CRS Technologies
POPIA Compliance Notice
The Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act, 2000, as amended (PAIA) came into effect on 1 July 2021.
Under POPIA, you have the right to be notified about your personal information which is held by CRS Technologies and the purpose for which it is held. This legislation is designed to protect how your data is used, stored and processed and, more importantly, to secure the integrity and confidentiality of your personal information and to prevent unlawful access to it.
While POPIA protects your personal information, the PAIA promotes access to that information. A PAIA manual, which describes which records are being held and how these records can be accessed, is available on our website, www.crs.co.za.
What is CRS DOING IN ORDER TO ENSURE COMPLIANCE WITH POPIA?
POPIA provides for eight lawful processing conditions which must be complied with when processing personal information:
- Accountability: The responsible party must implement measures to ensure compliance with the lawful processing conditions.
- Processing Limitation: The purpose of the processing of personal information must be justifiable and must take place in a lawful, reasonable and non-excessive manner.
- Purpose Specification: Personal information must be collected and processed for a specific and defined purpose.
- Further Processing Limitation: Personal information may not be processed for a further purpose where such purpose is not compatible with the original purpose of the collection, or where so authorised by the information regulator.
- Information Quality: The responsible party must ensure the personal information being processed is complete, accurate, not misleading and updated where necessary.
- Openness: The responsible party must notify the data subject of its processing activities.
- Security Safeguards: The responsible party must implement security safeguards to ensure the integrity and confidentiality of the personal information is protected.
- Data Subject Participation: Data subjects have certain rights in terms of their personal information held by a responsible party, which includes requesting access thereto and the correction or deletion thereof.
All of the above have been addressed by various policies, procedures, the POPIA/PAIA manual and operator agreements available on our website.
In terms of POPIA (Section 15) you have the right to:
- Have your personal information processed in accordance with the conditions of POPIA.
- Be notified when personal information about you is being collected.
- Be notified if personal information has been acquired by an unauthorised person.
- Ask what personal information of yours is held by the company.
- Request the correction, destruction or deletion of personal information (note personal information can only be deleted if it is not required for its operational needs).
- Object on reasonable grounds to the processing of personal information.
- Submit a complaint to the information regulator regarding personal information that has been handled incorrectly.
- Institute civil proceedings regarding interference with your personal information.
Should you require any further information in this regard, please feel free to contact our information officer, Nicol Myburgh at nicolm@crs.co.za.
Disclaimer
Any client who has not yet signed the operator agreement is free to terminate any and all commercial agreements. However, if the operator agreement is not signed and both parties wish to proceed with current commercial arrangements it will be assumed that both parties agree to the terms contained therein.