POPIA COMPLIANCE
POPIA COMPLIANCE
- ACCESS TO INFORMATION MANUAL OF:TUNING FORK (PTY) LIMITED T/A Yamaha Distributors (Reg No:ย 2010/001048/07)Prepared In Accordance With Section 51 Of The Promotion Of Access To Information Act No 2 Of 2000 As Amended By The Protection Of Personal Information Act, No 4 Of 2013.
Date Of Compilation: 2018 Date Of Revision: 26.05.2021
TABLE OF CONTENTS
1. Purpose Of The Manual Availability Of The Manual
2. Definitions And Interpretation 3. Company Overview 4. Company Details (Section 51(1)(A)) 5 Guide Of South African Human Rights Commission (Section 51(1)(B)) 6. Records Automatically Available (Section 51(1)(C)) 7. Schedule Of Records Held In Accordance With Other Legislation (Section 51(1)(E)
8. List Of Applicable Legislation (Section 51(1)(D)) 9. Access Request Procedure (Section 51(1)(E)) 9.1 Completion And Submission Of Access Request Form
9.2 Notification
9.3 Payment Of Fees
9.4 Third Party Information
9.5 Grounds For Refusal
9.6 Remedies Available Upon Refusal
9.7 Records That Cannot Be Found Or Do Not Exist
10. Processing Of Personal Information 10.1 Purpose Of POPIA
10.2 Description Of Categories Of Data Subjects
10.3 Reasons For Processing Personal Information
10.4 Storage And Retention And Destruction Of Information
10.5 Access By Others And Cross Border Transfer
10.5.1 Request Procedure
Appendix A Access Request Form C Appendix B Prescribed Fees Appendix C Objection Form Appendix D Rectification Form 1. PURPOSE OF THE MANUAL
The Purpose Of This Manual Is: -
- For Purposes Of PAIA: The Detail Of The Procedure That A Requestor For Information Is To Follow And The Manner In Which A Request For Access Shall Be Facilitated By Tuning Fork; And
- For Purposes Of POPIA: Detail The Purpose For Which Personal Information May Be Processed;
A Description Of The Categories Of Data Subjects For Whom Tuning Fork Processes Personal Information, As Well As The Categories Of Personal Information Relating To Such Data Subjects; And The Recipients To Whom Personal Information May Be Supplied.
Availability Of The Manual
- The Manual Is Available For Inspection At The Offices Of Tuning Fork (PTY) Limited. The Manual Is Available For Download On Tuning Fork Limited Website:ย Http://Www.Yamaha.Co.Za
A Copy Is Also Available At The South African Human Rights Commission.
2. DEFINITIONS AND INTERPRETATION
โTuning Forkโ Shall Mean Tuning Fork (PTY)Limited (Registration Number 2010/001048/07 ), A Public Company Incorporated In South Africa. โData Subjectโ Shall Mean The Person To Whom Personal Information Relates. โManualโ Shall Mean This Manual, Together With All Appendices Hereto. โPAIAโ Shall Mean Promotion Of Access To Information Act, No 2 Of 2000. โPOPIAโ Shall Mean Protection Of Personal Information Act, No 4 Of 2013. โProcessingโ Shall Ascribe To The Meaning As Promulgated In Section 1 Of POPIA. โRecordโ Shall Ascribe To The Meaning As Promulgated In Section 1 Of POPIA. โRequestorโ Shall Ascribe To The Meaning As Promulgated In Section 1 Of PAIA. โRequest For Accessโ
Shall Ascribe To The Meaning As Promulgated In Section 1 Of PAIA. โSAHRCโ Shall Mean The South African Human Rights Commission. 3. COMPANY OVERVIEW
Tuning Fork Conducts A Business As A Distributor Of Motor Products, Parts, Tools, Equipment, And Provide Technical Literature And Train Personnel Adequate To Service And Repair Their Products Sold To The Consumer.
This Manual Is Published On The Company Website Atย Www.Yamaha.Co.Zaย Or Alternatively, A Copy Can Be Requested From The Deputy Information Officer.
This Promotion Of Access To Information Manual (โManualโ) Provides An Outline Of The Type Of Records And The Personal Information It Holds, And Explains How To Submit Requests For Access To These Records In Terms Of The Promotion Of Access To Information Act 2 Of 2000 (โPAIAโ).
PAIA Gives Effect To Everyoneโs Constitutional Right Of Access To Information Held By Private Sector Or Public Bodies, If The Record Or Personal Information Is Required For The Exercise Or Protection Of Any Rights. If A Public Body Lodges A Request, The Public Body Must Be Acting In The Public Interest. Requests Shall Be Made In Accordance With The Prescribed Procedures, At The Rates Provided.
4. COMPANY DETAILS (Section 51(1)(A))
The Details Of Tuning Fork Limited:
Managing Director Robin Van Rensburg Physical Address 19 Eastern Service Road,Eastgate Ext 6 Postal Address Private Bag X15, Kelvin, 2054 Telephone Number 011 259 7600 Email Yamahaonline@Yamaha.Co.Za The Contact Details Of The Deputy Information Officer Are As Follows:
Information Officer Name Gerhardt Van Niekerk Physical Address 19 Eastern Service Road,Eastgate Ext 6 Postal Address Private Bag X15, Kelvin, 2054 Internet Address Www.Yamaha.Co.Za Telephone Number 011 259 7600 Email Address Gerhardtvn@yamaha.co.za 5. GUIDE OF THE SOUTH AFRICAN HUMAN RIGHTS COMMISSION
(Section 51 (1) (B))
The South African Human Rights Commission (SAHRC) Is Responsible For Compiling A Guide That Will Facilitate Ease Of Use Of PAIA For Requesters.
This Guide Is Available In All 11 Official Languages, From The South African Human Rights Commission.
Please Direct Any Queries To:
The South African Human Rights Commission: PAIA Unit
Postal Address:
Private Bag X 2700 Houghton
2041
Physical Address:
Forum 3 Braampark Offices 33 Hoofd Street Braamfontein
2017
Phone: +27 (11) 877-3600
Fax: +27 (11) 403โ0625
Email:ย PAIA@Sahrc.Org.Za
Website:ย Www.Sahrc.Org.Za
- RECORDS AUTOMATICALLY AVAILABLEย (Section 51 (1) (C))
- Divisional Information
- B-BBEEcertificate
- News
- Find My Dealer
7. SCHEDULE OF RECORDS HELD IN ACCORDANCE WITH OTHER LEGISLATION
(Section 51 (1) (E))
- Statutory Company Information
- Incorporation Documents
- Memorandum Of Incorporation
- Minute Books
- Register Of Directors And Officers
- Statutory Returns To Relevant Authorities
- Financial And Accounting Records
- Accounting Records (Inclusive Of Books Of Account)
- Administrative Records
- Internal And External Audit Reports
- Supporting Schedules And Documentation To Books Of Account
- Tax Records
- Customs And Excise Records
- Income Tax Returns And Other Documentation
- PAYE Records
- Regional Services Council Records
- Skills Development Levies Records
- Stamp Duties Records
- Value Added Tax Records
- Legal Records
- Documentation Pertaining To Litigation Or Arbitration
- General Agreements
- Licenses, Permits And Authorizations
- Insurance Records
- Claims Records
- Details Of Insurance Coverage, Limits And Insurers
- Insurance Policies
- Employee Records
- Agreements With Trade Unions
- Arbitration Awards
- Attendance Registers
- Casual Employee Records
- CCMA Records
- Code Of Conduct
- Company Tax Submissions In Respect Of Employees
- Confidentiality Agreements
- Disciplinary Records
- Employee Personal Details
- Employment Conditions And Policies
- Employment Contracts
- Employment Equity Plan
- Medical Aid Records
- Records Of Strikes, Lockouts Or Protest Action
- Remuneration And Benefits Records
- Restraint Of Trade Agreements
- Retirement Fund Records
- Training Schedules And Material
- Share Registration Documents
- Dividendpayment List
- Share Register
- Marketing
- Marketing And Advertising Records
- Brochures And Other Promotional Records
- Product Records
- Quality Testing Procedures And Records
- Records Of The Cost Of Goods Acquired For Resale And Their Selling Price
- Customer Records And Credit Services
- Credit Application Forms
- Customer Records
- Debtors With Collection Agents
- Records Of Customer Details And Payment Performance Listed With Credit Bureaus
- Sales Records
- Terms And Conditions Of Sale
- Transaction Records
- Supplier Records
- Code Of Conduct
- Terms And Conditions For Dealing With Suppliers
- Transactional Records And Supporting Information
- Information Technology
- Business And Data Information
- Domain Name Registrations
- IT Technology Capabilities
- Fixed Property And Fixed Assets
- Financial Lease Agreements
- Fixed Asset Registers
- Property Lease Agreements
- Intellectual Property
- Trademarks, Trade Names And Protected Names
- Agreements Pertaining To Intellectual Property
8. LIST OF APPLICABLE LEGISLATION
(Section 51 (1) (D))
Where Applicable To The Business Conducted By The Divisions In The Group, The Various Subsidiaries And Associates Retain Records Which Are Required In Terms Of Legislation Other Than PAIA.
