Privacy Policy

Consent

Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.

Data Subject

The person to whom personal information relates

Person

A natural person or a juristic person

Personal Information

Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person (whether the Company employees, directors, customers, suppliers, contractors,

shareholders, or contractors’ or suppliers’ staff), including, but not limited to:

a) any identifying number, symbol, e-mail address, physical address,

telephone number, location information, online identifier or other particular assignment to the person.

b) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.

c) the name of the person if it appears with other personal information

relating to the person or if the disclosure of the name itself would reveal information about the person

POPIA

The Protection of Personal Information Act, 4 of 2013.

Processing

Any operation or activity or any set of operations, whether by automatic means, concerning Personal Information, including:

a. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

b. dissemination by means of transmission, distribution or making available in any other form; or

c. merging, linking, as well as restriction, degradation, erasure or destruction of Personal Information.

Responsible Party

The Company as a private body, who alone or in conjunction with others, determines the purpose of and means for processing Personal Information.

The Company (FMW & AS)

Fit My Windscreen and Auto Services (Pty) Ltd, a private company established in terms of the applicable legislation of the Republic of South Africa.

CONDITION

INFORMATION

Condition 1:

Accountability

Where the Company is a Responsible Party for the

purposes of Processing Personal Information, it ensures that the eight conditions for the lawful processing of Personal Information as set out in the POPIA, and all the measures that give effect to such conditions, are complied with at the time of the determination of the purpose and means of the processing and during the processing itself.

Condition 2:

Processing Limitation

Lawfulness of processing

The Company Processes Personal information

lawfully and in a reasonable manner that does not

infringe the privacy of the Data Subject. In particular, the Company’s processing of any special personal information of a Data Subject complies with sections 26 through 35 of the

POPIA in that it is, amongst other things, only carried out where

(i) The Company has obtained the consent of the

Data Subject.

(ii) it is necessary for the establishment, exercise or

defence of a right or obligation in law; or

(iii) it serves a public interest and the processing is necessary for the purpose concerned.

Condition 3:

Notification of collection and collection for specific purpose

1. The Company processes Personal Information only for specific, explicitly defined and legitimate reasons, which purpose is communicated to the relevant Data Subject by way of privacy notices, as part of concluding agreements with the Company, in this policy and other policies and

procedures where such policies or procedures require or may result in the collection of Personal Information.

2. The Company complies with section 18 of the POPIA, in its reasonably practicable steps, by ensuring that Data Subjects are aware of

the purpose of the processing of Personal

Information.

3. If the Company is collecting information directly from a Data Subject, it will notify a Data Subject during the time of the collection.

4. The Company is not entitled to notify a Data Subject in respect of the collection of Personal Information if it is justified to do so in compliance

with section 18 of the POPIA

Condition 4:

Further Processing Limitation

1. Personal Information is not processed for a secondary purpose unless that processing is compatible with the original purpose for processing.

2. In this regard, the Company complies with section 15 of the POPIA.

Condition 5:

Information Quality

1. The Company takes reasonable steps to ensure that the Personal Information collected is complete, accurate, not misleading and updated where necessary and the Company has regard to the purpose for which Personal Information is collected or further processed when taking such steps.

2. In this regard, the Company complies with section 16 of the POPIA.

3. However, read with paragraph 5.3.5.1, Data Subjects are required to ensure that the Personal Information they provide is complete, accurate, not

misleading and consistently updated where necessary.

Condition 6:

Openness

The Company will take reasonable steps to ensure that the Data Subjects are aware of, amongst others, the Personal Information it collects and the purpose for which the Personal Information is processed. In this regard, The Company complies with sections 17 and 18 of the POPIA.

Condition 7:

Security Safeguards

1.The Company secures the integrity and confidentiality of Personal Information that it processes by taking appropriate, reasonable, technical and organisational measures to prevent:

§  loss of, damage to or unauthorised destruction of Personal Information; and

§  unlawful access to or processing of Personal Information.

Condition 8:

Data Subject Participation

1. Access to personal information: A Data Subject may (subject to the provision of adequate proof of identity to The University) request to know whether their Personal Information is held by The University, as well as the

correction and/or deletion of any Personal Information held about them, but The Company may charge an access fee to cover the cost of retrieving

the information and supplying it to a Data Subject. If The Company and the Data Subject cannot reach agreement following The Company’s receipt of such a request, the Data Subject can ask the Company to make a note of the requested correction alongside the information.

2. In this regard, sections 23, 24 and 25 are applicable to Personal Information requests by Data Subjects.

3. The Data Subject’s access to Personal Information will need to adhere to the Company’s Manual on the Promotion of Access to Information

that is readily available under the Company’s resources.

DATA SUBJECT

PERSONAL INFORMATION PROCESSED

Customers/Clients

Postal address, contact details (cellphone and e-mail address),

Employment, employees

B-BBEE/employment equity information, age, language, education, financial information (such as creditworthiness and banking details), employment history, credit information, criminal information, references, physical and postal address, contact details (cellphone and e-mail address), pregnancy, marital status, physical or mental health, medical records, well-being, disability, religion, culture, language, birth, location, online identifiers, biometric and facial recognition information, trade union membership, photographs, driver’s license, all Personal Information required for the administration of compensation and benefits (including payroll, promotions, salary increases, salary decreases, salary adjustments, bonuses, death benefit pay-outs, COIDA, disability), employee files (including performance records, disciplinary, CCMA records, employee grievances, formal written warnings), legal judgements, garnishee and other court orders

Contractors / Suppliers / Service

Providers:

Juristic Persons

Full names, identity number, gender, race / B-BBEE information, age, credit information, criminal information, references, physical and postal address, contact details (email, cell phone), financial and tax related information (tax clearance, tax pin, VAT number), and any other Personal Information required for vetting purposes in terms of financial legislation such as FICA.