Carscan
THE PROTECTION OF PERSONAL INFORMATION ACT NO.4 OF 2013 POLICY
1. Introduction
1.1. The Protection of Personal Information Act, No. 4 of 2013 (POPIA) aims to give effect to the Constitutional right to privacy by balancing the right to privacy of the individual against that of access to information. POPIA requires that personal information pertaining to individuals be processed lawfully and in a reasonable manner that does not infringe on the individual’s right to privacy.
1.2. In terms of POPIA, a “Responsible Party” has a legal duty to process a “Data Subject’s” Personal Information in a lawful, legitimate and responsible manner. In order to discharge this duty, CARSCAN requires its clients to provide express and informed permission to process their Personal Information or the Personal Information of their client’s
1.3. CARSCAN is committed to protecting its client’s and their privacy and ensuring that their Personal Information and the personal information of their client’s is used appropriately, transparently, securely and in accordance with all applicable laws.
1.4. This Policy sets out how personal information will be collected, used, and protected by the CARSCAN, as well as how data subjects can participate in this process in relation to their personal information.
2. Definition of Responsible Party, Operator and Personal information
2.1. According to the Act:-
2.1.1. ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Section 9 of POPIA states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
2.1.2. “responsible party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for processing personal information.
2.1.3. “operator” means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
2.2. The POPIA Act, can be found at the following link:
3. Personal Information to be collected
3.1. CARSCAN collects and processes client’s and their client’s Personal Information relative to the provision of the professional services it provides to its clients in terms of the signed contract and mandate between itself and its client.
3.2. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, we will inform client’s what information they are obliged to provide us with and what information is optional.
3.3. The personal information of its client’s and their client’s that the CARSCAN will collect and store may include:
3.3.1. Name and contact information, including your email address, telephone number, physical address, postal address and other location information;
3.3.2. Date of birth, age, gender, race, nationality, title and language preferences;
3.3.3. Identity number, passport number and photograph;
3.3.4. Correspondence from individuals of a private or confidential nature;
3.3.5. Financial Information;
3.3.6. Employment details; and
3.3.7. such other personal information as is reasonably required by us to provide the required services.
3.4. For purposes of this Policy, clients and their client’s include potential, past and existing clients and their clients whether individuals, close corporations, companies, bodies corporate, trusts and any person in a representative capacity such as members, shareholders, directors, trustees and beneficiaries.
4. The purpose of the collection, use and disclosure (the processing) of personal information
4.1. Client’s and their client’s Personal Information will only be used for the purpose for which it was collected and intended. This would include providing professional services to our client’s and their clients until the mandate given has been reasonably discharged.
4.2. According to Section 10 of POPIA, Personal Information may only be processed if certain conditions are met for CARSCAN processing the Personal Information. These are as follows:
4.2.1. Clients consent to the processing of their information and the information of their clients;
4.2.2. Processing is necessary – the Personal Information that is required will be reasonably necessary to facilitate the provision of professional services to clients, their client’s and to market CARSCAN services to them via emails and brochures;
4.2.3. Processing complies with an obligation imposed by law on CARSCAN or to discharge its mandate to its clients and their client’s;
4.2.4. Processing protects a legitimate interest of the client and their client’s
4.2.5. Processing is necessary for the purposes of providing quality and appropriate professional services to clients of CARSCAN and their client’s
4.3. CARSCAN will not process personal information for purposes other than those which are identified above without obtaining prior consent from the client concerned.
4.4. In the event that Carscan is an operator as defined in the Act, it will
4.4.1. Process information only with the knowledge and authorization of its client (being the responsible party); and
4.4.2. Treat all personal information which it receives from its clients as strictly confidential and will not disclose it unless required by law or in the course of the proper performance of its duties.
5. What does the term ‘processing’ mean?
5.1. POPIA provides that the term “processing’’ covers any operation or activity, whether or not by automatic means, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; or merging, linking, as well as restriction, erasure or destruction of information.
6. How will CARSCAN collect and process personal information?
6.1. POPIA requires that personal information “is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.”
6.2. Further, POPIA provides that personal information may only be processed if:
6.2.1. the data subject or a competent person where the data subject is a child consents to the processing;
6.2.2. processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
6.2.3. processing complies with an obligation imposed by law on the responsible party;
6.2.4. processing protects a legitimate interest of the data subject;
6.2.5. processing is necessary for the proper performance of a public law duty by a public body; or
6.2.6. processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
6.3. CARSCAN may collect other personal information from time to time where the client provides it to us, as necessary for our business requirements, or in order to comply with applicable laws.
6.4. Where it is lawful and practicable for us to allow it, the individual has the right not to identify itself when dealing with us. However, if the individual does not provide us with the required personal information, it may impact our ability to engage with the individual and/or provide the required.
6.5. CARSCAN will only collect personal information for the purpose as stated above and shall ensure that client’s rights to privacy are not infringed.
7. To whom will personal information be disclosed?
7.1. CARSCAN may disclose clients’ information where it has a duty or a right to disclose in terms of applicable legislation, the law or where it may be necessary to protect its rights and carry out its obligations and where it is reasonably necessary to enable it to discharge its mandate to its clients.