Certain Legislation Provides That Private Bodies Shall Allow Certain Persons Access To Specified Records, Upon Request. The Legislation May Be Consulted To Establish Whether The Requester Has A Right Of Access To A Record Other Than In Terms Of The Procedure Set Out In PAIA. The Following Legislation Is Included And Can Be Consulted, But Is Not A Limited List:
- Accreditation For Conformity Assessment, Calibration And Good Laboratory Practice Act, No. 19 Of 2006
- Air Services Licensing Amendment No. 21 Of 2008
- Airports Company Amendment Act, No. 14 Of 2001
- Aliens Control Amendment Act, No. 76 OF 1995
- Appropriation Act, 2008 9 Of 2008
- Banks Amendment Act No 20 Of 2007
- Basic Conditions Of Employment Act No.75 Of 1997
- Bills Of Exchange Amendment Act, 56 Of 2000
- Board Based Black Economic Empowerment Act, No 53 Of 2003
- Broadcasting Amendment Act, No. 4 Of 2009
- Carriage By Air Amendment Act, No. 15 Of 2006
- Civil Aviation Act, No. 13 Of 2009
- Companies Act 71 Of 2008 (As Amended)
- Compensation For Occupational Injuries And Diseases Act, No 130 Of 1993
- Competition Act No. 89 Of 1998
- Consumer Affairs (Unfair Business Practices) Act No. 71 Of 1988
- Consumer Protection Act No 68 Of 2008
- Copyright Act No. 98 Of 1978
- Counterfeit Goods Act No 37 Of 1997
- Criminal Law (Forensic Procedures) Amendment Act, 6 Of 2010
- Currency And Exchanges Act 9 Of 1933 (And Exchange Control Regulations)
- Customs And Excise Act 91 Of 1964
- Debt Collectors Act No. 114 Of 1998
- Designs Act No 195 Of 1993
- Electronic Communication And Transactions Act 25 Of 2002
- Employment Equity Act 55 Of 1998
- Financial Advisory And Intermediary Services Act No 37 Of 2002 (As Amended)
- Financial Services Board Act 97 Of 1990
- Income Tax Act 58 Of 1962
- Immigration Act No 13 Of 2002
- King IV Code On Corporate Governance
- Labour Relations Act No. 66 Of 1995
- Medical Schemes Act 131 Of 1998
- Merchandise Marks Act No. 17 Of 1941
- National Credit Act No 34 Of 2005
- Occupational Health And Safety Act No 85 Of 1993
- Patents Act No 57 Of 1978
- Pension Funds Act No. 24 Of 1956
- Prevention Of Organized Crime Act 121 Of 1998
- Promotion Of Equality And Prevention Of Unfair Discrimination Act, No 4 Of 2000
- Protection Of Personal Information Act No 4 Of 2013
- Regulation Of Interception Of Communications And Provision Of Communicationโ Related Information Act No 70 Of 2002
- Sale And Services Matters Act No. 25 Of 1964
- Second - Hand Goods Act No 6 Of 2009
- Securities Transfer Tax Act No 25 Of 2007
- Skills Development Levies Act No. 9 Of 1999
- Skills Development Act No. 97 Of 1998
- South African Revenue Services Act No 34 Of 1997
- Tax On Retirement Funds Act NO 38 Of 1996
- Trade Practices Act 76 Of 1976
- Trademarks Act No. 194 Of 1993
- Unemployment Contributions Act 4 Of 2002
- Unemployment Insurance Act No. 63 Of 2001
- Value Added Tax Act No. 89 Of
If The Requester Believes That A Right Of Access To A Record Exists In Terms Of Legislation Other Than That Listed Above, The Requester Is Required To Indicate What Legislative Right The Request Is Based On, To Allow The Information Officer The Opportunity Of Considering The Request In The Light Thereof.
9. ACCESS REQUEST PROCEDURE
(Section 51(1)(E))
- It Is Important To Note That The Successful Completion And Submission Of An Access Request Form Does Not Automatically Allow The Requester Access To The Requested
- An Application For Access To A Record Is Subject To Certain Limitations If The Requested Record Falls Within A Certain Category As Specified Within Chapter 4 Of
- If It Is Reasonably Suspected That The Requester Has Obtained Access To Records Through The Submission Of Materially False Or Misleading Information, Legal Proceedings May Be Instituted Against Such A Requester.
9.1 COMPLETION AND SUBMISSION OF ACCESS REQUEST FORM C
Use The Prescribed Form C Which Is Available For Downloadย Onย The SAHRCย Website Atย Www.Sahrc.Org.Za.
The Prescribed Form C Must Be Completed In Full And Contain Sufficient Detail In Order To Enable The Information Officer To Identify:
- The Records Requested;
- Proof Of Identity Of The Requester (And If An Agent Is Lodging The Request, Proof Of Capacity) By Attachment Of The Identity Document Of The Requester;
- Form C Must Be Filled In Type Or Block
- All Questions On Form C Must Be Answered. If A Question Does Not Apply State N/A. If Nothing To Disclose State Nil.
- If There Is Insufficient Space On The Form, Additional Information May Be Provided On An Attached Folio And Each Answer On Such Folio Must Reflect The Applicable
- Which Form Of Access Is Required; And
- The Postal Address Or Fax Number Of The Requester In The Republic Of South Africa.
- The Requester Must Identify The Right Which The Requester Is Seeking To Exercise Or Protect.
The Requester Must Provide An Explanation Of The Reason The Record Is Required For The Exercise Or Protection Of Any Right.
If, In Addition To A Written Reply, The Requester Wishes To Be Informed Of The Decision In Respect Of The Request In Any Other Manner, The Requester Is Making The Request To The Reasonable Satisfaction Of The Appointed Information Officer.
9.2 NOTIFICATION
- The Information Officers Will, Within 30 Days Of Receipt Of The Request, Decide Whether To Grant Or Decline The Request And Give Notice With Reasons (If Required) To That Effect. These Requests Will Be Evaluated By The Applicable Entities And Persons Involved, Including But Not Limited To
The Divisional Executive Management, Company Management And/Or Functional Management.
- The 30-Day Period Within Which The Information Officer Must Decide Whether To Grant Or Refuse The Request May Be Extended For A Further Period Of Not More Than 30 Days If The Request Is For A Large Volume Of Information Or Requires The Information Offices To Search Through A Large Volume Of Records, Or The Records Are Not Kept At The Offices Of Tuning Fork.
- The Information Offices Will Notify The Requester In Writing Should An Extension Be Sought.
- If A Record Requested Cannot Be Found, Or Does Not Exist, The Information Officer Shall By Means Of An Affidavit Notify The Requester. In The Affidavit, A Full Account Is Required Of All Steps Taken To Find That Record In Question.
- If The Request For Access To A Record Is Not Successful, The Requester Will Be Notified Of The Following:
- Adequate Reasons For The Refusal (Refer To Third Party Information And Grounds For Refusal Below); And
- That The Requester May Lodge An Application With A Court Against The Refusal Of The Request And The Procedure, Including The Period, For Lodging The
9.3 PAYMENT OF FEES
- The Completed Access Request Form C Must Be Submitted Either Via Conventional Mail, Eโ Mail Or Fax And Must Be Addressed To The Information Officer As Indicated In Section 4 Of This
- An Initial, NonโRefundable Request Fee Of 00 (Excl VAT) Is Payable On Submission.
Note: In Terms Of POPIA :ย This Fee Is Not Applicable To Personal Requesters (Data Subjects),Referring To Any Person Seeking Access To Records That Contain Their Personal Information In terms Of POPIA.
- Payment Details Can Be Obtained From The Information Officer As Indicated In Section 4 Of This Manual And Payment Can Be Made Either Via A Direct Deposit Or By Bank Guaranteed Cheque (No Credit Card Payments Are Accepted). Proof Of Payment Must Be
- The Requester May Be Notified Whether A Deposit Is Required. A Deposit Will Be Required Depending On Certain Factors Such As The Volume And/Or Format Of The Information
Note:ย If The Request For Access Is Successful, An Access Fee Will Be Required For The Search, Reproduction And/Or Preparation Of The Record(S) And Will Be Calculated Based On The Prescribed Fees โ See Appendix B. The Access Fee Must Be Paid Prior To Access Being Given To The Requested Record.
9.4 THIRD PARTY INFORMATION
- If Access Is Requested To A Record That Contains Information About A Third Party, The Relevant Information Officer Is Obliged To Attempt To Contact This Third Party To Inform Them Of The This Enables The Third Party The Opportunity Of Responding By Either Consenting To The Access Or By Providing Reasons Why The Access Should Be Denied.
- In The Event Of The ThirdโParty Furnishing Reasons For The Support Or Denial Of Access, The
Information Officer Will Consider These Reasons In Determining Whether Access Should Be Granted, Or Not.
9.5 GROUNDS FOR REFUSAL
The Information Officer May Legitimately Refuse To Grant Access To A Requested Record That Falls Within A Certain Category. Grounds On Which The Group May Refuse Access Include:
- Protecting Personal Information That The Information Officer Holds About A Third Person (Who Is A Natural Person), Including A Deceased Person, From Unreasonable Disclosure;
- Protecting Commercial Information That Is Held About A Third Party Or The Group Or A Particular Company Or Entity In The Group (For Example Trade Secrets: Financial, Commercial, Scientific Or Technical Information That May Harm The Commercial Or Financial Interests Of The Organization Or The Third Party);
- If Disclosure Of The Record Would Result In A Breach Of A Duty Of Confidence Owed To A Third Party In Terms Of An Agreement;
- If Disclosure Of The Record Would Endanger The Life Or Physical Safety Of An Individual;
- If Disclosure Of The Record Would Prejudice Or Impair The Security Of Property Or Means Of Transport;
- If Disclosure Of The Records Would Prejudice Or Impair The Protection Of A Person In Accordance With A Witness Protection Scheme;
- If Disclosure Of The Record Would Prejudice Or Impair The Protection Of The Safety Of The Public;
- The Record Is Privileged From Production In Legal Proceedings, Unless The Legal Privilege Has Been Waived;
- Disclosure Of The Record (Containing Trade Secrets, Financial, Commercial, Scientific, Or Technical Information) Would Harm The Commercial Or Financial Interests Of The Group;
- Disclosure Of The Record Would Put The Group Or A Particular Company Or Entity In The Group At A Disadvantage In Contractual Or Other Negotiations Or Prejudice It In Commercial Competition;
- The Record Is A Computer Programme; And
- The Record Contains Information About Research Being Carried Out Or About To Be Carried Out On Behalf Of A Third Party Or The Group Or A Particular Company Or Entity In The
9.6 REMEDIES AVAILABLE UPON REFUSAL OF A REQUEST TO ACCESS
Internal Remedies
Tuning Fork Does Not Have Internal Appeal Procedures. As Such, The Decision Made By The Information Officer Is Final, And Requesters Will Have To Exercise Such External Remedies At Their Disposal If The Request For Access Is Refused.
External Remedies
In Accordance With Sections 56(3) (C) And 78 Of PAIA, A Requestor May Apply To A Court For Relief Within 180 Days Of Notification Of The Decision For Appropriate Relief.
9.7 RECORDS THAT CANNOT BE FOUND OR DO NOT EXIST
If The Information Officer Has Searched For A Record And It Is Believed That The Record Either Does Not Exist Or Cannot Be Found, The Requester Will Be Notified By Way Of An Affidavit Or Affirmation. This Will Include The Steps That Were Taken To Try To Locate The Record.
