- List of acronyms, abbreviations, and definitions
1.1. “Data Subject” The person to whom personal information relates;
1.2. “DIO” Deputy Information Officer;
1.3. “DS” Data Subject;
1.4. “ULM” Umzimvubu Local Municipality;
1.5. “IO” Means the Information Officer who is the head of a private body as contemplated in section 1 of PAIA;
1.6. “personal information” Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person including:
- a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
- b) information relating to the education or the medical, financial, criminal or employment history of the person;
- c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
- d) biometric information of the person;
- e) the personal opinions, views or preferences of the person;
- f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- g) the views or opinions of another individual about the person; and
- h) the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person
- i) But excludes information of about an individual who has been dead for more than 20 years;
1.7. “POPIA” Protection of Personal Information Act No. 4 of 2013;
1.8. “private body” a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
- b) a partnership which carries or has carried on any trade, business or profession; or
- c) any former or existing juristic person, but excludes a public body;
1.9. “processing” Any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
- a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- b) dissemination by means of transmission, distribution or making available in any
other form; or
- c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
1.10. “public body” a) any department or state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or
- b) Any other functionary or institution when exercising a power of performing a duty in terms of the Constitution or a provincial constitution; or
- exercising a public power or performing a public function on terms of any legislation;
1.11. “record” In relation to a private body means any recorded information:
- a) regardless of form or medium
- b) in the possession or under the control of that public or private body, respectively and
- c) whether or not it was created by the public or private body respectively;
1.12. “Republic” Republic of South Africa;
1.13. “requester” A person or legal persons seeking access to information;
1.14. “responsible party” A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
1.15. “RP” Responsible Party;
1.16. “the Act” Promotion of Access to Information Act No. 2 of 2000 (as amended);
1.17. “the body” ULM;
1.18. “the Regulations” Government Gazette Notice Number 757 of 27 August 2021: Regulations relating to the Promotion of Access to Information, 2021(Government Gazette No. 45057);
1.19. “third parties” Any natural or juristic person other than the Requester or, such party acting on behalf of the Requester or, ULM itself.
- Introduction
The Protection of Personal Information Act (POPIA) was signed into law in November 2013 and the remaining provisions of the Act were due to come into effect on 1 April 2020, however given the current Covid-19 pandemic and emergency need to redeploy efforts, these were delayed. The President issued a Proclamation on 22 June 2020, commencing some sections of the POPI Act which came into effect on 1 July 2020.
The POPI Act sets out the minimum standards regarding accessing and ‘processing’ of any personal information belonging to another. The Act defines ‘processing’ as collecting, receiving, recording, organizing, retrieving, or the use, distribution or sharing of any such information.
- Purpose of POPIA Procedure Manual
Access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access. Provide a list of information, records and other details held by ULM.
Know the description of the Guide on how to exercise any right contemplated in POPIA. Know if ULM will process personal information, the purpose of processing of personal information, the limitations and rights of data subjects. Know if ULM has planned to transfer or process personal information outside the Republic of South Africa. Know whether ULM has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.
- Key Contact Details for Access for Information
Information Officer
Name: Mr GPT Nota
Tel: 039 255 8500
Email: Nota.Tobela@umzimvubu.gov.za
Fax number: 039 255 0167
Deputy Information Officer
Name: Mrs TT Madotyeni-Ngcongca
Tel: 039 255 8500
Email: Ngcongca.Thozama@umzimvubu.gov.za
Deputy Information Officer
Name: Mrs Celiwe Nenemba
Tel: 039 255 8500
Email: Nenemba.Celiwe@umzimvubu.gov.za
- Description of the subjects on which ULM holds records and categories of records held on each subject by ULM
Categories of Data Subjects
- a) ULM generally process personal information relating to, but not limited to:
Personal Information Processed by ULM | |
Natural persons | Names, physical and postal addresses, date of birth, tax related
|
information, ID numbers, confidential correspondence, identifying numbers, email addresses, telephone numbers, medical information, criminal or employment history, biometric information, personal opinions, information relating to race, gender, sex, marital status, nationality of person, language, ethic, colour, disability of person, biometric information, information relating to education, Pension Fund records, Performance appraisals, disciplinary records, leave records, training records, remuneration and salary records, medical aid records, deductions from salaries, banking and financial records
|
|
Juristic persons | Names, contact details, physical and postal address, tax related information, identifying numbers, symbols, email addresses, telephone numbers, location information, unique identifiers, confidential correspondence, financial information, directors and shareholders details, legal opinions; information relating to education of service providers and/or taxpayers and Committee Reports. |
- b) ULM may process the Personal Information of the following categories of Data Subjects, which includes current, past and prospective Data Subjects:
(i) Employees
(ii) Job applicants
(iii) ULM subsidiary company details, its directors and employees
(iv) Suppliers and service providers
(v) Taxpayers
(vi) Individuals captured by CCTV
(vii) Access control registers
(viii) Visitors to any premises of ULM.
