On occasion, Alphaplant may also provide limited data to third parties that offer related products and services. These limited data include names, job titles, companies and business addresses, but do not include business phone numbers or business fax. Users may request Alphaplant to refrain from disclosing the data it collects to third parties by contacting Alphaplant at email@example.com to express their preferences if they determine later that they do not wish to have the information shared.
A data subject is a natural person. Examples of a data subject can be an individual, a customer, a prospect, an employee, a contact person, etc.
Any information relating to an identified / identifiable individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, photo, email address, bank details, posts on social networking sites, medical information, IP address, or a combination of the data that directly or indirectly identifies the person.
The POPI Act and all other relevant legislation refer to sensitive personal data as “special categories of personal data.” The special categories of data include racial or ethnic origin, political opinions, religious or philosophical views, trade union membership, sexual orientation, and health, genetic and biometric data, where processed to uniquely identify an individual. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
Any organisation, person, or body that determines the purposes and means of processing personal data, controls the data and is responsible for it, alone or jointly. Examples, when the data controller is an individual, include general practitioners, pharmacists, and politicians, where these individuals keep personal information about their patients, clients, constituents, etc. Examples of organisations can be data controllers, for profit or not for profit, private or government-owned, large or small, where those organisations keep personal information about their employees, clients, etc.
A data processor processes the data on behalf of the data controller. Examples include payroll companies, accountants, and market research companies.
Accountability is the ability to demonstrate compliance with the POPI Act and all other relevant legislation. The Regulation explicitly states that this is the organisation’s responsibility. In order to demonstrate compliance, appropriate technical and organisational measures have to be implemented. Best practice tools such as privacy impact assessments and privacy by design are now legally required in certain circumstances.
Consent is any “freely given, specific, informed and unambiguous” indication of the individual’s wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed for one or more specific purposes. The affirmative action, or a positive opt-in, means that the consent cannot be inferred from silence, pre-ticked boxes, or inactivity. It should also be separate from terms and conditions and have a simple way to withdraw it. Public authorities and employers will need to pay special attention to ensure that consent is freely given.
Processing is any operation performed on personal data (sets), such as creation, collection, storage, view, transport, use, modification, transfer, deletion, etc., whether or not by automated means.
This is the data subject’s right to obtain from the data controller, on request, certain information relating to the processing of his/her personal data.
A third party is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorised to process the data.
The transfer of personal data to countries outside the EEA or to international organisations is subject to restrictions. As with the Data Protection Directive, data does not need to be physically transported to be transferred. Viewing data hosted in another location would amount to a transfer for POPI purposes.
This means the Protection Of Personal Information Act, 2013 (Act No. 4 of 2013)
is the authority in South Africa that is set to uphold the information rights in the public’s interest and data for privacy.
means Adriaan Du Plessis CEO
means a register of all systems or contexts in which personal data is processed by the company.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
The Company is committed to processing data in accordance with its responsibilities as outlined in the POPI Act and in accordance with relevant international legislation.
This means that your personal data will be:
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We may use your personal information to:
We are not in the business of selling personal information and therefore we will not disclose your personal information to anyone except as provided in this policy.
We take all reasonable and appropriate measures to keep your personal information secure. For example, we encrypt our laptops and our phones. However, we cannot guarantee the absolute security of it. We back-up all your personal information on a regular basis.
We will inspect all emails you contact us with via the email addresses that we provide on this website. We do this to check for viruses, and reserve the right to monitor and inspect all material and information transmitted over our system. We may also monitor whether you read emails that we send you.
You may access and correct, if necessary, your personal information that we hold by contacting us at firstname.lastname@example.org
All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances:
Cookies are alphanumeric identifiers with small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive. Please note, a cookie in no way gives us access to your computer/device and cookies cannot access any other information on your computer/device.