10. PROCESSING OF PERSONAL INFORMATION ACT
10.1 PURPOSE OF POPIA
The Protection Of Personal Information Act, 4 Of 2013 (POPIA), Regulates And Controls The Processing, Including The Collection, Use, And Transfer Of Personal Information Relating To Identifiable, Living, Naturals Persons And Juristic Persons.
Personal Information As Defined In Terms Of POPIA Includes But Is Not Limited To, Information As Follows:
Name, Address, Contact Details, Date Of Birth, Place Of Birth, Identity Number, Passport Number, Bank Details, Tax Number, Financial Information, Biometric Information, Personal Opinions Or Views Of A Person, Criminal History, Member Ship Of A Trade Union, Images By Way Of CCTV.
In Terms Of POPIA, A Person (Responsible Party) Has A Legal Duty To Collect, Use, Transfer And Destroy (Process) Anotherโs (Data Subject) Personal Information (Personal Information) In A Lawful, Legitimate And Responsible Manner And In Accordance With The Provisions And The 8 Processing Conditions Set Out Under POPIA.
10.2 DESCRIPTION OF CATEGORIES OF DATA SUBJECTS
Tuning Fork Holds Information And Records Information Relating To The Following Broad Categories Of Data Subjects Or Persons, Which List Is Not Limited To:
- Employees/Job Applicants/Learnership Candidates/Bursary Applicants/Directors/Interns/Agents/Sponsors
- Customers And Clients Of The Companies
- Contractors/Vendors/Suppliers/Service Providers/Operators
- Business Partners Whether Acting On Behalf Of The Companies Or Not Or Those That Provide Services, Goods And Other Benefits To The Companies Such As Medical Service Providers, Banks, Pension And Provident Funds, Administrators, Service Providers, Insurance Companies, Advertising, Marketing Or PR Agencies, Wellness Or Health Providers
- Regulators And Public Bodies Who The Companies Engage With In Order To Discharge Legal And Public Duty Obligations, Including SARS, National Treasury, Department Of Labour And The Financial Sector Conduct Authorities.
- Users Of Website/Applications/Mobile Applications/Social Media Portals Or Platforms Whether In Order To Enquire More About The Companies Or To Do Business With The
Companies Be It Providing Or Selling To The Companies Or Receiving Or Buying Goods And Services.
- Persons Who Interact With The Companies Physically Or Enter Sites, Offices, Parking Areas, Manufacturing Site, Showroom And All Facilities Of The Company Or Interact Via Websites/Email/Correspondence.
10.3 REASONS FOR PROCESSING PERSONAL INFORMATION
Tuning Fork Does And Will Process Personal Information Which Belongs Or Is Held By A Data Subject.
This Processing Is Required By Any Of The Group Companies Or Entities To Allow Them To Perform The Following (Without Detracting From The Generality Hereof):
- To Pursue Their Business Objectives And Strategies;
- To Comply With A Variety Of Lawful Obligations, Including Without Detracting From The Generality Thereof, To Carry Out Actions For The Conclusion And Performance Of A Contract As Between The Particular Group Company And The Data Subject;
- To Put In Place Protective Mechanisms To Protect The Data Subjectโs And / Or The Companyโs Legitimate Interests Including The Performance Of Risk Assessments And Risk Profiles Where Applicable And Necessary;
- To Obtain As Required By Law Or To Protect The Respective Partyโs Legitimate Interests,
- To Obtain Or Provide Personal Information From A Credit Bureau Or Credit Provider Or Credit Association, Information About Certain Data Subjectโs Credit Record, Including Personal Information About Any Judgement Or Default History;
- For The Purposes Of Making Contact With The Data Subject And Attending To The Data Subjectโs
Enquiries And Requests;
- For The Purpose Of Providing The Data Subject From Time To Time With Information Pertaining To The Companies, Their Officers, Employees, Services And Goods And Other Ad Hoc Business Related Information;
- To Pursue The Data Subjectโs And / Or Companiesโ Legitimate Interests, Or That Of A Third Party
To Whom The Personal Information Is Supplied;
- For The Purposes Of Providing, Maintaining, And Improving The Companiesโ Products And
Services, And To Monitor And Analyse Various Usage And Activity Trends Pertaining Thereto;
- For The Purposes Of Performing Internal Operations, Including Management Of Employees, Employee Wellness Programmes, The Performance Of All Required HR And IR Functions, Call Centres, Customer Care Lines And Enquiries, Attending To All Financial Matters Including Budgeting, Planning, Invoicing, Facilitating And Making Payments, Making Deliveries, Sending Receipts, And Generally Providing Commercial Support, Where Needed, Requested Or Required; And
- For The Purpose Of Preventing Fraud And Abuse Of The Companiesโ Processes, Systems, Procedures And Operations, Including Conducting Internal And External Investigations And Disciplinary Enquiries And
10.4 STORAGE AND RETENTION AND DESTRUCTION OF INFORMATION
- Tuning Fork Will Ensure That The Data Subjectโs Personal Information Is Securely Stored Electronically, Which For Operational Reasons, Will Be Accessible To Certain Categories Of Authorised Persons Within The Particular Group Company On A Need To Know And Business Basis, Save That Where Appropriate, Some Of The Data Subjectโs Personal Information May Be Retained In Hard Copy And Stored
- All Such Personal Information Will Be Held And / Or Stored Securely. In This Regard The Particular Group Company Will Ensure That They Perform Regular Audits Regarding The Safety And The Security Of All Data Subjectโs Personal Information.
- Appropriate Technical And Organisational Measures Will Be Taken By The Companies To Ensure That Personal Information Remains Confidential And Secure Against Unauthorised Or Unlawful Processing And Accidental Loss Or Destruction Or Damage.
- Once The Data Subjectโs Personal Information Is No Longer Required Due To The Fact That The Purpose For Which The Personal Information Was Held Has Come To An End And Expired, Such Personal Information Will Be Safely And Securely Archived For The Required Prescribed Periods Or Longer Should This Be Required By The Company. The Company Thereafter Will Ensure That Such Personal Information Is Permanently
10.5 ACCESS BY OTHERS AND CROSS BORDER TRANSFER
Tuning Fork May From Time To Time Have To Disclose A Data Subjectโs Personal Information To Other Parties, Including Organs Of State, Other Departments Or Subsidiaries, Product Or Third Party Service Providers, Regulators And Or Governmental Officials, Overseas Service Providers And Or Agents, But Such Disclosure Will Always Be Subject To An Agreement Which Will Be Concluded As Between The Company And The Party To Whom It Is Disclosing The Data Subjectโs Personal Information To, Which Contractually Obliges The Recipient Of This Personal Information To Comply With Strict Confidentiality And Data Security Conditions. Where Personal Information And Related Data Is Transferred To A Country Which Is Situated Outside The Borders Of South Africa, The Data Subjectโs Personal Information Will Only Be Transferred To Those Countries Which Have Similar Data Privacy Laws In Place Or Where The Recipient Of The Personal Information Is Bound Contractually To A No Lesser Set Of Obligations Than Those Imposed By POPIA.
10.5.1 Request Procedure:
POPIA Provides That A Data Subject May, Upon Proof Of Identity, Request The Responsible Party To Confirm, Free Of Charge, All The Information It Holds About The Data Subject And May Request Access To Such Information, Including Information About The Identity Of Third Parties Who Have Or Have Had Access To Such Information.
Where A Data Subject Is Desirous Of Obtaining Details Of The Personal Information Which The Company May Hold Of And Which Pertain To It, Then It Must Make Application As Described In Section 9 Of This Manual โ The Access Request Procedure.
POPIA Provides That A Data Subject May Object, At Any Time, To The Processing Of Personal Information By The Responsible Party, On Reasonable Grounds Relating To His/Her Particular Situation, Unless Legislation Provides For Such Processing. In Order To Object The Data Subject Must Complete The Standard โObjectionโ (Form 1) And Submit It To The Information Officer At The Postal Or Physical Address Or Electronic Mail Address Set Out In Section 4 Of This Manual.
A Data Subject May Also Request The Responsible Party To Correct Or Delete Personal Information About The Data Subject In Its Possession Or Under Its Control That Is Inaccurate, Irrelevant, Excessive, Out Of Date, Incomplete, Misleading Or Obtained Unlawfully; Or Destroy Or Delete A Record Of Personal Information About The Data Subject That The Responsible Party Is No Longer Authorised To Retain Records In Terms Of POPIA's Retention And Restriction Of Records Provisions.
A Data Subject That Wishes To Request A Correction Or Deletion Of Personal Information Or The Destruction Or Deletion Of A Record Of Personal Information Must Submit A Request To The Information Officer At The Postal Or Physical Address Or Electronic Mail Address Set Out In Section 4 Of This Manual On The Standard โRectificationโ (Form 2).
The Information Officer Will Handle The Request In Accordance With PAIA.
PROCUREMENT PROCESSING NOTICE
1.ย PURPOSE OF THIS STATEMENTย
1.1ย We, Tuning Fork (Pty) Ltdย and our subsidiaries and trading partners, collectively referred to as โwe, us, the Groupโ, in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (โPOPIAโ), which regulates and controls the processing of a personโs Personal Information in South Africa, which processing includes the collection, use, and transfer of a personโs Personal Information.
1.2 For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:ย
- "consent", means the consent, which you give to us to process your Personal Information. This consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied, implied meaning that consent demonstrated by way of your actions;
- "Data Subject",ย means you, the person who owns and who will provide us with your Personal Information for processing, which reference is found under POPIA;ย
- "Operator"ย is any person who processes your Personal Information on our behalf as a sub-contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centres, service providers, auditors, legal practitioners, organs of state, government, provincial and municipal bodies;
- "Personal Information", means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:
- in the case of an individual:ย
-
- ย name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;
- vehicle registration;
- dietary preferences;
- financial history;
- information about your next of kin and or dependants;ย
- information relating to your education or employment history; andย
- Special Personal Informationย including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition;
- in the case of a juristic person:
- name, address, contact details, registration details, financials and related history, B-BBEE score card, registered address, description of operations, bank details, details about your employees, business partners, customers, tax number, VAT number and other financial information.
- name, address, contact details, registration details, financials and related history, B-BBEE score card, registered address, description of operations, bank details, details about your employees, business partners, customers, tax number, VAT number and other financial information.