- c) Recipients of Personal Information
- a) Regulatory bodies, statutory bodies and other organs of state
- b) Law enforcement agencies
- c) Tax authorities
- d) Auditor General
- e) Employees of ULM
- f) Family and representatives of the person whose personal information ULM is processing
- g) Suppliers and service providers to whom ULM has a written contractual relationship with requiring them to have access to Personal Information
- h) Third party verification agencies and credit bureaus
- i) Collections agencies in the case of garnishees
- j) Banks and other financial institutions
- k) Anyone making a successful application for access in terms of the Promotion of Access to Information Act, 2000 after consent has been obtained
- l) Employment and recruitment agencies
- m) Medical aid schemes
- n) Pension fund administrators
- o) Trade unions
- p) Psychometric assessment reports.
- d) Planned or prospective trans-border flow of Personal Information processed by ULM in respect of the above categories of Data Subjects:
ULM may transmit Personal Information across the borders of the Republic of South Africa to:
(a) Suppliers and service providers in accordance with written agreement concluded between ULM and relevant suppliers and service providers
(b) Personal Information may be stored in data servers (cloud) hosted outside the Republic of South Africa which may not necessarily have adequate data protection laws
(c) ULM may share Personal Information with foreign jurisdictions in terms of agreements concluded with such jurisdictions and/or in accordance with international obligations binding on ULM and/or Republic of South Africa.
- e) General description of information security measures
ULM deploys up to date technology to safeguard confidentiality and ensure integrity of Personal Information under its control. ULM information security measures include:
(a) Firewalls
(b) Encryptions
(c) Logical access control
(d) Oath of secrecy for employees, services providers and third parties ULM may share information with
(e) Physical access control
(f) Secure hardware and software
(g) Confidentiality and data privacy clauses in agreements concluded with employees, suppliers, service providers and contractors.
- POPIA Lawful Conditions of Processing Data
6.1. Accountability
- The responsible party must ensure that the conditions and all the measures set out in the Act that give effect to such conditions, are complied with at the time of the determining the purpose and means of the processing.
- Questions to ask:
- Who will be tasked with the responsibility of compliance in your organisation? This individual will be held liable for non-compliance in certain situations.
- How will this individual ensure the organisation is POPIA compliant?
6.2. Processing Limitation
- Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.
- Questions to ask:
- Was the personal information obtained directly from the Data Subject? One of the requirements of the Act is that any personal information must be obtained directly from the Data Subject.
- Is the Data Subject aware that you have gathered his/her information and consented to the information being used?Consent from the Data Subject is essential before gathering or processing any personal information.
- If the personal information has been gathered from a third party, has the Data Subject consented to this information being shared and used by you?
6.3. Purpose Specific
- Personal information may only be processed for specific, explicitly defined and legitimate reasons.
- Questions to ask:
- For what specific, explicit and lawful purpose is the personal information being collected?This purpose must be documented and adhered to.
- Is the Data Subject aware of the purpose for which the data has been collected?Data Subject has the right to know what information you have and for what purpose it was gathered.
- 4. Further Processing Limitation
- Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.
- Questions to ask:
- If you intend to reuse personal information is it in accordance and compatible with the purpose for which it was collected?Should you want to use existing personal information for any other purpose other than what the information was gathered for, consent will be required from the Data Subject again.
- Is the Data Subject aware of the continued use of their personal information?When gathering information, you have to advise the Data Subject what the information will be used for and for what period you will hold that information.
- 5. Information Quality
- The responsible party must take reasonably steps to ensure that the personal information collected is complete, accurate, not misleading and updated where necessary.
- Questions to ask:
- How do you ensure that personal information is reliable and accurate at all times?By obtaining information directly from the data source, accuracy is more probable. It is always advisable to validate the personal information as it is being captured. If it is not possible for the data subject to input their own information, or if the information is captured from one format to another (i.e. from a paper form to an IT system, then the information should be sent to the data subject for validation.
