Last updated July 2021
Phoenix Education Engineers
Reg. No. 2019/055707/07
Head Office: 42 West street, Florida, Roodepoort, 1709
Telephone number: +27836515880/ firstname.lastname@example.org
A: PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT OF 2013
PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 PHOENIX EDUCATION ENGINEERS POPI POLICY 2017 INTRODUCTION
- PHOENIX EDUCATION ENGINEERS is a company functioning within the digital technology solutions that is obligated to comply with The Protection of Personal Information Act 4 of POPI requires PHOENIX EDUCATION ENGINEERS to inform their clients and candidates as to the manner in which their personal information is used, disclosed and destroyed. PHOENIX EDUCATION ENGINEERS is commited to protecting its client’s and candidates’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. The Policy sets out the manner in which PHOENIX EDUCATION ENGINEERS deals with their client’s and candidates personal information as well as stipulates the purpose for which said information is used. The Policy is made available by request from PHOENIX EDUCATION ENGINEERS head office.
PERSONAL INFORMATION COLLECTED
2. Section 9 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not”
3. PHOENIX EDUCATION ENGINEERS collects and processes personal information pertaining to the person’s needs. The type of information will depend on the need for which it is collected and will be processed for that purpose. Whenever possible, PHOENIX EDUCATION ENGINEERS will inform the candidate as to the information required and the information deemed optional. Examples of personal information we collect include, but is not limited to:
- The person’s Identity number, name, surname, address, postal code, marital status, and number of dependants;
- Description of the person’s residence and business.
4. Any other information required by PHOENIX EDUCATION ENGINEERS or suppliers in order to provide clients with an accurate analysis of the candidate suitability for any specific role.
5. PHOENIX EDUCATION ENGINEERS aims to have agreements in place with all product suppliers and third-party service providers to ensure a mutual understanding with regard to the protection of the client’s personal information. PHOENIX EDUCATION ENGINEERS suppliers will be subject to the same regulations as applicable to PHOENIX EDUCATION ENGINEERS. With the candidate’s consent PHOENIX EDUCATION ENGINEERS may also supplement the information provided with information PHOENIX EDUCATION ENGINEERS receives from other providers in order to offer a more consistent and personalized experience in the candidate’s interaction with PHOENIX EDUCATION ENGINEERS. For purposes of this Policy, clients and candidates include potential and existing clients.
THE USAGE OF PERSONAL INFORMATION
6. The person’s personal information will only be used for the purpose for which it was collected.
7. This may include:
- Providing products or services to clients and to carry out the transactions requested;
- Confirming, verifying and updating client or candidate details;
- Conducting market or customer satisfaction research;
- For audit and record keeping purposes;
- In connection with legal proceedings;
- Providing PHOENIX EDUCATION ENGINEERS services to clients, to render the services requested and to maintain and constantly improve the relationship;
- In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
8. According to section 10 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for PHOENIX EDUCATION ENGINEERS processing of Personal Information:
- The person consents to the processing: – consent is obtained from candidate during the introductory, appointment and needs analysis stage of the relationship;
- The necessity of processing: in order to conduct an accurate analysis of the person’s needs for purposes of the service required.
- Processing complies with an obligation imposed by law on PHOENIX EDUCATION ENGINEERS;
- Processing protects a legitimate interest of the candidate — it is in the candidate’s best interest to have a full and proper needs analysis performed in order to provide them with an applicable and beneficial product or service.
- Processing is necessary for pursuing the legitimate interests of PHOENIX EDUCATION ENGINEERS or of a third party to whom information is supplied — in order to provide PHOENIX EDUCATION ENGINEERS clients and candidates with products and or services both PHOENIX EDUCATION ENGINEERS and any of our product suppliers require certain personal information from the clients and candidates in order to make an expert decision on the unique and specific product and or service.
DISCLOSURE OF PERSONAL INFORMATION
9. PHOENIX EDUCATION ENGINEERS may disclose a candidate’s personal information to any of the PHOENIX EDUCATION ENGINEERS subsidiaries, joint venture companies and or approved product supplier or third party service providers whose services or products clients require use PHOENIX EDUCATION ENGINEERS has agreements in place to ensure compliance with confidentiality and privacy conditions.
10. PHOENIX EDUCATION ENGINEERS may also share candidate personal information with, and obtain information about candidates from third parties for the reasons already discussed.
11. PHOENIX EDUCATION ENGINEERS may also disclose a candidate’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect PHOENIX EDUCATION ENGINEERS rights.
