Protection of Personal Information Policy
Objective:
This policy establishes a general standard on the appropriate protection of personal information. It provides principles regarding the right of individuals to privacy and to reasonable safeguards of their personal information.
The objective of this policy is to protect the individuals’ information.
Scope:
This policy applies to the organiser of the Conference, Jaltech Pty Ltd, including the sponsors and presenters at the Conference (“hereinafter referred to as “the Company”). The Company is ultimately responsible for ensuring that information security is properly managed. The Company is responsible for:
- The development and upkeep of this policy;
- Ensuring this policy is supported by appropriate documentation, such as procedural instructions;
- Ensuring that documentation is relevant and kept up to date; and
- Ensuring this policy and subsequent updates are communicated to relevant managers, representatives, staff and associates, where applicable.
The Company is responsible for adhering to this policy, and for reporting any security breaches or incidents to the Information Officer.
The external individual(s) who is (are) permitted to handle the information technology of the Company must adhere to the same information security as that of the Company and will confirm by a separate agreement that they have such security measures in place in respect of the processing of personal information.
Key Principles:
The Company is committed to taking all reasonable steps to ensure the following principles:
- To be transparent with regards to the standard operating procedures governing the collection and processing of personal information;
- To comply with all applicable regulatory requirements regarding the collection and processing of personal information;
- To collect personal information only by lawful means and to process personal information in a manner compatible with the purpose for which it was collected;
- Where required by regulatory provisions, to inform individuals when personal information is collected about them;
- To treat sensitive personal information that is collected or processed with the highest level of care as prescribed by regulation;
- Where required by regulatory provisions or guidelines, to obtain individuals’ consent to process their personal information;
- To strive to keep personal information accurate, complete and up to date and reliable for their intended use;
- To develop reasonable security safeguards against risks such as loss, unauthorized access, destruction, use, amendment or disclosure of personal information;
- To provide individuals with the opportunity to access the personal information relating to them and, where applicable, to comply with requests to correct, amend or delete personal information;
- To share personal information, such as permitting access, transmission or publication, with third parties only with a reasonable assurance that the recipient has suitable privacy and security protection controls in place regarding personal information; and
- To comply with any restriction and/or requirement that applies to the transfer of personal information internationally.
Monitoring:
The management and Information Officer of the Company are responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes.
The Company and key individuals, and representatives of the Company are to be trained according to their functions in regulatory requirements, policies and guidelines that govern the protection of personal information. the Company will conduct periodic reviews and audits, where appropriate, to demonstrate compliance with privacy regulation, policy and guidelines.
Operating controls:
The Company has establish appropriate privacy standard operating controls that are consistent with this policy and regulatory requirements.
This will include:
- Allocation of information security responsibilities.
- Incident reporting and management.
- User ID addition or removal.
- Information security training and education.
- Data backup.
Implementation:
This policy is implemented by the Company and will be adhered to by the Company. Non-compliance with this policy may result in disciplinary action and possible termination of employment or mandate, where applicable.
Consent form
Good day,
By providing your email address, you, the data subject, permits the organiser of the Conference, Jaltech Pty Ltd, including the sponsors and presenters at the Conference to collect and process your Personal Information (PI) and Special Personal Information (SPI). PI and SPI are defined in the Protection of Personal Information Act (POPI Act) as:
- PI means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person/data subject;
- information relating to the education or the medical, financial, criminal or employment history of the person/data subject;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person/data subject;
- the biometric information of the person/data subject;
- the personal opinions, views or preferences of the person/data subject;
- correspondence sent by the person/data subject that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person/data subject; and
- the name of the person/data subject if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person/data subject.
- SPI means information relating to Religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject. The criminal behaviour of a data subject to the extent that such information relates to:
- The alleged commission by a data subject of any offence or
- Proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
For more details on the POPI Act please follow this link: https://popia.co.za/ or review Jaltech’s POPIA policy for information on how your data will be stored.
Jaltech will use the PI and/SPI for internal procedures such as direct marketing and/or providing additional information on the products/services offered. In addition, if applicable, the person/data subject approves Jaltech to submit information to the regulators, and/or process reports/statements/other information to the person/data subject.
Should you have any questions or queries please contact Jaltech at info@jaltech.co.za or contact Rory Sim on 011 880 0950.