- What process do you have in place to allow Data Subjects to update their information or withdraw consent?When advising Data Subjects of the information you hold and for what purpose you hold it, they must be given details of how to update their information or withdraw consent. This procedure should be covered in the POPIA policy.
- 6. Openness
- The data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used.
- Questions to ask:
- How do you gather personal information from Data Subjects and what process do you have in place to get consent for collecting and using personal information?This is an important step and proof of consent is essential.
- How do you inform the Data Subject of the purpose for which the information is being gathered?The Data Subject must be informed of how the data will be used at the time of gathering the information.
- What evidence do you have that Data Subjects have consented to the collection of their personal information?Proof of consent must be retained to safeguard you against claims of misuse made by the Data Subject.
- 7. Security Safeguards
- Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorized destruction and disclosure.
- Questions to ask:
- What procedure do you have in place to identify any foreseeable internal and external risks to personal information?A safety and security risk assessment is required.
- What processes do you have in place to prevent personal information from falling into unauthorized hands?Strict adherence to safety and security policies must be enforced. This procedure should be covered in the POPIA policy.
- What procedure do you have in place to establish and maintain appropriate safeguards against the identified risks?The responsible person must enforce strict policies and procedures to safeguard personal information in your possession. This procedure should be covered in the POPIA policies and procedures manual.
- How do you determine which employees are permitted access personal information and what information they are permitted to access?Strict policies and procedures are required regarding who has access, and how they gain access, to the personal information in your possession. This procedure should be covered in the POPIA policy.
6.8. Data Subject Participation
- Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.
- Questions to ask:
- What are the Data Subject’s rights regarding access to information being held by you?Data Subjects may request information from you on whether you are holding their personal information.
- What processes do you have in place to ensure such a request from a Data Subject is adhered to?This procedure should be covered in the POPIA policy.
- What processes do you have in place to allow Data Subjects to correct personal information that you hold or withdraw consent to use such information?The Data Subject has the right to correct the personal information that you hold. They also have the right to withdraw consent at any time.
- How to object to the processing of your Personal Information (section 11(3) POPIA)
The Data Subject has the right to object to ULM processing your Personal Information. The right to object is subject to exceptions contained in POPIA. The objection must be submitted on prescribed form.
(a) The objection can be raised against the processing of personal information in the following circumstances:
(i) The processing of personal information for direct marketing purposes other than direct marketing by means of unsolicited electronic communications as contained in section 69 of POPIA.
(ii) The processing of personal information based on legitimate interest of the data subject.
(iii) The processing of personal information to pursue ULM legitimate interest or interest of a third party to whom the information is supplied.
(iv) Reasons, in sufficient detail, for the objection based on the data subject’s particular circumstances must be provided to allow ULM to assess the validity of such objection.
ULM may, depending on applicable provisions of POPIA refuse the objection to it processing your Personal Information.
Upon receipt of the objection, ULM will assess the validity of the Data Subject’s objection and, if satisfied, will within a reasonable time cease processing the Data Subject’s Personal Information and will render proof to the Data Subject to this effect.
Where an objection does not accord with the dictates of POPIA, ULM may refuse the objection.
If you are disgruntled with the way ULM handled your objection to the processing of Personal Information or if you believe that ULM is unlawfully processing your Personal Information, you may lodge a complaint with the Information Regulator by completing Part 1 of Form 5. Complaints to the Information Regulator may be sent to complaints.IR@justice.gov.za
- How to make a request for correction or deletion or destruction of Personal Information (section 24 POPIA)
(a) Data Subjects have the right to make a request to ULM to:
(i) Correct or delete Personal Information in its possession that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully; or
(ii) Destroy or delete a record of Personal Information about self which ULM is no longer authorized to retain.
You may submit your request for correction or deletion or destruction to nenemba.celiwe@umzimvubu.gov.za and/or at ULM Offices.
(b) The request must be submitted on prescribed form.
This form must be completed in sufficient detail and must, inter alia, address the following:
(i) identification of the specific information which the Data Subject wishes to be corrected, deleted, destructed or destroyed; and
(ii) reasons, in sufficient detail, for the request for:
- the correction or deletion of the personal information of the Data Subject in terms of section 24(1)(a) of POPIA; and/or
- the destruction or deletion of a record of personal information about the Data Subject in terms of section 24(1)(b) of POPIA.