SAFEGUARDING CLIENT INFORMATION
12. It is a requirement of POPI to adequately protect personal information and PHOENIX EDUCATION ENGINEERS will continuously review its security controls and processes to ensure that personal information is:
- PHOENIX EDUCATION ENGINEERS INFORMATION OFFICER is Francois Naude whose details are available and is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions,
- Each new employee will be required to sign an EMPLOYMENT CONTRACT containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
- Every employee currently employed within PHOENIX EDUCATION ENGINEERS will be required to sign an addendum to their EMPLOYMENT CONTRACTS containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
- PHOENIX EDUCATION ENGINEERS archived client and candidate information is stored off site at Afrihost which is also governed by POPI, access to retrieve information is limited to authorized personal.
- PHOENIX EDUCATION ENGINEERS product suppliers, insurers and other third party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information; this is however an ongoing process that will be evaluated as needed.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
13. Clients and Candidates have the right to access the personal information PHOENIX EDUCATION ENGINEERS holds about Clients also have the right to ask PHOENIX EDUCATION ENGINEERS to update, correct or delete their personal information on reasonable grounds. Once a client or candidate objects to the processing of their personal information, PHOENIX EDUCATION ENGINEERS may no longer process said personal information. PHOENIX EDUCATION ENGINEERS will take all reasonable steps to confirm its clients’ identity before providing details of their personal information or making changes to their personal information.
14. The details of PHOENIX EDUCATION ENGINEERS Information Officer and Head Office are as follows:
Dr Francois Naude: email@example.com
AMENDMENTS TO THIS POLICY
15. Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once clients are advised to access PHOENIX EDUCATION ENGINEERS’ website periodically to keep abreast of any changes. Where material changes take place, clients and candidate’s will be notified directly or changes will be stipulated on the PHOENIX EDUCATION ENGINEERS website.
B: POLICY ON THE RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS
16. To exercise effective control over the retention of documents and electronic transactions:
- as prescribed by legislation; and as dictated by business practice.
- Documents need to be retained in order to prove the existence of facts and to exercise the rights of the Company.
- Documents are also necessary for defending legal action, for establishing what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
18. To ensure that the Company’s interests are protected and that the Company’s and candidates’ rights to privacy and confidentiality are not breached.
- Queries may be referred to the Information Officer.
SCOPE & DEFINITIONS
19. All documents and electronic transactions generated within and/or received by the company.
- Clients and Candidates includes, but are not limited to, shareholders, debtors, creditors as well as the affected personnel and/or departments related to a service division of the Company.
- Confidential Information refers to all information or data disclosed to or obtained by the Company by any means.
- Constitution: Constitution of the Republic of South Africa.
- Data refers to electronic representations of information in any modality.
- Documents include books, records, accounts and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro- mechanically or optically, or in any other.
- ECTA: Electronic Communications and Transactions Act.
- Electronic communication refers to a communication by means of data messages.
- Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
- Electronic transactions include e-mails sent and received.
- PAIA: Promotion of Access to Information Act.
ACCESS TO DOCUMENTS
20. All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances (also see clause 20 b) below):
- where disclosure is under compulsion of law;
- where there is a duty to the public to disclose;
- where the interests of the Company require disclosure; and
- where disclosure is made with the express or implied consent of the client.
DISCLOSURE TO 3RD PARTIES
21. All employees have a duty of confidentiality in relation to the Company, clients and employees.
- Information on clients: Our clients’ right to confidentiality is protected in the Constitution and in terms of Information may be given to a 3rd party if the client or candidate has consented in writing to that person receiving the information.
- Requests for company information:
- These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural and juristic) that is required for the exercise or protection of Private bodies, like the Company, must however refuse access to records if disclosure would constitute an action for breach of the duty of secrecy owed to a third party.
- In terms hereof, requests must be made in writing on the prescribed form to the Company Secretary, who is also the Information Officer in terms of PAIA. The requesting party has to state the reason for wanting the information and has to pay a prescribed fee.
- Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial action.
- The affairs of the Company must be kept strictly confidential at all times.
- The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
STORAGE OF DOCUMENTS
22. Hard Copies
- Documents are stored in lockable storage at PHOENIX EDUCATION ENGINEERS’S office.
