POLICY APPLICATIONThis policy applies to:
The following definitions are used in this policy as set out in the POPI Act, 4 of 2013, and PAI Act, 2 of 2000. Both the POPI Act and the PAI Act are available online at https://www.gov.za/documents/acts
Personal information – information relating to an identifiable, living, natural person and where it is an identifiable, applicable, existing juristic person.
Data subject – the person to whom your personal information relates, also referred to as “you” and “your” in the context of this policy.
Consent – any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
Competent person – any person who is legally competent to consent to any action or decision being taken in respect of any matters concerning a child.
Child – a person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter relating to himself or herself.
Processing – any operation/set of operations or activity concerning personal information whether by automatic means including:
1. Collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation of use,
2. Dissemination by means of transmission, distribution, or making available in any other form or
3. Merging, linking, as well as restriction, degradation, erasure, or destruction of information.
By viewing and using this website, you hereby acknowledge that you have read and understood our Protection of Personal Information Act (POPI Act) and Promotion to Access of Information Act (PAI Act) policy below.
This policy also references other procedures and agreements such as the Personal Information Request Form, Complaint Form, Consent Form, and Complaint Procedure which can be downloaded on this website.
As part of our business functions, Lasec® is responsible to collect, store, use, handle, transfer, process, retain, archive, destroy and manage data subjects’ personal information in a lawful, legitimate, and responsible manner and in accordance with the provision set out in the POPI Act.
Lasec® has identified the type of information and personal information that will be collected from data subjects and processed specifically for Lasec® business functions.
A. HOW INFORMATION WILL BE COLLECTED
Information will be collected in the following manner:
1. Directly from you when you use Lasec’s website or other services including surveys, enquiries, and other support systems.
2. Information, especially special information may also be requested from you in which case, a consent form detailing the reason for the request of such information will be sent to you before the information can be obtained from you.
3. In limited instances, information can also be obtained from third parties particularly when it comes to recruitment. In this case, the only information made publicly available by the data subject will be collected or processed.
4. Through Cookies.
No consent will be required to access information in the following cases:
1. The information is contained or derived from a public record or has been deliberately made public by the data subject.
2. Data subject is a child, in which case, a competent person will give consent.
3. Data collection from another source is necessary.
4. Compliance to the Act would prejudice a lawful purpose or not practicable in the circumstances of a particular case.
B. INFORMATION TO BE COLLECTED
The following information may be collected for business purposes
1. PERSONAL AND SPECIAL PERSONAL INFORMATION
1.1. Biographic information including race, sex, gender, marital status, age, physical address, etc.
1.2. Information relating to education or the medical, financial, criminal, or employment history.
1.3. The biometric information.
1.4. Personal opinions, views, or preferences.
1.5. Correspondence that is implicitly or explicitly of a private or confidential nature including correspondence that will reveal contents or personal information of other persons.
2. BUSINESS INFORMATION
2.1. Company profile information including telephone number, physical address, email address, etc.
2.2. Financial information including tax certificates, B-BBEE certificates, banking details, credit notes, purchase orders, invoices, quotations, etc.
2.3. Financial information relating to your credit card.
2.4. Calling Line Identification (CLI) information collected through Lasec’s Help Line.
3. WEBSITE USAGE INFORMATION
3.1. The pages you visit on the website.
3.2. How you have reached those pages.
3.3. The task you performed on the pages you visited.
3.4. The time you spend on each page.
3.5. Information is sent through a forum or a blog or in your advertisement on the website.
3.6. The effectiveness of services provided to you via our website.
4. THIRD-PARTY CONTENT AND ADVERTISING
Any other data received from software services such as Google Analytics and others are not identifiable to a data subject and will not be used for any identification purposes.Lasec® does not have control of these technologies or data obtained by third parties. However, any misuse of information will be handled as per our complaint process.
With your permission, Lasec® may also use your information for marketing and re-marketing purposes. This involves your email address and name being passed to selected associates who may provide products or services you would find useful. You may opt-out of this service at any time by instructing us at email@example.com
5. TRACKING INFORMATION
5.1. AFFILIATE INFORMATION
This is information given to us by you in your capacity as an affiliate of us or a customer or client of ours. Such information is retained for business use only. We undertake to preserve the confidentiality of the information and the terms of our relationship. It is not used for any other purpose. We expect any affiliate to agree to reciprocate this policy. As an exception to this, we have the right to disclose your first name and URL of your affiliate connection to other affiliates and any other person or organisation, on and off-site. The reason is solely to enable us to mention winners and others whose performance as an affiliate is in some way outstanding.
Cookies are small text files that are placed on your computer's hard drive through your web browser when you visit any website. Cookies enable our web server to identify you to us and to track your actions and the pages you visit while you use our website.
b. To allow essential parts of our website to operate for you.
c. To operate our content management system.
d. To operate the online notification form - the form that you use to contact us for any reason. This cookie is set on your arrival at our website and deleted when you close your browser.
e. To enhance security on our contact form. It is set for use only through the contact form. This cookie is deleted when you close your browser.
f. To collect information about how visitors use our site. We use the information to improve your experience of our site and enable us to increase sales. This cookie collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited.
g. To record that a user has viewed a webcast. It collects information in an anonymous form. This cookie expires when you close your browser.
h. To record your activity during a webcast. An example is whether you have asked a question or provided an opinion by ticking a box. This information is retained so that we can serve your information to you when you return to the site. This cookie will record an anonymous ID for each user, but it will not use the information for any other purpose. This cookie will last for three months when it will delete automatically.
i. To store your personal information so that you do not have to provide it afresh when you visit the site next time. This cookie will last for 90 days.
j. To enable you to watch videos we have placed them on YouTube. YouTube will not store personally-identifiable cookie information when you use YouTube’s privacy-enhanced mode.