7.2. CARSCAN may also share clients’ Personal Information with and obtain information about clients from third parties for the reasons mentioned in 4.1 and 4.2 above.
7.3. CARSCAN will take reasonable steps to protect the confidentiality and security of all personal information when it is disclosed to a third party and seek to ensure the third-party deals with such personal information in accordance with POPIA.
8. Storage and Retention of Information
8.1. All Personal Information which the client provides to CARSCAN will be held and/ or stored securely for the purpose required in providing professional services to its client’s.
8.2. The Personal Information will be stored electronically and non-electronically in the form of hard copy paper documentation and any subsequent correspondence received by CARSCAN
8.3. Where data is stored electronically outside the borders of South Africa, such is done only in countries that have similar privacy laws to our own or where such facilities are bound contractually to no lesser regulations than those imposed by POPIA.
8.4. CARSCAN is legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. CARSCAN will, on an on-going basis, continue to review our security controls and related processes to ensure that personal information remains secure.
8.5. Our security policies and procedures cover:
8.5.1. Physical security;
8.5.2. Computer and network security;
8.5.3. Access to personal information;
8.5.4. Secure communications;
8.5.5. Security in contracting out activities or functions;
8.5.6. Retention and disposal of information;
8.5.7. Acceptable usage of personal information;
8.5.8. Governance and regulatory issues;
8.5.9. Monitoring access and usage of private information;
8.5.10. Investigating and reacting to security incidents.
8.6. When we contract with third parties, we will impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
8.7. When we disclose personal information to anyone, we will take appropriate safeguards to protect personal information to ensure that the recipient will handle the information in a manner consistent with this policy and the level of protection provided for in POPIA.
9. How long will your personal information be kept
9.1. CARSCAN will retain personal information we collect from where we have an ongoing legitimate business need to do so (for example, to provide the individual with professional service) or to comply with applicable legal, tax or accounting requirements
9.2. We shall only retain and store personal information for the period for which the information is required to serve the purpose for its collection, or a legitimate interest or the period required to comply with applicable legal requirements, whichever is longer. Thereafter, all the individuals Personal Information will be permanently destroyed and or deleted.
10. Rights regarding the processing of personal information:
10.1. The client may withdraw consent to the processing of personal information at any time, and should they wish to do so, must provide CARSCAN with reasonable written notice to that effect.
10.2. The withdrawal of consent is still subject to the terms and conditions of any contract that is in place. Should the withdrawal of consent result in the interference of legal obligations, then such withdrawal will only be effective if CARSCAN agrees to such withdrawal in writing.
10.3. Further, please note that the revocation of consent is not retroactive and such revocation will not affect disclosures of personal information that have already been made prior to such revocation.
10.4. In order to withdraw consent, please contact and furnish the written revocation to the Information Officer of CARSCAN, Chander Prakash at chander@carscan.co.za.
11. Right to Access
11.1. The client has the right to access their personal information that CARSCAN may have in its possession and is entitled to request the identity of which third parties have received and/or processed personal information for the purpose.
11.2. Any request in this regard may be declined if:
11.2.1. the information comes under legal privilege in the course of litigation;
11.2.2. the disclosure of personal information in the form that it is processed may result in the disclosure of confidential or proprietary information;
11.2.3. the information was collected in furtherance of an investigation or legal dispute, instituted or being contemplated;
11.2.4. the information as it is disclosed may result in the disclosure of another person’s information;
11.2.5. the information contains an opinion about another person and that person has not consented, and/or
11.2.6. the disclosure is prohibited by law.
12. Right to Object
12.1. In terms of S11 (3) of the POPIA, the client has the right to object in the prescribed manner to CARSCAN processing the Personal Information. On receipt of an objection CARSCAN will place a hold on any further processing until the cause of the objection has been resolved.
13. Accuracy of Information and Onus
13.1. POPIA requires that all Personal Information and related details supplied, are complete, accurate and up to date.
13.2. Whilst CARSCAN will always use its best endeavours to ensure that Personal Information is reliable, it will be the clients responsibility to advise CARSCAN of any changes to their Personal Information, as and when these may occur.
13.3. CARSCAN will largely rely on the client to ensure that personal information is correct and accurate.
13.4. The client has the right to ask us to update, correct or delete their personal information.
14. Requesting access and lodging of complaints:
14.1. Any requests for access to personal information must be submitted in writing to the CARSCAN Information Officer Chander Prakash at chander@carscan.co.za.
14.2. With any request for access to personal information, CARSCAN will require the client to provide personal information in order to verify the identity of the client and therefore it will need to exercise the right to access the information
14.3. There may be a reasonable monetary charge payable by the client requesting access and such client will be required to pay such charge in order for CARSCAN to provide copies of the information requested.
14.4. If any request has not been addressed to the client’s satisfaction a complaint, in writing, may be lodged at the office of the Information Regulator.
15. Right to amend this Policy
15.1. CARSCAN reserves the right to amend this Policy document at any time. All amendments to this Policy document will be posted on the website or communicated to all individuals concerned.
15.2. Unless otherwise stated, the current version shall supersede and replace all previous versions of this privacy and security statement.
VERSION 1 -2021