- "processing" / โprocessโor processedโ,ย means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing;
- โPurposeโย means the reason why your Personal Information needs to be processed by us;ย
- "Responsible Party,ย means us, the person who is processing your Personal Information;
- โyouโย means you, the person or organization who will be providing us, the Responsible Party, with your Personal Information, for processing, who is known as the Data Subject under POPIA
1.3 In terms of POPIA, where a person processes anotherโs Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.
1.4 In order to comply with POPIA, a person processing anotherโs Personal Information must:ย
1.4.1 provide the data subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; andย
1.4.2 get permission or consent, explicitly or implied, from the owner / data subject, to process the Personal Information, unless such processing:
- is necessary to carry out actions for theย conclusion or performance of a contractย to which the owner / data subject of the Personal Information is a party;ย
- is required in order to comply with anย obligation imposed by law; or
- is for aย legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interestsย of i) the owner / data subject of the Personal Information; ii) the person processing the Personal Information ; or iii) that of a third party to whom the Personal Information is supplied; orย
- is necessary for the proper performance of aย public law dutyย by a public body or on behalf of a public body.ย
1.5 In accordance with the requirements of POPIA, and because your privacy and trust is important to us, we set out below how we and our affiliates and associated companies (hereinafter referred to as โthe Groupโ, โweโ, โusโ, or โourโ) collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.
2.ย APPLICATIONย
2.1 This Privacy Statement applies to the following persons:ย
2.1.1ย Interactors:ย persons who interact with us, physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, or who come onto our sites and / or who enter our offices or facilities.
2.1.2ย Users of our Sites:ย persons who use our websites, applications, mobile applications, or social media portals or platforms whether in order to find out more about us, to make enquiries about us, or our products or services or where persons want to do business with us be it providing or selling to us or receiving or buying from us, certain goods and services, etc.
2.1.3ย Applicants:ย persons who wish to apply for a CSI opportunity or a sponsorship or who want to apply to do business with us; or who are submitting a quotation or tender;ย
2.1.4ย Customers and Clients- potential and actual: persons who are desirous of, or who do use and or purchase our products or services, who receive marketing communications and / or who communicate with us physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.
2.1.5ย Contractors, Vendors and Service Providers- potential or actual:ย persons who are desirous of, or who do provide us with goods, and services, or who we provide goods and services to, including consultancy and infrastructure related services and who we interact and communicate with, either physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.
2.1.6ย Regulators and Public Bodies:ย persons who we engage with in order to discharge legal and public duty obligations, including as an example SARS, National Treasury, Department of Labour, the Financial Sector Conduct Authority.
2.1.7ย Business partners:ย whether in their capacity as an Operator or not, who provide services, goods and other benefits to us, our employees or to our customers, clients and service providers, such as medical aids, pension or provident funds, administration related services, financial service providers, advertising, marketing or PR agencies, wellness, health and / or medical providers.
3. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION
3.1 Your Personal Information will be processed by us for the following purposes:
- Due diligence purposes - legitimate purpose:ย To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, including your business details, medical status, health history and related records, education and employment history and qualifications, credit and financial status and history, tax status, B-BBEE status, and or any performance or vendor related history.
- Contract purposes - assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you.
- To process transactions andrender or provide or receive goods and servicesย -ย conclusion of a contract: To perform under any contract which has been concluded with you, including carrying out all contractual obligations, exercising all contractual rights, assessing or communicating requirements, manufacturing, packaging, ordering, delivering, and / or responding to, or submitting queries, complaints, returns or engaging in general feedback, or acting in such a manner as to personalize any goods or services, and to make recommendations related to us or our or your operations.
- Attending to financial matters pertaining to any transaction - conclusion of a contract: To administer accounts or profiles related to you including registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general.
- Communications - legitimate purpose:ย To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.
- Risk assessment and anti- bribery and corruption matters-legitimate purpose:ย To carry out vendor, organizational and enterprise wide risk assessments, and due diligences, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and operations or facilities and / or to exercise our rights and to protect our and othersโ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.
- Legal obligation and public duties:ย To comply with the law and our legal obligations, including to register with Regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to ensure that you are registered for VAT, Tax, PAYE, SDL, COIDA and UIF etc, and to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority.
- Operational issues - compliance with law and manage the contract:ย To communicate, enforce and ensure you comply with policies, including in relation to claims or actions or legal requirements and conducting investigations and incident response, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.
- Occupational healthย -ย compliance with laws:ย To manage occupational health and absence and fitness for work and notifying family members in emergencies.
- Travel - contractual:ย To facilitate business travel, travel-related support including conference attendance, bookings, and emergency support services.
- B-BBEE - compliance with laws:ย To comply with B-BBEE and monitor or report B-BBEE opportunities and related diversity issues, including but not limited to age, gender, ethnicity, nationality, religion, disability, sexual orientation, and marital or family status.
- IR and Labour relations - compliance with laws: To manage membership to trade unions and collective agreements for administering collective employee arrangements where these are in place.
- Security purposes:ย legitimate purpose and to comply with laws:ย to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.ย
- Marketing and electronic communications related thereto โconsent required:ย To provide you with communications regarding us, our goods and services and or other notifications, programs, events, or updates that you may have registered/asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.ย
- Internal research and development purposesย -ย consent required:ย To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.
- Sale, merger, acquisition, or other dispositionย of our business -ย our Legitimate interestย - To proceed with any proposed or actualย sale, merger, acquisition, or other dispositionย of our business (including in connection with any bankruptcy or similar proceedings).
4.ย WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?ย
In order to engage and / or interact with you, for the purposes described above, we will have to process certain types of your Personal Information, as described below:ย
- Your or your employer or organizationโs contact information,ย such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons.
- Specific identifiers,ย which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race (B-BBEE related),ย sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history (to protect our legitimate interests and to perform risk assessments).
- Account Information,ย including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and / or in order to provide you access to services.
- User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.ย
- Device & Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.ย
- Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Location Data,ย such as the location of your device, your household, and similar location data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Financial Information,ย such as billing address, billing contact details, and similar data, tax numbers and VAT numbers, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place and / or which are required to comply with laws and public duties.
- Career, Education, and Employment Related Information,ย such as work performance and history, nationality and immigration status, demographic data, disability-related information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or consultancy related matters or which are required to comply with laws and public duties.
- Health Recordsย such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.
- Social Media and Online Content,ย such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.
5. SOURCES OF INFORMATION - HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM
5.1 Depending on your requirements, we will collect and obtain Personal Information about you either directly from you, from certain third parties, or from other sources which are described below:ย
5.1.1.ย Direct collection:ย You provide Personal Information to us when you:
- Use our websites, applications, mobile applications, or social media portals or platforms.
- Interact with us.
- Enquire about, or search for our goods or services.
- Create or maintain a profile or account with us.
- Conclude a contract with us.
- Purchase or subscribe to our goods or services.ย
- Use our goods or services.
- Purchase, use, or otherwise interact with content, products, or services from third party providers who have a relationship with us.
- Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms.
- Register for or attend one of our events or locations.
- Request or sign up for information, including marketing material.
- Communicate with us by phone, email, chat, in person, or otherwise.
- Complete a questionnaire, survey, support ticket, or other information request form.
- When you submit a quotation, or offer to do business with us by way of a tender or when you conclude a contract with us.
- When we submit a quotation, or offer to do business with you by way of a tender or when you conclude a contract with us.
- When you express an interest in a CSI project or sponsorship.
5.1.2ย Automatic collection: We collect Personal Information automatically from you when you:
- Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms.
- Use our goods or services (including through a device).
- Access, use, or download content from us.
- Open emails or click on links in emails or advertisements from us.
- Otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).
5.1.3ย Collection from third parties:ย We collect Personal Information about you from third parties, such as:
- Those who we have a relationship with or that provide or publish Personal Information related to you.
- Regulators, professional or industry organizations and certification / licensure agencies that provide or publish Personal Information related to you.
- Third parties and affiliates who deal with or interact with us or you.
- Service providersย and business partners who work with us and that we may utilize to deliver certain content, products, or services.
- Marketing, sales generation, and recruiting business partners.
- SAP, Home Affairs, Credit bureaus and other similar agencies.
- Other government agencies, regulators and others who release or publish public records.
- Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.
6. HOW WE SHARE INFORMATION
We share Personal Information for the purposes set out in this Privacy Notice with the following categories of recipients:
- the Group, our employees and our affiliates.ย We may share your Personal Information amongst our employees, affiliates and the companies within our Group for business and operational purposes.
- Your Organization and Contacts.ย We may share your Personal Information with your organization and others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provide you with access to our goods or services and who pay us in connection with such access. We may also share your Personal Information with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s).
- Business Partners.ย We may share your Personal Information with our business partners to jointly offer, provide, deliver, analyze, administer, improve, and personalize products or services or to host events. We may also pass certain requests from you or your organization to these business providers.
- Third Party Content Providers.ย We may share your Personal Information with our third party content providers to perform tasks on our behalf and to assist us in providing, delivering, analyzing, administering, improving, and personalizing content related to our relationship with you, including financial benefits etc and may, to this end, pass certain requests from you or your organization to these providers.
- Third Party Service Providers.ย We may share your Personal Information with our third party service providers to perform tasks on our behalf and which are related to our relationship with you, and to assist us in offering, providing, delivering, analyzing, administering, improving, and personalizing such services or products.ย
- Cyber Third Party Service Providersย -We may share your Personal Information with our cyber service providers to perform tasks on our behalf and which are related to our relationship with you, including those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behavior, and other products or services. These service providers may also collect Personal Information about or from you in performing their services and/or functions. We may also pass certain requests from you or your organization to these service providers.
- Advertisers.ย We may share your Personal Information with advertisers, advertising exchanges, and marketing agencies that we engage for advertising services, to deliver advertising, and to assist us in advertising our brand and products and services. Those advertising services may also target advertisements on third party websites based on cookies or other information indicating previous interaction with us and/or ourselves.ย
- Users. We aggregate information from public records, phone books, social networks, marketing surveys, business websites, and other sources made available to us to create listings and profiles that are placed into user listings and directories. Additionally, if you choose to include your Personal Information in any reviews, comments, or other posts that you create, then that Personal Information may be displayed to other users as part of your posting.
- In the Event of Merger, Sale, or Change of Control.ย We may transfer this Privacy Statement and your Personal Information to a third party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control (such as the result of a bankruptcy proceeding).
- Regulators and law enforcement agencies.ย We may disclose your Personal Information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request.
- Other Disclosures.ย We may disclose your Personal Information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the group, our employees, any users, or the public.