C. INFORMATION QUALITY
Lasec® will take reasonable steps to ensure that all personal information collected is complete, accurate, and not misleading.
Where information is collected or received from a third party, Lasec® will confirm that the information is correct by verifying the accuracy with the data subject.
D. RETENTION OF PERSONAL INFORMATION
Lasec® will not retain records of personal information any longer than the prescribed purpose, unless it is authorised by law or required for lawful purposes, or the record is part of a contract that is still valid, or where the record will be used for historical or statistical purposes where Condition 7 of the POPI Act will be implemented to safeguard the records.
Where no law or code of conduct prescribes the retention period of a personal information record, Lasec® will retain the records for a period that will afford the data subject a reasonable opportunity to request access to the record.
E. THE RIGHTS OF THE DATA SUBJECT
Data subjects have right to the following:
1. Approve consent by remaining subscribed to our website. In cases where a consent letter is used, approve, or decline by communicating valid reasons.
2. Withdraw consent at any time by unsubscribing from our website or communicating valid reasons to Lasec® including those where Lasec® uses or processes information for reasons not communicated with the data subject.
3. Log a complaint with the Information Regulator by requesting a POPI Complaint Form from Lasec® where misuse of information is suspected.
4. Update their information with Lasec®.
5. Request Lasec® to delete or destroy their personal information. Lasec® will retain the record for a prescribed period depending on the purpose of the record.
6. Request Lasec® for verification on whether their personal information is held. Lasec® may not decline or charge data subjects for this request.
7. To be informed or notified by Lasec® in situations where data subject’s personal information has been accessed or acquired by an unauthorized person.
Lasec® will manage the security of its filing system to ensure that personal information is adequately protected, and the risk of loss, unauthorised access, disclosure, interference, modification, or destruction is minimised.
Lasec® will continuously review implemented security control measures to combat any malicious activities that may comprise the IT network, this is to safeguard electronic information.
Lasec® uses Secure Sockets Layer (SSL) certificates to verify its identity to your browser and to encrypt any data you received when a purchase is made, including financial information such as credit or debit card numbers.
Whenever Lasec® asks for financial information, the use of SSL can be verified by looking for a closed padlock symbol or other trust marks in the browser URL bar or toolbar.
All financial information will be encrypted on the Lasec® servers. Should Lasec® be in contact with you requesting financial information, only partial details will be required, e.g., the last four digits of the debit or credit card.
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
Both electronic and physicals records or information will be securely stored and made accessible only to authorised individuals.
Existing Lasec® employees are required to sign an addendum to their employment contract containing relevant consent and confidentiality clauses also to reduce the risk of disclosure of information.
Lasec® third-party service providers are required to enter into service level agreements where both parties pledge their mutual commitment to POPIA and lawful processing of information. Information will not be sent to third-party service providers who are in a foreign country without the consent of its data subjects.
2. SECURITY BREACH
Lasec® has appointed Information and Deputy Information Officers and will report any issues to the Information Regulator and the individuals or companies involved. Lasec® will not disclose any information unless such information is required by law.
If you wish to report any concerns about our privacy practices, please send an email to firstname.lastname@example.org and request the POPI Act Complaint Form which is to be completed and sent back to Lasec®. The appointed Information Officers and Deputy Information Officers will investigate the matter and where necessary direct it to the Information Regulator.
Complaints not related to POPIA can be sent to or by clicking on Compliments & Complaints at the bottom on our website.
G. DESTRUCTION OF INFORMATION
Documents will be destroyed at the end of their prescribed retention period, which will be assessed through audits or checks on a regular basis. Destruction of information will be performed per department with the guidance of a Deputy Information Officer who will authorise the removal or destruction of records/information.
All Lasec® documents and records are stored on the Lasec® premises as either hard or soft copies. Some documents or records may be available in both forms. Lasec® does not rely on third-party service providers for the destruction of information.
All hard copy documents that have been approved for destruction by Deputy information Officers or following a request by a data subject, shredding have been implemented. Shredding is conducted once a week to accommodate for information or documents with a short retention period or hard copied that have been transformed into soft copies with no requirement to keep the hard copy document.
Soft copy documents are retained on a collaborative platform with restricted access per department. Once approved for destruction or deletion, the Deputy Information Officer together with IT will remove the document from the system ensuring that all traces of the document are completely erased and that the information can never be recovered. IT will also assist with the permanent removal of any information that may be stored on employees’ desktops.
Should information be stored on portable storage devices like flash drives or portable hard drives, the same principle for soft copy destruction will be followed. Information stored on CDs or other similar storage devices will be destroyed by physically breaking the device or shedding it.