(c) Upon receipt of a request for correction, deletion or destruction, ULM will assess the validity of the Data Subject’s request and as soon as reasonably practicable notify the Data Subject of its decision, which may include a decision to:
(i) Correct the Personal Information
(ii) Destroy or delete the Personal Information
(d) Where the request does not accord with the dictates of POPIA, ULM may refuse the request.
If you are disgruntled with the way ULM handled your request for correction or deletion or destruction of Personal Information or if you believe that ULM is unlawfully processing your Personal Information, you may lodge a complaint with the Information Regulator by completing Part 1 of Form 5. Complaints to the Information Regulator may be sent to complaints.IR@justice.gov.za
- Processing of Special Personal Information
ULM has a duty of adhering POPIA to the process of Special Personal Information which relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject.
Special personal information includes criminal behavior relating to alleged offences or proceedings dealing with alleged offences.
Unless a general authorization, alternatively a specific authorization relating to the different types of special personal information applies, a responsible party is prohibited from processing special personal information.
- Processing of Personal Information of Children
ULM has the policy of adhering to the process of Special Personal Information of children. This applies to under-18 individuals, so an age check is required for all personal information records. General authorization concerning personal information of children only applies where under-18’s are involved.
ULM has engaged in an extensive internal due diligence process to identify all instances of personal.
information held by it and the safeguards in place to protect such data and to identify any records held which contain Personal Information of children.
- The Collection of Personal Information
11.1. Employee and Contractor/Supplier Information
- To Remunerate the person and the contractor/supplier for services rendered;
• To comply with laws authorising or requiring such processing, including (but not limited to) the Basic Conditions of Employment Act 75 of 1997; the Labour Relations Act 66 of 1995 as amended; the Employment Equity Act 55 of 1998; the Occupational Health and Safety Act 85 of 1993, the Income Tax Act 58 of 1962 and the VAT Act 89 of 1991;
• To Admit the person to the Pension Fund and/or Medical Aid providers, if applicable;
• To conduct criminal, credit, employment reference, and other related reference checks;
• To provide value-added services such as human resource administration, training, performance reviews, talent management and other reasons related to the management of employees and/ or contractors.
11.2. Customer Information
- To render customer-related services and administration of customer accounts;
• To conduct criminal, credit, reference, and other related reference checks.
• To authenticate the customer;
• To provide the customer with information which (ULM) believes may be of interest to the customer, such as information relating to public awareness campaigns and matters of general public interest in which (ULM) is involved or has decided to lend its support to.
11.3. Supplier and Third-Party Contractor/Service Provider Information
- To secure the products and services of the supplier/service provider or contractor as part of (ULM)’s product and service offering;
• To manage the (ULM) supply chain and relationship with the supplier and/or contractor for any purposes required by law by virtue of the relationship between the supplier and (ULM);
• To render services relating to the administration of supplier/service provider or contractor accounts;
• To provide the supplier/service provider or contractor with information which (ULM) believes may be of interest, such as information relating to public awareness campaigns and matters of general public interest in which (ULM) is involved or has decided to lend its support to.
11.4. Sources of Personal Information
Personal information may be collected from the following sources:
• Directly from the person when he/she applies for any (ULM)’s related employment, provide services to (ULM), submit forms requests or transactions, use our websites or make use of any of the (ULM) services;
• From public registers, credit bureaus and law enforcement agencies and any other organisation from which (ULM) may acquire your information;
• From people and entities employed by (ULM) to provide services to (ULM) which may be legally entitled to provide (ULM) with personal information.
11.5. The Storage of Personal Information
All personal information collected by (ULM) will be stored as follows:
• In a secure and safe manner according to strict information security principles with safeguards to ensure its privacy and confidentiality;
• For no longer than is necessary to achieve the purpose for which it was collected unless further retention is:
Required by law or contractual obligation;
Otherwise reasonably required by (ULM) for lawful purposes related to its functions and activities;
Retained further with the person’s consent:
After which the information will be de-identified and disposed of as per the (ULM) of Records policy.