7. SECURITY OF INFORMATION
7.1 The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing Personal Information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of Personal Information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.
7.2 Your Personal Information will be stored electronically which information, for operational reasons, will be accessible to persons employed or contracted by us on a need to know basis, save that where appropriate, some of your Personal Information may be retained in hard copy.ย
7.3 Once your Personal Information is no longer required due to the fact that the purpose for which the Personal Information was held has come to an end, such Personal Information will be retained in accordance with our Group records retention schedule, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Privacy Statement, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.
8. ACCESS BY OTHERS AND CROSS BORDER TRANSFER
8.1 We may from time to time have to disclose your Personal Information to other parties, including our holding company or subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.
8.2 Where Personal Information and related data is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA.
8.3 However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect Personal Information, we cannot guarantee its absolute security.
9. YOUR RIGHTS
9.1 You as a data subject you have certain rights, which are detailed below:ย
- The right of accessย - You may ask us free of charge to confirm that we hold your Personal Information, or ask us to provide you with details, at a fee, how we have processed your Personal Information, which can be done by following the process set out under our PAIA Manual which can be accessed here:ย Tuning Fork PAIA Manual 2021
- The right to rectificationย - you have the right to ask us to update or rectify any inaccurate Personal Information, which can be done by accessing the rectification request here:ย yamahaonline@yamaha.co.za
- The right to erasure (the โright to be forgottenโ)ย - where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period has expired, you may request that we delete the Personal Information, which can be done by accessing the request for erasure here:ย yamahaunsubscribe@yamaha.co.za
- The right to object to and restrict further processingย - where we do not need your consent to process your Personal Information, but you are not in agreement with such processing, you object to us processing such Personal Information which can be done by accessing the objection request here:ย yamahacomplaints@yamaha.co.za
- The right to withdraw consentย - where you have provided us with consent to process your Personal Information, you have to right to subsequently withdraw your consent, which can be done by accessing the withdrawal of consent request here:ย yamahaunsubscribe@yamaha.co.za
- The right to data portabilityย - where you want your Personal Information to be transferred to another party, which can be done under certain circumstances, please contact us to request such here:ย yamahaonline@yamaha.co.za
10. CHANGES TO THIS PRIVACY STATEMENT
As we change over time, this Processing Notice is expected to change as well. We reserve the right to amend the Processing Notice at any time, for any reason, and without notice to you other than the posting of the updated Processing Notice on our Website and in this regard encourage you to visit our Website frequently in order to keep abreast with any changes.ย
11. CONTACT US
Any comments, questions or suggestions about this privacy notice or our handling of your Personal Information should be emailed toย yamahacomplaints@yamaha.co.za. Alternatively, you can contact us at the following postal address or telephone numbers:
Information Officer : Robin van Rensburg
World of Yamaha
19 Eastern Service Road
Kelvin, Sandton
2090
Our telephone switchboard is open 9:00 am โ 5:00 pm SAST, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.
12. PROCESSING PERSONAL INFORMATIONย
12.1 If you process anotherโs Personal Information on our behalf, or which we provide to you in order to perform your contractual or legal obligations or to protect any legitimate interest, you will keep such information confidential and will not, unless authorized to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and granted to you, and related to the duties assigned to you.
13. COMPLAINTS
13.1 Should you wish to discuss a complaint, please feel free to contact us using the details provided above.ย
13.2 All complaints will be treated in a confidential manner.ย
13.3 Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at https://www.justice.gov.za/inforeg/.
14. ACCEPTANCE AND BINDING NATURE OF THIS DOCUMENTย
14.1 By providing us with the Personal Information which we require from you as listed under this Processing Notice:ย
- You acknowledge that you understand why your Personal Information needs to be processed;
- You accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross border;
- Where consent is required for any processing as reflected in this Processing notice, you agree, which agreement is indicated by way handing to us the required Personal Information, that we may process this particular Personal Information.
14.2 Furthermore you confirm that where you provide us with another personโs Personal Information for processing that you have obtained the required permission from such person (s) to provide us with their Personal Information for processing.
14.3 The rights and obligations of the parties under this Processing Notice will be binding on, and will be of benefit to, each of the partiesโ successors in title and / or assigns where applicable.ย
14.4 Furthermore, should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and / or the required permissions in respect of the processing of that Organization or entities Personal Information.ย
INTERNAL PROCESSING NOTICE FOR
EMPLOYEES, DIRECTORS, JOB APPLICANTS,
LEARNERSHIP APPLICANTS
ย
IN TERMS OF SECTION 18 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
1. PURPOSE OF THIS NOTICE
1.1ย We, Tuning Fork (Pty) Ltdย and our subsidiaries and trading partners, collectively referred to as โusโ, โweโ, โthe Groupโ, in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (hereinafter referred to as โPOPIAโ), which regulates and controls the processing of a legal entityโs and or an individualโs Personal Information in South Africa (also referred to as the โData Subjectโ), which processing includes the collection, use, and transfer of a Data Subjectโs Personal Information.
1.2 For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:
- "consent",ย meansย theย consent,ย whichย youย inย yourย capacityย asย Dataย Subject,ย mayย haveย toย give to us, under certain circumstances, to process your Personal Information. This consent must be voluntary, specific and informed. Following this, onceย weย have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certainย usesย ofย theย information,ย requiredย toย giveย usย yourย permissionย toย useย it,ย whichย permission orย consentย canย beย expressย orย implied;ย impliedย meaningย thatย consentย mayย beย demonstratedย by way of your actions;
- ย "Dataย Subject",ย meansย you,ย theย personย whoย ownsย andย whoย willย provideย usย withย yourย Personal Information forย processing;
- ย "Operator"ย is any person who processes your Personal Information on our behalf as a contractor,ย inย termsย ofย aย contractย orย mandate,ย withoutย comingย underย theย directย authorityย ofย us. These persons for illustration purposes may include verification agencies, advertising and publicย relationsย agencies,ย callย centres,ย serviceย providers,ย auditors,ย legalย practitioners,ย organs of state, government, provincial and municipalย bodies;
- "Personalย Information",ย meansย Personalย Informationย relatingย toย anyย identifiable,ย living, naturalย person,ย andย anย identifiable,ย existingย juristicย person,ย including,ย butย notย limitedย to:
- ย ย In the case of anย individual:ย
oย ย yourย name,ย address,ย contactย details,ย dateย ofย birth,ย placeย ofย birth,ย identityย number,ย passport number, bank details, details about your employment, tax number and financial information;
oย ย vehicleย registration;
oย ย dietaryย preferences;
oย ย financialย history;
oย ย information about your next of kin and orย dependents;
oย ย information relating to your education or employment history;ย and
oย ย Special Personal Informationย including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offencesย committedย orย allegedย toย haveย beenย committed,ย membershipย ofย aย tradeย unionย and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voiceย recognition;
- ย ย In the case of aย legal entity:ย
oย ย Name,ย address,ย contactย details,ย registrationย details,ย financialย andย relatedย history,ย B-BBEE scoreย card,ย registeredย address,ย descriptionย ofย operations,ย bankย details,ย detailsย aboutย your employees, business partners, customers, tax number, VAT number and other financial information.
- "processing" / โprocessโ or processedโ,ย means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval,ย alteration,ย consultationย orย use;ย disseminationย byย meansย ofย transmission,ย distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includesย allย typesย ofย usageย ofย yourย Personalย Informationย byย usย includingย theย initialย processing whenย weย firstย collectย yourย Personalย Informationย andย anyย furtherย andย ongoingย processing;
- โPurposeโย meansย theย reasonย whyย yourย Personalย Informationย needsย toย beย processedย byย us;
- ย "Responsibleย Party,ย meansย us,ย theย personย whoย isย processingย yourย Personalย Information;
- โYouโย meansย you,ย theย potentialย orย actualย employee,ย director,ย learnerย orย bursaryย holder,ย known under POPIA, as the Data Subject, who will be providing us, the Responsible Party with your Personal Information, forย processing.
1.3 In terms of POPIA, where a person processes anotherโs Personal Information, such processing must be done in aย lawful, legitimate and responsibleย manner and in accordance with the provisions, principles and conditions set out under POPIA.
1.4 In order to comply with POPIA, a person processing anotherโs Personal Information must:
1.4.1 provide the Data Subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; and
14.2ย get permission or consent, explicitly or implied, from the owner / Data Subject, to process the Personal Information, unless such processing:
- is necessary to carry out actions for theย conclusion or performance of a contractย to which the owner / Data Subject of the Personal Information is a party;
- is required in order to comply with anย obligationย imposedย byย law; or
- is for aย legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interestsย of ย i) the owner / Data Subject of the Personal Information;ย ii) the person processing the Personal Information; or iii) that of a third party to whom the Personal Information is supplied; or
- is necessary for the proper performance of aย public law dutyย by a public body or on behalf of a public body.
1.5 In accordance with the requirements of POPIA, and because your privacy and trust is important to us, we set out below how we, and our affiliates and associated companies (hereinafter referred to as โthe Groupโ, โweโ, โusโ, or โourโ) collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.
2. APPLICATION
2.1ย This Processing Notice applies to the following persons:
2.1.1ย Applicants:ย personsย whoย wishย toย applyย forย anย employmentย positionย withinย ourย Group,ย orย whoย wish to apply for aย learnership.
2.1.2ย Employees and Directors:ย persons who are employed by us or who have been appointed as directors or committee members.
3. PURPOSE FOR PROCESSING YOUR PERSONALย INFORMATION
ย ย ย Your Personal Information will be processed by us for the following purposes:
- Employment: potential - legitimate purpose: To conduct and communicate withย youย regardingย recruitingย andย humanย resourceย administration,ย toย manageย recruitmentย includingย legal eligibility for work and vettingย purposes.
- Dueย diligenceย purposesย -ย legitimateย purpose:ย Toย carryย outย ongoingย dueย diligenceย exercises including obtaining, verifying and updating your details and or credentials, such as receiving and verifying your identity, education, qualifications and employment history, medical and health history and related records, financial, credit and tax status and history, and or any employee performance relatedย history.
- Employment: actual or ongoing - to contract with you: To conclude an employment contractย withย you,ย toย manageย recruitment,ย promotionย andย successionย planning;ย andย toย conduct and communicate with you regarding your employment; your ongoing employment; and to performย humanย resourcesย administration,ย financialย administration,ย complyย withย labour,ย Taxย and B-BEEE laws, management and organizational administration, training, and skills development, including performance assessments and disciplinaryย matters.
