Privacy Policy in terms of the Protection of Personal Information (POPI) Act, No. 4 2013

Adamastor Consulting cc is a firm of Consulting Engineers, established in 1997.  The company offers professional Electrical and Security Consulting services, including full professional design, documentation and construction supervision.  Our Managing Member is Derick Serfontein.

Information Officer  :  Derick Serfontein

Deputy Information Officer  :  Leoni Botha

Introduction

We are committed to compliance with the POPI Act, which requires us to comply with both the law and good practice, respect individuals’ rights, be open and honest with individuals whose data is held and provide training and support for staff who handle personal data, so that they can act confidently and consistently. All employees are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer. 

Accountability

We will take reasonable steps to ensure that personal information obtained from individuals are stored safely and securely.

This includes :

Identifying information, such as name, date of birth or identification number of any kind;

Contact information, such as phone number or email address;

Address information, such as physical or postal address;

Information gathered from resumes, qualifications and any other personal information that may be obtained for business purposes.

Processing Limitations

Should we collect personal information from an individual, we will only release this information with their consent.  Personal information is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.

Limitation on Further Processing

Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially.

An individual is entitled to a right to be forgotten.  We will delete any personal data that an individual does not want us to have.  

Transparency

Where personal information is collected from a source other than directly from an individual (eg. Websites), we are responsible for ensuring that the individual is aware that their information is being collected, who is collecting their information by giving them our details, as well as the specific reason we are collecting their information.

Security Safeguards

We are currently working on the Microsoft Office 365 Business Premium System, which provides the following protection :

  • All our information is stored on OneDrive.
  • We utilize a 2-factor Authentication.
  • Information is encrypted.
  • We get notified immediately of any breach in the system.

All stored information is encrypted in transit and at rest or protected with MFA.

We make use of the Microsoft Compliance Centre which manages data categorized by level of sensitivity.

Archiving

All data stored in the system is backed up and archived at a 3rd party service, hosted on a different platform to the main platform. All mail, including deleted email, is archived.

Accuracy

We will regularly review our procedures to ensure that records remain accurate and consistent.  Data on any individuals will be held in as few places as necessary and effective procedures will be in place so that all relevant systems are updated when information about an individual changes.

Staff Training and Acceptance of Responsibilities

We will provide opportunities for staff to explore POPI Act issues through training, team meetings and supervisions.

We will ensure that all staff sign acceptance of this policy once they have had a chance to understand the policy and their responsibilities in terms of the policy and the POPI Act.

Unauthorised Disclosure

We cannot accept any liability whatsoever for unauthorized or unlawful disclosure of any personal data by third parties who are not subject to our control.