Information.
4.1.BF may from time to time process a Data Subject’s personal information for the purposes of reporting thereon to a Client.
4.2.BF has implemented processes and controls to ensure that it and/or each of BF’s Employees, only:
4.2.1.obtains a Data Subject’s Personal Information from permitted sources.
4.2.2.processes a Data Subject’s Personal Information in accordance with the permissible purposes and legitimate interests for such processing as provided for in the Applicable Laws.
4.3.CG limits their reporting on a Data Subject’s Personal Information to only such information as would be necessarily required for the permissible purpose and or legitimate interest it is requested for.
4.4.BF has implemented appropriate administrative, organisational, physical and technical safeguards to ensure that a Data Subject’s Personal Information is not retained for any period in excess of what is permitted by the Applicable Laws.
4.5.BF has implemented processes to address all disputes and requests, with regard to Personal Information processed and retained, received from Data Subjects.
4.6.BF shall promptly inform the Client if the Applicable Laws prevent BF from the processing of and reporting on Personal Information of a data subject.
5.SERVICE PROVIDER
5.1.BF only engages a service provider by way of a written agreement with such service provider, which imposes obligations on the service provider as are required by the Applicable Laws.
6.SECURITY AND SECURITY BREACHES
6.1.BF has implemented appropriate administrative, organisational, physical and technical safeguards to protect the confidentiality, integrity and availability of the Data Subject’s Personal Information consistent with the Applicable Laws, including, without limitation, to protect the Personal Information against destruction, loss, unauthorised disclosure or access, or any other form of unlawful processing.
6.2.BF has implemented measures and processes aimed at detecting, responding to and recovering from Security Breaches and to notify the required stakeholders as is required by the Applicable Laws.
7.TRANSFER OF PERSONAL INFORMATION OUTSIDE SOUTH AFRICA
7.1.BF shall not transfer a Client’s Personal Information to any other Country.
7.2.BF may be required to transfer a Data Subject’s personal information to another Country but will only do so if:
7.2.1.the party receiving the information is subject to similar privacy laws;
7.2.2.the data subject has agreed to the transfer of information;
7.2.3.such transfer is part of the performance of a contract to which the data subject is a party; or
7.2.4.transfer is for the benefit of the subject and it is not reasonably practicable to obtain their consent and that such consent would be likely to be given.
ix.co.zaPhone: 082-332-8949-or -082-558-1947-or -(010)-824-7629
Email: admin@billfix.co.za