11.6. Sharing of Personal Information
Any information supplied to (ULM) will be treated as confidential and (ULM) will not disclose information unless legally permitted thereto. No information will be transferred to a Third Party without the explicit consent of the data subject unless legally obliged thereto. By providing the personal information, the data subject agrees that (ULM) may transfer the information to the following people and organisations in pursuit of the data processing purposes set out in our POPI Policy:
- To the divisions and entities in the (ULM), including directors, employees, contractors, agents, auditors, legal and other professional advisors who are authorised to process this information;
• To financial and government organisations who may request information from (ULM), in which case the data subject will be notified in advance; the provision of such information, including banks, governmental, judicial, regulatory and law enforcement bodies including the South African Revenue services and the National Credit Regulator;
• To persons employed by (ULM) to provide services on our behalf and that adhere to principles similar to (ULM) regarding the treatment of personal information;
• To any person to whom (ULM) cede, delegate, transfer or assign any of our rights or obligations pertaining to products and/or services provided to the person or contracts concluded with the person;
• To any person who acts as legal guardian, executor of an estate, curator or in a similar capacity;
• To any person or persons who may be permitted by applicable law or that you may consent to, including persons or entities who may request such information to evaluate the credit worthiness of the person.
- How to lodge a complaint with the Information Regulator
There is no internal appeal procedure within ULM against a decision of the Information Officer/ Deputy Information Officer.
If you are disgruntled with the way ULM handled your request for access Personal Information or believe that ULM is unlawfully processing your Personal Information, you may lodge a complaint with the Information Regulator by completing Part 1 of
Form 5. Complaints to the Information Regulator may be sent to complaints.IR@justice.gov.za
- CONSENT FORM: CONSENT TO PROCESS PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PETRSONAL INFORMATION ACT, NO. 4 OF 2013 (POPIA)
By signing this form, you consent to your personal information to be processed by the Umzimvubu Local Municipality (ULM) and consent is effective immediately and will remain effective until such consent is withdrawn.
- I ………………………………………………. a natural person “herein referred to as the Data Subject” with ID No…………………………………… hereby give my consent to the ULM to collect, process and distribute my personal information where the ULM is legally required to do so.
- I understand my right to privacy and the right to have my personal information processed in accordance with the conditions for the lawful processing of personal information.
- I understand the purposes for which my personal information is required and for which it will be used and consent to accessing my personal information.
- I declare that all my personal information supplied to the ULM is accurate, up to date, not misleading and will be held and/ or stored securely for the purpose for which it was collected and that I will immediately advise the ULM of any changes to my Personal Information should any of these details
- I also understand that I have the right to request that my personal information be corrected or deleted, if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully or that the personal information or record be destroyed or deleted if the ULM is no longer authorized to retain it.
Signed at …………………………………… this …………………. day of ………………………20…………
……………………………………………………………………
Signature of data subject/ designated person
……………………………………………………………………… ………………………………… …………………..
Name/Surname/Dept of ULM Signature Date
- POPI COMPLAINT FORM
We are committed to safeguarding your privacy and the confidentiality of your personal information and are bound by the Protection of Personal Information Act.
Please submit your complaint to the Information Officer: Mr GPT Nota
|
|
Address to: Dabula Street
Sophia KwaBhaca P/Bag X9020 KwaBhaca 5090
|
The Information Officer |
Email Address: | Nota.Tobela@umzimvubu.gov.za |
Where we are unable to resolve your complaint, to your satisfaction you have the right to complain to the Information Regulator.
The Information Regulator Address: 33 Hoof Street Forum III, 3rdFloor, Braampark, Johannesburg Email: inforreg@justice.gov.za |
|
A. Particulars of Complainant
|
|
Name & Surname | |
Identity Number: | |
Postal Address: | |
Contact Number: | |
Email Address:
|
|
B. Details of Complaint (Attach a detailed annexure where necessary): | |
C. Desired Outcome (Attach a detailed annexure where necessary): | |
D. Signature of the Complainant:
Date: |
|
- THIRD-PARTY AGREEMENT AND CONSENT DECLARATION
PARTIES
The parties to this Agreement are:
____________________________________
(“THE MUNICIPALITY”)
AND
_________________________________________,
(“THIRD PARTY”)
- INTERPRETATION
1.1 In this Agreement, unless inconsistent with or otherwise indicated by the
context –
1.1.1 “This Agreement” means the Agreement contained in this document;
1.1.2 “Confidential information” includes, but is not limited to:
1.1.3.1 any information in respect of know-how, formulae, processes, systems, business methods, marketing methods, promotional plans, financial models, inventions, long-term plans and any other information of the client and the company in whatever form it may be;
1.1.3.2 all internal control systems of the municipality and the third party;
1.1.3.3 details of the financial structure and any other financial, operational information of the client and the company; and
1.1.3.4 any arrangements between the municipality and the third party and others with whom they have business arrangements of whatsoever nature, all of which the client and the company regards as secret and confidential.
