Data subject: The person to whom personal information relates.
Personal information: means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
b) information relating to the education or the medical, financial, criminal or employment history of the person;
c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
d) the biometric information of the person;
e) the personal opinions, views or preferences of the person;
f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
g) the views or opinions of another individual about the person; and
h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
Processing: Any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Special personal information: Personal information including religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information
1.1 Data subjects
Lidwala Consulting Engineers (SA)(Pty)Ltd herein referred to as LCE is company that fully engages in all aspects with the POPIA. LCE main data subjects are:
- Stakeholders, (shareholders, suppliers etc.)
- Governing bodies (e.g. Company directors)
- Statutory bodies (e.g. SARS)
- Public viewers (websites)
- Hostile invaders (hackers)
1.2 Data processers
The human cooperate department will be responsible for processing of employee information (Clients and vendors will be processed by project managers and project teams). The data processors have signed a confidentiality agreement. The type of personal information that will be processed by LCE from data subjects (employees, clients and vendors) are:
- Full name/s and any alias or previous names
- Contact details (including address, telephone and email address/es)
- Date of birth and identification number
- Disability information (to provide appropriate facilities and equal opportunity access to services)
- Emergency contact/s. (Full names and contact details)
- Ethnic identification
- Qualifications/academic records
- All labour related information
- All client information relating to accounting, products, services in common
- All vendor information relating to accounting, products, services in common
- Information stakeholders may be interested in
- Information governing bodies may be interested in
- All statutory information on which the LCE is to report / act upon
- Information destined for marketing and sales in future
- Purpose for holding information and processing information
1.3 Special Personal Information
That may be processed by LCE from employees, clients and vendors
- Recruitment information
- Application form (e.g. Including confirmation of eligibility to work in South Africa)
- Previous experience
- Health issues relevant to the job (medical fitness for site staff)
- Curriculum Vitae
- Evaluative material (references from previous employers)
- Equal opportunity monitoring information (ethnicity, gender, disabilities)
- Criminal record check (relevant to the job)
- Details of job including units, titles, nature of job and employment contract (e.g., fixed term individual), dates of employment, hours worked and leave plans.
- Tax information
- Emergency contact details
- Details of driving license and vehicle relevant to the job
- Photograph/s (for marketing purposes)
- Languages spoken
- Further evaluative and non-evaluative material for promotions/other applications and performance review materials.
- Correspondence between LCE and the staff member.
- Personal information relating to the investigation and resolution of a disciplinary matter. Care is taken to ensure that a prospective staff member is aware that previous employers or other LCE of staff may be contacted to avoid inappropriate disclosure of the job application.
1.4 Special Personal information
That may be collected from the public particularly for public or stakeholder involvement processes.
- Details of current employer
- Education history
- Correspondence between the LCE and a member of the public.
1.5 LCE website privacy
- LCE will not collect any personal information, unless the data subject provides the information which will be accompanied with a consent letter.
- The information received will be kept by the data processors and stored securely and only processed as per the purpose which the data was provided.
- LCE will not send the personal information data to a third party unless the purpose of provision of information requires the data to be sent to a third party.
1.6 LCE Purpose for data processing
- Contractual and Employment Purposes
- Marketing (Company and Individual experiences)
- Rendering service according to instructions given by clients
- Provision of value added services
- Provision of financial services and advice
- Maintain our accounts and records
- Support and manage our employees
- Use of fingerprint scanning systems for monitoring and access
- Assessment and processing of claims
- Fraud detection and prevention
- Market research and statistical analysis
- Compliance with legal and regulatory requirements
- Verifying identity
1.7 Who data might be shared with
LCE can at times need to share the personal information the company has access to with the individuals themselves and/or with other organisations as listed below. Where this is necessary the company is to comply with all aspects of the POPIA.
- Family, associates and representatives of the person whose personal information we are processing
- Employment and recruitment agencies
- Financial organisations
- Central government
- Claimants / beneficiaries
- Suppliers and service providers
- Industry bodies
- Ombudsman and regulatory authorities
- Other companies in the LCE Group of companies
- Pension fund administrators
1.8 International Information Transfer
Trans border information transfers are prohibited unless such transfer falls within the ambit of the following exemptions:
- Where the receiving country has similar laws in place, or is subject to binding corporate rules or a binding agreement concluded between the sending employer and receiving employer that provides for an adequate level of protection substantially similar to that in POPIA
- The employee consents is obtained
- The transfer is necessary for execution of a contract to which the employee is a party
- The transfer is necessary for a contract in the interest of the employee
- The transfer is for the benefit of the employee and obtaining consent is impractical.
LCE undertakes to protect the information as prescribed by the POPIA. As far as LCE understands, all personal information is private and attended to according to the POPIA. All information processing will only be conducted after receiving the proper consent from the data subject and the proof of consent will be stored in secured access controlled server.
LCE will measure the risk of breach of the POPI Act and actively manage same on a daily basis.