- Employmentย benefitsย -ย legitimateย purposeย andย toย manageย theย contract:ย Toย manageย your benefits, including administering remuneration, relocation, insurance, payroll, pensions and otherย employeeย benefitsย andย tax,ย includingย disclosureย toย otherย affiliatesย withinย theย Groupย andย to others such as payroll providers, accountants, occupational health providers, insurers, pensions administrators, hosting service providers and legalย advisers;
- Operational issues - compliance with law and manage the contract:ย To communicate, enforce and ensureย youย comply with policies, including in relation to claims, disciplinary actionsย orย legalย requirementsย andย conductingย investigationsย andย incidentย response,ย including reviewing your communications in these situations in accordance with relevant internal policies and applicableย law;
- Occupationalย healthย -ย complianceย withย laws:ย Toย manageย occupationalย healthย andย absence andย fitnessย forย workย andย notifyingย familyย membersย inย emergencies;
- Travelย -ย contractual:ย Toย facilitateย businessย travel,ย travel-relatedย supportย includingย conference attendance, bookings, and emergency supportย services;
- B-BBEEย -ย complianceย withย laws:ย Toย monitorย equalย employmentย opportunities,ย inย respectย of
- diversityย categoriesย includingย butย notย limitedย toย age,ย gender,ย ethnicity,ย nationality,ย religion, disability, sexual orientation, and marital or familyย status;
- IRย andย Labourย relationsย -ย complianceย withย laws:ย Toย manageย membershipย toย tradeย unions andย collectiveย agreementsย forย administeringย collectiveย employeeย arrangementsย whereย these are inย place
- Communicationsย -ย legitimateย purpose:ย Toย makeย contactย withย youย andย toย communicateย with youย generallyย orย inย respectย ofย ourย requirements,ย orย instructions,ย orย toย respondย toย youย inย orderย to comply with your specified or generalย instructions.
- Risk assessment and anti- bribery and corruption matters - legitimate purpose:ย For internal and external auditing, assurance and risk management purposes; and to carry out organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with all relevant laws, as well as to identify and authenticate your access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and / or to exercise our rights and to protect our and othersโ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.
- Legal obligation and public duties:ย Toย comply with the law and our legal obligations, includingย toย registerย withย Regulators,ย obtainย andย holdย permitsย andย certificates,ย registerย forย VAT, Tax,ย PAYE,ย SDL,ย COIDAย andย UIFย etc,ย toย submitย reportsย orย provideย variousย noticesย orย returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or publicย authority.
- Securityย purposesย -ย legitimateย purposeย andย toย complyย withย laws:ย Toย permitย youย accessย to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposesย asย wellย asย forย providingย ITย accessย andย supportย andย forย employeeย authenticationย and for data and cybersecurityย purposes.
- For internal research and development purposesย -ย consent required:ย For statistical analysisย andย researchย purposesย inย theย contextย ofย employment,ย includingย predictiveย modelling and peopleย planning.
- Effectuateย theย sale,ย merger,ย acquisition,ย orย otherย dispositionย ofย ourย businessย (includingย in connectionย withย anyย bankruptcyย orย similarย proceedings)ย -ย Legitimateย interest:ย toย complyย with our legal obligations and to change our business structure we may disclose your Personal Information in connection with proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants.ย Weย may also provide relevant parts of your Personal Information to any potential acquirer of or investor in any part of the Groupโs business for the purpose of that acquisition orย investment.
4. DETAILSย OFย THEย PERSONALย DATAย ORย INFORMATIONย WEย COLLECTย FROMย YOU
Inย orderย toย engageย andย /ย orย interactย withย you,ย forย theย purposesย describedย above,ย weย willย haveย to process certain types of your Personal Information, as describedย below:
- Yourย contactย information,ย suchย asย name,ย alias,ย address,ย identityย number,ย passportย number, security number, phone number, cell phone number, vehicle make and registration number, social media user identity, email address, and similar contact data, serial numbers of equipment,ย detailsย regardsย theย possessionย ofย dangerousย weapons,ย andย otherย contactย information
includingย detailsย ofย yourย previousย employers,ย membershipsย orย affiliations,ย including professional bodies and trade unions, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons pertaining to your application for employment or actual employment within theย Group. - Career, Education, and Employment Related Information,ย such as job preferences or interests, work performance and history, salary history, nationality and immigration status, demographic data, professional licensure information and related compliance activities, accreditationsย andย otherย accolades,ย educationย historyย (includingย schoolsย attended,ย academic degreesย orย areasย ofย study,ย academicย performance,ย andย rankings),ย andย similarย data,ย whichย are required for contractual or employment related matters or which are required to comply with laws and publicย duties.
- Specificย identifiers,ย knownย asย Specialย Personalย Information,ย whichย areย requiredย inย orderย to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodateย youย in our workplaces, such as your race, disability-related information (B- BBEE related),ย religion (correct and fair treatment related), sexual and medical history includingย anyย medicalย conditionsย (toย complyย withย lawsย andย relatedย toย correctย andย fairย treatment issues), trade union matters (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history, (to protect our legitimate interests and to perform risk assessments), as well as childrenโs details (benefits related) and biometricsย suchย asย fingerย prints,ย whichย areย requiredย inย orderย toย provideย youย withย accessย toย our facilities,ย giveย youย accessย toย ourย informationย technologyย infrastructure,ย forย securityย monitoring purposesย andย inย orderย toย complyย withย healthย andย safetyย requirementsย inย theย workplace.
- Demographic Information,ย such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, personal or household / familial financial statusย andย metrics,ย andย similarย data,ย whichย areย requiredย forย variousย legitimateย interests,ย asย well asย contractualย andย /ย orย lawfulย reasonsย pertainingย toย yourย actualย employmentย withย theย Group.
- Yourย Image,ย stillย pictures,ย video,ย voice,ย andย otherย similarย data,ย whichย areย requiredย inย orderย to provideย youย withย accessย toย ourย facilities,ย giveย youย accessย toย ourย ITย infrastructure,ย forย security monitoringย purposesย asย wellย forย otherย lawfulย reasonsย pertainingย toย yourย employmentย withย the Group.
- Public issued Identity Information,ย such as government-issued identification information, taxย identifiers,ย socialย securityย numbers,ย otherย government-issuedย identifiers,ย andย similarย data, which are required to comply with laws and public duties as well for other lawful reasons pertaining to your employment with theย Group.
- Taxย andย Financialย Information,ย bankingย details,ย andย taxย registrationย numberย andย status, whichย areย requiredย toย performย contractualย mattersย andย /ย toย complyย withย taxย lawsย andย public duties.
- ย ITย Information,ย includingย ITย security-relatedย informationย (includingย ITย userย namesย andย passwords,ย authenticationย methods,ย andย roles),ย andย similarย data,ย whichย areย requiredย for various legitimate interests, contractual and / or lawful reasons pertaining to your actual employment with theย Group.
- Healthย historyย andย records,ย whichย isย classifiedย asย Specialย Personalย Information,ย suchย as medical status and history, examinations, blood type, medical aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and publicย duties.
- Socialย Mediaย andย Onlineย activitiesย andย presence,ย suchย asย informationย placedย orย postedย in social media and online profiles, online posts, and similar data, which are required for contractual or employment related matters or which are required to comply with laws and publicย duties.
5.ย SOURCESย OFย INFORMATIONย -ย HOWย ANDย WHEREย WEย COLLECTย YOURย PERSONAL INFORMATION FROMย YOU
5.1ย Dependingย onย yourย requirements,ย weย willย collectย andย obtainย Personalย Informationย aboutย youย either directlyย fromย you,ย fromย certainย thirdย partiesย orย fromย otherย sourcesย whichย areย describedย below:
5.1.1.ย Direct collection:ย Youย provide Personal Information to us whenย you:
- interact withย us;
- enquireย about,ย orย applyย forย aย positionย withinย ourย organization,ย includingย requestingย orย signing up forย information;
- expressย anย interestย inย workingย withย usย orย applyย forย aย jobย orย positionย orย bursary,ย learnershipย or sponsorship withย us;
- take up a job or position withย us;
- conclude a contract withย us;
- communicate with us by phone, email, chat, in person, orย otherwise;
- complete a questionnaire, or other information requestย form.
5.1.2ย ย Automaticย collection:ย Weย collectย Personalย Informationย automaticallyย fromย youย whenย you:
- searchย for,ย visit,ย interactย with,ย orย useย ourย websites,ย applications,ย mobileย applications,ย orย social media portals orย platforms;
- access, use, or download content fromย us;
- open emails or click on links in emails or advertisements fromย us;
- Otherwise interact or communicate withย us.
5.1.3ย ย Collectionย fromย thirdย parties:ย Weย collectย Personalย Informationย aboutย youย fromย thirdย parties,ย such as:
- recruitment or employment agencies, previous employees andย colleagues;
- your previousย employer;
- regulators,ย professionalย orย industryย organizationsย andย certificationย /ย licensureย agenciesย that provide or publish Personal Information related toย you;
- third parties and affiliates who deal with or interact with us or you;
- serviceย providersย andย businessย partnersย whoย workย withย usย andย thatย weย mayย utilizeย toย deliver services;
- SAP, Home Affairs, Credit bureaus and other similarย agencies;
- Governmentย agencies,ย regulatorsย andย othersย whoย releaseย orย publishย publicย records;
- Otherย publiclyย orย generallyย availableย sources,ย suchย asย socialย mediaย sites,ย publicย andย online websites, open databases, and data in the publicย domain.
6.ย ย HOW WE SHARE YOURย INFORMATION
Weย shareย Personalย Informationย forย theย purposesย setย outย inย thisย Processingย Noticeย withย theย following categories ofย recipients:
- ย Our employees, the Group and our affiliates.ย Weย may share your Personal Information amongstย ourย employees,ย affiliatesย andย theย companiesย withinย ourย Groupย forย employment,ย HR, IR, business and operationalย purposes.
- ย Yourย Contactsย andย otherย employees.ย We may share your Personal Information with others
- with whomย youย have a relationship in order to fulfil or perform a contract or other legal obligation,ย includingย withย thirdย partiesย thatย arrangeย orย provideย youย withย goodsย orย servicesย and whoย weย payย inย connectionย withย suchย access.ย Weย mayย alsoย shareย yourย Personalย Information with other employees in theย Organization.