1.1.4 “personal information” means personal information as defined in the Protection of Personal Information Act adopted by the Republic of South Africa on 26 November 2013 and includes but is not limited to:
1.1.4.1 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
1.1.4.2 information relating to the education or the medical, financial, criminal or employment history of the person;
1.1.4.3 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
1.1.4.4 the biometric information of the person;
1.1.4.5 the personal opinions, views or preferences of the person;
1.1.4.6 correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
1.1.4.7 the views or opinions of another individual about the person;
and
1.1.4.8 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
1.1.5 “the effective date” means the date of signature of this Agreement’;
1.1.6 “the parties” means the parties as described hereinabove;
1.1.7 “divulge” or “make use of” means to reveal, make known, disclose, divulge, make public, release, publicise, broadcast, communicate or correspond or any such other manners of divulging of any information.
1.1.8 ‘‘processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal or any information, including but not limited to :
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making
available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or
destruction of information.
1.1.9 POPIA” means the Protection of Personal Information Act adopted by the Republic of South Africa on 26 November 2013 and as amended from time to time.
WHEREAS IT IS AGREED THAT
All parties agree that they will comply with POPIA regulations and process all the information and/or personal data in respect of the services being rendered in accordance with the said regulation and only for the purpose of providing the Services set out in the agreement to provide services.
The third party (also called the service provider), all the parties to this agreement, the service provider’s employees and the client’s employees and any subsequent party/parties to this agreement acknowledge and confirm that:
One or more of the parties to this agreement, will possess and will continue to possess information that may be classified or maybe deemed as private, confidential or as personal information.
Such information may be deemed as the private, confidential or as personal information in so far as it relates to any party to this agreement. Such information may also be deemed as or considered as private, confidential or as personal information of any third person who may be directly or indirectly associated with this agreement. Further it is acknowledged and agreed by all parties to this agreement, that such private, confidential or as personal information may have value and such information may or
may not be in the public domain. For purposes of rendering services on behalf of the client, the service provider and any party associated with this agreement and/or any subsequent or prior agreement that may have been/will be entered into, irrevocably agree that “confidential information” shall also include inter alia and shall mean inter alia:
(a) all information of any party which may or may not be marked “confidential,” “restricted,” “proprietary” or with a similar designation;
(b) where applicable, any and all data and business information;
(c) where applicable the parties may have access to data and personal and business information regarding clients, employees, third parties and the like including personal information as defined in POPIA regulation; and
(d) trade secrets, confidential knowledge, know-how, technical information, data or other proprietary information relating to the client/service provider or any third party associated with this agreement and (including, without limitation, all products information, technical knowhow, software programs, computer processing systems and employed or used by either party to this agreement and/or their affiliates.
By signature hereunder, all parties irrevocably agree to abide by the terms and conditions as set out in this agreement as well as you irrevocably agree and acknowledge that all information provided, whether personal or otherwise, may be used and processed by the service provider and such use may include placing such information in the public domain. Further it is specifically agreed that the service provider will use its best endeavours and take all reasonable precautions to ensure that any information provided, is only used for the purposes it has been provided and obtain consent from data subjects where necessary. It is agreed that such information may be placed in the public domain and by signature
hereunder, all parties acknowledge that they have read all of the terms in this policy and that they understand and agree to be bound by the terms and conditions as set out in this agreement. It is confirmed that by submitting information to the service provider, irrespective as to how such information is submitted, you consent to the collection, collation, processing, and storing of such information and the use and disclosure of such information in accordance with this policy.
By signature hereunder you agree to be bound, should you not agree to be bound by these
terms, please do not sign this document.
SIGNED AND AGREED AT ________________ ON THIS_______DAY OF _______________ 20…
__________________________ ________________________
SIGNATURE FULL NAMES
(Who is duly authorised to sign on behalf of the Municipality)
__________________________ ________________________
SIGNATURE FULL NAMES
(Who is duly authorised to sign on behalf of the Third-party)
WITNESSES TO THE ABOVE AGREEMENT:
________________________ ________________________
SIGNATURE FULL NAMES