23. The Basic Conditions of Employment Act requires a retention period of 3 years for the documents mentioned below:
- Section 29(4):
- Written particulars of an employee after termination of employment;
- Section 31:
- Employee’s name and occupation;
- Time worked by each employee;
- Remuneration paid to each employee;
- Date of birth of any employee under the age of
- Section 26 and the General Administrative Regulations, 2009, Regulation 3(2) requires a retention period of 3 years for the documents mentioned below:
- Records in respect of the company’s workforce, employment equity plan and other records relevant to compliance with the Act;
4. The Unemployment Insurance Act, applies to all employees and employers except:
- Workers working less than 24 hours per month;
- Public servants;
- Foreigners working on a contract basis;
- Workers who get a monthly State (old age) pension;
- Workers who only earn
5. Section 56(2)(c) requires a retention period of 5 years, from the date of submission, for the documents mentioned below:
- Employers must retain personal records of each of their current employees in terms of their names, identification number, monthly remuneration and address where the employee is
6. 1.12 Tax Administration Act, No 28 of2011:
- Section 29 of the Tax Administration Act, states that records of documents must be retained to:
- Enable a person to observe the requirements of the Act;
- Are specifically required under a Tax Act by the Commissioner by the public notice;
- Will enable SARS to be satisfied that the person has observed these
- Section 29(3)(a) requires a retention period of 5 years, from the date of submission for taxpayers that have submitted a return and an indefinite retention period, until the return is submitted, then a 5-year period applies for taxpayers who were meant to submit a return.
- Section 29(3)(b) requires a retention period of 5 years from the end of the relevant tax period for taxpayers who were not required to submit a return, but had capital gains/losses or engaged in any other activity that is subject to tax or would be subject to tax but for the application of a threshold or
- Section 32(a) and (b) require a retention period of 5 years but records must be retained until the audit is concluded or the assessment or decision becomes final, for documents indicating that a person has been notified or is aware that the records are subject to an audit or investigation and the person who has lodged an objection or appeal against an assessment or decision under the TAA.
- Income Tax Act, No 58 of 1962:
- Schedule 4, paragraph 14(1)(a) -(d) of the Income Tax Act requires a retention period of 5 years from the date of submission for documents pertaining to each employee that the employer shall keep:
- Amount of remuneration paid or due by him to the employee;
- The amount of employees’ tax deducted or withheld from the remuneration paid or due;
- The income tax reference number of that employee;
- Any further prescribed information;
- Employer Reconciliation
- Schedule 6, paragraph 14(a)-(d) requires a retention period of 5 years from the date of submission or 5 years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to:
- Amounts received by that registered micro business during a year of assessment;
- Dividends declared by that registered micro business during a year of assessment;
- Each asset as at the end of a year of assessment with cost price of more than R 10 000;
- Each liability as at the end of a year of assessment that exceeded R
8. Value Added Tax Act, No 89 of 1991:
- Section 15(9), 16(2) and 55(1)(a) of the Value Added Tax Act and Interpretation Note 31, 30 March requires a retention period of 5 years from the date of submission of the return for the documents mentioned below:
- Where a vendor’s basis of accounting is changed the vendor shall prepare lists of debtors and creditors showing the amounts owing to the creditors at the end of the tax period immediately preceding the changeover period;
- Importation of goods, bill of entry, other documents prescribed by the Custom and Excise Act and proof that the VAT charge has been paid to SARS;
- Vendors are obliged to retain records of all goods and services, rate of tax applicable to the supply, list of suppliers or agents, invoices and tax invoices, credit and debit notes, bank statements, deposit slips, stock lists and paid cheques;
- Documentary proof substantiating the zero rating of supplies;
- Where a tax invoice, credit or debit note, has been issued in relation to a supply by an agent or a bill of entry as described in the Customs and Excise Act, the agent shall maintain sufficient records to enable the name, address and VAT registration number of the principal to be ascertained.
24. The internal procedure requires that electronic storage of information: important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval. This will be done in conjunction with the departments concerned.
25. Scanned documents: If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 year after the date of scanning, with the exception of documents pertaining to any document containing information on the written particulars of an employee, including: employee’s name and occupation, time worked by each employee, remuneration and date of birth of an employee under the age of 18 years; must be retained for a period of 3 years after termination of employment.
26. Section 51 of the Electronic Communications Act No 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is. It is also required that all personal information which has become obsolete must be destroyed.
DESTRUCTION OF DOCUMENTS
27. Documents may be destroyed after the termination of the retention periods listed. Registration will request departments to attend to the destruction of their documents and these requests shall be attended to as soon as possible.
28. Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by the Company pending such return.
29. After completion of the process in 28 above, the Managing Director shall, in writing, authorise the removal and destruction of the documents in the authorisation. These records will be retained by Registration.
30. The documents are then made available for collection by the removers of the Company’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
31. Documents may also be stored off-site, in storage facilities approved by the Company.