- Business Partners and Third Party Service Providers, as well as Operators.ย We may shareย yourย Personalย Informationย withย ourย thirdย partyย serviceย providersย toย performย tasksย onย our behalfย andย whichย areย relatedย toย ourย relationshipย withย you,ย includingย financial,ย benefits,ย health and medical, and wellness benefits etc and to assist us in offering, providing, delivering, analyzing,ย administering,ย improving,ย andย personalizingย suchย servicesย orย products.
- Third Party Content Providers.ย Weย may share your Personal Information with our third party content providers to perform tasks on our behalf and to assist us in providing, delivering, analyzing, administering, improving, and personalizing content related to our relationshipย withย you,ย includingย financial,ย benefits,ย healthย andย medical,ย andย wellnessย benefits etcย andย mayย toย thisย endย passย certainย requestsย fromย youย toย theseย providers.
- Cyber Third Party Service Providers.ย Weย may share your Personal Information with our third party cyber service providers to perform tasks on our behalf and which are related to our relationship with you, including those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behavior,ย andย otherย productsย orย services.ย Theseย thirdย partyย serviceย providersย mayย alsoย collect Personal Information about or fromย youย in performing their services and/or functions.ย Weย mayย alsoย passย certainย requestsย fromย youย toย theseย thirdย partyย serviceย providers.
- Advertisers.ย Weย may share your Personal Information with advertisers, advertising exchanges,ย andย marketingย agenciesย thatย weย engageย forย advertisingย services,ย toย deliver advertising,ย andย toย assistย usย inย advertisingย ourย brandย andย productsย andย services.
- Users.ย Weย mayย aggregateย informationย fromย publicย records,ย phoneย books,ย socialย networks, marketing surveys, business websites, and other sources made available to us to create listings and profiles that are placed into user listings and directories. Additionally, ifย youย chooseย toย includeย yourย Personalย Informationย inย anyย reviews,ย comments,ย orย otherย postsย that you create, then that Personal Information may be displayed other users as part of your posting.
- Regulatorsย andย lawย enforcementย agencies.ย Weย mayย discloseย yourย Personalย Informationย to regulators and other bodies in order to comply with any applicable law or regulation, to complyย withย orย respondย toย aย legalย processย orย lawย enforcementย orย governmentalย request.
- Other Disclosures.ย Weย may disclose your Personal Information to third parties if we reasonablyย believeย thatย disclosureย ofย suchย informationย isย helpfulย orย reasonablyย necessaryย to enforce our terms and conditions or other rights (including investigations of potential violationsย ofย ourย rights),ย toย detect,ย prevent,ย orย addressย fraudย orย securityย issues,ย orย toย protect againstย harmย toย theย rights,ย property,ย orย safetyย ofย theย group,ย ourย employees,ย anyย users,ย orย the public.
- In the Event of Merger, Sale, or Change of Control.ย Weย may transfer this Processing Noticeย andย yourย Personalย Informationย toย aย thirdย partyย entityย thatย acquiresย orย isย mergedย withย us as part of a merger, acquisition, sale, or other change of control (such as the result of a bankruptcyย proceeding).
7.ย ย HOW WE SECURE YOUR INFORMATION
ย
7.1ย Theย securityย ofย yourย Personalย Informationย isย importantย toย us.ย Takingย intoย accountย theย nature,ย scope, context, and purposes of processing personal information, as well as the risks to individuals of varying likelihood and severity,ย weย have implemented technical and organizational measures designedย toย protectย theย securityย ofย personalย information.ย Inย thisย regard,ย weย willย conductย regularย audits regarding the safety and the security of your Personalย Information.
7.2ย Your Personal Information will be stored electronically which information, for operational reasons, willย beย accessibleย toย personsย employedย orย contractedย byย usย onย aย needย toย knowย basis,ย saveย thatย where appropriate,ย someย ofย yourย Personalย Informationย mayย beย retainedย inย hardย copy.
7.3ย Onceย yourย Personalย Informationย isย noย longerย requiredย dueย toย theย factย thatย theย purposeย forย whichย the Personal Information was held has come to an end, such Personal Information will be retained in accordanceย withย theย applicableย Groupย entityโsย recordsย retentionย schedule,ย whichย variesย depending onย theย typeย ofย processing,ย theย purposeย forย suchย processing,ย theย businessย function,ย recordย classes,ย andย recordย types.ย Weย calculateย retentionย periodsย basedย uponย andย reserveย theย rightย toย retainย Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Processing Notice, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and otherย legalย obligationsย (includingย contractualย obligations),ย andย (d)ย complyย withย yourย requests.
7.4ย Please note that notwithstanding the contents of this clause, no method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protectย Personalย Information,ย weย cannotย guaranteeย itsย absoluteย security.
8.ย ACCESS BY OTHERS AND CROSS BORDERย TRANSFER
ย
8.1 We may from time to time have to disclose your Personal Information to other parties, including our holding company or subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, ย or overseas trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliged the recipient of your Personal Information to comply with strict confidentiality and data security conditions.
8.2ย Where Personal Information and related data is transferred to a country which is situated outside Southย Africa,ย yourย Personalย Informationย willย onlyย beย transferredย toย thoseย countriesย whichย haveย similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set than thoseย imposed byย POPIA.
8.3ย However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect personal information, we cannot guarantee its absolute security.
ย 9. YOURย RIGHTS
You as a Data Subject have certain rights, and to check how we have processed your personal information, which can be done by following the process set out under our PAIA Manual which can be accessed on team in the link below:ย www.yamaha.co.za
10.ย CHANGESย TOย THIS PROCESSINGย NOTICE
As our Group changes over time, this Processing Notice is expected to change as well. We reserveย theย rightย toย amendย theย Processingย Noticeย atย anyย time,ย forย anyย reason,ย andย withoutย noticeย to you other than the posting of the updated Processing Notice on the Website and in this regard encourageย youย toย visitย ourย Websiteย frequentlyย inย orderย toย keepย abreastย withย anyย changes.
11.ย CONTACTย US
Anyย comments,ย questionsย orย suggestionsย aboutย thisย Processingย Noticeย orย ourย handlingย ofย your Personal Information should be emailed toย yamahacomplaints@yamaha.co.za.
Anyย comments/questions/complaintsย receivedย mayย beย re-directedย ontoย theย appointed Information Officer to which the matter mayย relate.
Alternatively, you can contact us at the following postal address or telephone number:
Group Information Officer: Robin Van Rensburg Postal : Private Bag X15, Kelvin, 2054
Phone: +27 โ 011 259 7700
Ourย telephoneย switchboardย isย openย 9:00ย amย โย 4:00pmย GMT,ย Mondayย toย Friday.ย Ourย switchboard teamย willย takeย aย messageย andย ensureย theย appropriateย personย respondsย asย soonย asย possible.
12.ย PROCESSING PERSONAL INFORMATION OFย ANOTHER
12.1ย Ifย youย process anotherโs Personal Information, you will keep such information confidential and will not, unless authorised to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for whichย theย informationย hasย beenย receivedย andย relatedย toย theย dutiesย assignedย toย you.
12.2 You will also observe The Bidvest Group Data Protection Policy which sets out the rules and regulations regarding the processing and protection of Personal Information and/or data to which you as employee has access in the course and scope of your duties; and you shall report any infringementย relatingย toย theย mannerย inย whichย Personalย Informationย orย otherย dataย isย processedย toย the employerโs companyโs appointed Information Officer withoutย delay.
13. COMPLAINTS
13.1ย Shouldย youย wish to discuss a complaint, please feel free to contact us using the details provided above.
13.2ย All complaints will be treated in a confidentialย manner.
13.3 Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at www.justice.gov.za/inforeg/.
14. ACCEPTANCE
14.1ย By providing us with the Personal Information which we require from you as listed under this Processingย Notice:
- Youย acknowledgeย thatย youย understandย whyย yourย Personalย Informationย needsย toย beย processed;
- Youย acceptย theย termsย whichย willย applyย toย suchย processing,ย includingย theย termsย applicableย toย the transfer of such Personal Information crossย border;
- Whereย consentย isย requiredย forย anyย processingย asย reflectedย inย thisย Processingย Notice,ย youย agree,ย byย wayย ofย providing
usย withย yourย Personalย Information,ย thatย weย mayย processย this particular Personalย Information.
14.2 Where you provide us with another personโs Personal Information for processing, you confirm and warrant that that you have obtained the required permission from such person(s) to provide us with their Personal Information for processing and indemnify and hold us harmless against any liability or loss which may be incurred by us or our employees as a result of any breach of such warrant.
TUNING FORK PROPRIETARY LIMITED
CCTV CAMERA POLICY
MAY 2021
TABLE OF CONTENTS
1. INTRODUCTIONย
2. PURPOSEย
3. APPLICATION OF POLICYย
4. TUNING FORK AND YOUR PERSONAL INFORMATIONย
5. SPECIAL PERSONAL INFORMATIONย
6. SECURITY SAFEGUARDSย
7. HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION FOR?ย
8. OPERATORS AND JOINT RESPONSIBLE PARTIESย
9. SHARING OF INFORMATIONย
10. CROSSBORDER INFORMATION TRANSFERSย
11. YOUR RIGHTSย
12. WHO TO CONTACT IN CASE OF CONCERNSย
13. CONSEQUENCES OF NONCOMPLIANCEย
14. ACCOUNTABILITYย
15. OPENNESSย
16. RELATIONSHIP TO EXISTING POLICIESย
17. POLICY REVISIONย
18. VERSION CONTROLย
1. INTRODUCTION
1.1 Tuning Fork Proprietary Limited ("Tuning Fork"/"we"/"us"/"our") makes use of closedโcircuit television ("CCTV") surveillance infrastructure on its premises for security purposes. The CCTV surveillance infrastructure is installed and operated by a recognised service provider and the realโtime surveillance/security services are provided by preโvetted and approved security companies and/or security personnel under the employ of Tuning Fork.
1.2 The cameras are positioned so that they record the general areas within our premises. Footage of these areas is recorded and stored for a limited amount of time and the information recorded can either be passed through our own video analytics/storage system and/or shared with databases belonging to or linked to those of our security service provider(s).
1.3 It is our commitment to our employees, directors, affiliates, partners, clients and members of the general public who enter and make use of our premises to continually implement practices and procedures that respect and protect your privacy. Therefore, we have compiled this CCTV Camera Policy ("Policy") to ensure our commitment to your privacy and compliance with the applicable laws and regulations, in particular the Protection of Personal Information Act 4 of 2013 ("POPIA").
2. PURPOSE
ย ย 2.1 We recognise that everyone has the right to privacy which includes protection against the unlawful collection, retention, dissemination and use of Personal Information. Consequently, this Policy sets out to โ
2.1.1 promote ethical standards including, but not limited to, protecting your Personal Information, respecting your individual privacy, guarding against security threats and maintaining best practices with regards to CCTV surveillance;
2.1.2 explain how we will collect, process and store your Personal Information through our CCTV cameras;
2.1.3 clarify the practices and procedures that will enable us to monitor and audit compliance with this Policy and set out the consequences of nonโcompliance;
2.1.4 provide guidelines on processing Personal Information where doing so would protect the legitimate interests of Data Subjects and enhance their safety and that of Tuning Fork and the property it owns and operates; and
2.1.5 minimise the inherent risks of nonโcompliance including, but not limited to, privacy infringement, reputational damage and regulatory sanctions.
3. APPLICATION OF POLICY
This Policy applies to โ
ย ย 3.1 Tuning Fork and all our employees, directors, partners, clients and members of the general public who enter our premises and get recorded by our CCTV cameras; and
ย ย 3.2 any natural or juristic person who may, for whatever reason, have access to and/or make use of our CCTV camera surveillance network.
4. TUNING FORK AND YOUR PERSONAL INFORMATION
ย ย 4.1 We will be primarily responsible for processing your Personal Information either as a responsible party or operator. In this regard we undertake to comply with the obligations of POPIA, depending on the capacity in which we are acting in any given circumstance.
4.2 We will mainly Process your Personal Information in the following respects โ
Employees/Directors/Affiliates/Partners/Clients/General Public | ||
What We Process | Why We Process | Legal Basis |
Vehicles (including license plate numbers); and
Images and/or video footage of individuals; Images and/or video footage of our premises in general; and Special Personal Information as set out in paragraphย 5. ย |
Safety and security surveillance, specifically for the identification of individuals and/or vehicles coming in and out of our premises;
Employee security; Crime deterrent; and Monitoring our premises to secure our property.
|
Consent; and
Legitimate interest (i.e. safety and security). |
4.3 Personal Information collected by our CCTV cameras will not be used for any other purposes other than those listed above or as permitted by law.
5. SPECIAL PERSONAL INFORMATION
5.1 We understand that through our CCTV cameras, we may be able to establish certain facts relating to your race or ethnic origin, for example. Such information may be used for various purposes including, but not limited to, building a profile of a person suspected of having committed a criminal offence. In that regard, we will only Process your Special Personal Information if we have โ
5.1.1 your consent;
5.1.2 a lawful basis;
5.1.3 public interest grounds; or
5.1.4 publicly available information.
6. SECURITY SAFEGUARDS
6.1 We store your Personal Information as required by POPIA. Specifically, all Personal Information will be stored on secure servers leased or owned by ourselves and/or hosted by a third party. Each third party hosting company is required to enter into the appropriate 'operator's agreement' with us and will be subject to our comprehensive terms and conditions and will expressly agree to be bound by POPIA and its provisions to safeguard against unauthorised access, loss, destruction, and/or damage by, or dissemination to, unauthorised third parties.
6.2 Data collected from our CCTV cameras will not be stored on private servers and our security service providers will not be entitled to download and store Personal Information without having submitted a specific written request to us. Such a request will be required to set out the reason and purpose of the download and duration for which the data will be stored, along with strict security undertakings, which request we will refuse should it not satisfy our commitment to POPIA compliance.
6.3 We adopt a "need to know" approach to access to our CCTV surveillance footage. Individuals who have such access include, from time to time โ
6.3.1 our relevant security personnel/service providers;
6.3.2 our Information Officer;
6.3.3 support staff required to support, service or maintain the surveillance network; and
6.3.4 any other employee or service provider appointed by us who may, from time to time, require access to the surveillance system in fulfilment of the purposes of this Policy or any mandate related to their core functions.
7. HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION FOR?
7.1 All Personal Information is stored for a period of at least 30 days, being the time the Personal Information is required to be maintained in order to achieve the purpose for which it was collected. After the expiry of such period, the Personal Information will be permanently deleted and/or destroyed in accordance with POPIA stipulated guidelines.
7.2 We will not retain your Personal Information longer than the period for which it was originally needed, unless we are required by law to do so, or you consent to us retaining such information for a longer period.
7.3 We will, upon your request, promptly destroy any and all of your Personal Information in our possession or control, save for that which we are legally obliged or permitted to retain.
8. OPERATORS AND JOINT RESPONSIBLE PARTIES
8.1 When third parties are used to process Personal information on behalf of ourselves or vice versa, we will enter into agreements with them that will provide for the protection of your Personal Information in line with the law.
8.2 The information recorded by our CCTV surveillance network may also be accessed, through our systems and with our express prior consent, by vetted third party companies in order to achieve our stated purpose i.e. detect, deter and prevent crime and further enhance the safety of those who live, work trade and visit the areas covered by the CCTV surveillance network.
8.3 In both the above situations, we commit to complying with its obligations in terms of POPIA.
9. SHARING OF INFORMATION
We may share or transfer your Personal Information as follows or as otherwise described in this Policy โ
9.1 with our customers, affiliates and/or partners whom only have access to such information as is necessary to perform their functions or give effect to an agreement or legal obligation and not any other purpose;
9.2 any operators will act on our instructions and be contractually bound to take all reasonable steps to protect your Personal Information;
9.3 in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal Process, or as otherwise required by any applicable law, rule or regulation; and
9.4 in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company (we will request a purchaser to treat our data under the privacy/confidentiality statement in place at the time of its collection).
10. CROSSโBORDER INFORMATION TRANSFERS
Where we transfer Personal information about you to a company or any other entity outside of South Africa, we will ensure that โ
10.1 the company receiving the information is subject to a law, binding corporate rules or a binding agreement which provides an adequate level of protection of your Personal Information; and/or
10.2 we obtain your consent if need be;
10.3 there is a contractual obligation in your interest or the transfer is necessary for the conclusion or performance of a contract between ourselves and you, as the case may be; or
10. 4 there is a legitimate interest which justifies the crossโborder transfer of Personal Information.
11. YOUR RIGHTS
11. 1 You have a number of rights under law which, in certain circumstances, you may exercise in relation to the Personal Information we Process about you. These include โ
11.1.1 the right to access a copy of the Personal Information that we have about you;
11.1.2ย the right to correction of inaccurate Personal Information we hold about you;
11.1.3ย the right to restrict our use of your Personal Information;
11.1.4ย the right to request that your Personal Information be deleted; and
11.1.5 the right to object to our use of your Personal Information.
11.2 Where we rely on consent as the legal basis on which we Process your Personal Information, you may also withdraw that consent at any time.
12. WHO TO CONTACT IN CASE OF CONCERNS
12.1 We have designated an Information Officer who, in conjunction with our relevant facilities/security personnel, shall be responsible for โ
12.1.1 the administration of this Policy and ensuring the lawful processing of Personal information by ourselves;
12.1.2 dealing with requests made to us for access to Personal Information held by us;
12.1.3 conducting annual reviews of our CCTV surveillance network and usage;
12.1.4 liaising with regulators; and
12.1.5 providing training to our employees.
12.2 Should you wish to raise any questions, concerns or reportable conduct, please contact our Information Officer at โ ย yamahaonline@yamaha.co.za
13. CONSEQUENCES OF NONโCOMPLIANCE
13.1 Any contravention(s) of this Policy may result in disciplinary action being instituted against an employee, which action may include dismissal or termination of employment and any other legal action that may be available to us.
13.2 We also reserve the right to exercise any appropriate form of legal action against any party which may cause us harm and/or damages by way of nonโcompliance with this Policy. Parties also risk statutory penalties.
14. ACCOUNTABILITY
14.1 The authorisation for the collection, location and access to the CCTV surveillance footage we record lies with us. As such, the Personal Information may be accessed through our systems and only with our express prior written consent. Moreover, such access will only be granted to preโvetted, third party companies such as a security services provider in line with the purpose of maintaining security on our premises.
14.2 Any unlawful disclosure of Personal Information, or data breach, will be reported to the Information Regulator, together with all details relating to the breach as required by POPIA.
15. OPENNESS
15.1 The CCTV surveillance network will be installed in such a manner that all surveillance cameras are and will be clearly visible and identifiable to Data Subjects. Our CCTV cameras will not be placed in locations where they will be able to record activity in any area considered to be private, for example bathrooms. All captions inserted onto the collected Data, such as camera location, time and date, are securely maintained and stored and are incapable of being tampered with.
15.2 Notices will be affixed in prominent areas around our premises to inform Data Subjects as to our use of CCTV cameras.
16. RELATIONSHIP TO EXISTING POLICIES
This Policy should be used in conjunction with other relevant Tuning Fork policies which include, but are not limited to โ
16.1 Data Privacy and Protection Policy;
16.2 Personal Information Sharing Policy; and
16.3 Information Security Policy.
17. POLICY REVISION
This Policy is subject to review and amendment without prior notice. However, we undertake to ensure that any amendments hereto are communicated clearly and effectively, for the benefit of our employees and any other persons whom may be affected by this Policy.
18. VERSION CONTROL
Last updated Mayย 2021.
ANNEXURE โ INTERPRETATION
1. INTERPRETATION
For the purposes of this Policy, the following definitions apply โ
1.1 "Consent" means an informed, unconditional, specific and voluntary expression of will in terms of which permission is given for the processing of Personal Information.
1.2 "Data Subject" means the natural or juristic person to whom Personal information relates.
1.3 "Employee" means any such person as defined in the Labour Relations Act 66 of 1995, under the employ of Tuning Fork, and any other such person who may conduct work for or on behalf of Tuning Fork on a once off or ongoing basis, as the case may be.
1.4 "Information Officer" means the person/s designated by ourselves to direct compliance with POPIA within our company.
1.5 "Operator" means any person who Processes Personal information for or on behalf of ourselves in terms of a contract or mandate concluded between ourselves and such person.
1.6 "Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, and includes the meaning given to it in the POPIA.
1.7 "Responsible Party" means any public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.