Privacy Policy

Organisation : Ruzel Van Jaarsveld t/a Van Jaarsveld Consulting

 

Scope of Policy : This policy applies to the business of Van Jaarsveld Consulting wherever it is conducted but based at the registered office. It applies to paid staff, contractors, stakeholders  and third-party associations. This Privacy Policy is an external document, and its aim is to  inform outside parties how  the company’s information will be processed.

 

Policy operational date : 05 January 2026

Policy prepared by : Ruzel van Jaarsveld

Date approved by Information Officer : 05 January 2026

Next policy review date : 05 January 2027

​

INTRODUCTION

 

Purpose of policy : The purpose of this policy is to enable Van Jaarsveld

​

Consulting to :

*    comply with the law in respect of the data it holds about individuals;

*    follow good practice;

*    protect Van Jaarsveld Consulting’s staff and other individuals

*    protect the organisation from the consequences of a breach of its           responsibilities.

​

Personal information : This policy applies to information relating to identifiable individuals, in terms of the Protection of Personal  Information  Act, 2013  (hereinafter  POPI Act).

 

Policy statement : Van Jaarsveld Consulting will:

*    comply with both the law and good practice

*    respect individuals’ rights

*    be open and honest with  individuals  whose data is held

*    provide training and support for staff who handle personal data, so that   they can act confidently and consistently

​

Van Jaarsveld Consulting recognises that its first priority under the POPI Act is to avoid causing harm to individuals. In the main this means:

*    keeping information securely in the right hands, and

*    retention of good quality information. Secondly, the Act aims  to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to  being open and transparent, Van Jaarsveld Consulting will  seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.

 

Key risks : Van Jaarsveld Consulting has identified the following potential key risks, which this policy is designed to address:

*    Breach of confidentiality (information being given out inappropriately)

*    Insufficient clarity about the range of uses to which data will be put —    leading to Data Subjects being insufficiently informed

*    Failure to offer choice about data use when appropriate

*    Breach of security by allowing unauthorised access

*    Harm to individuals if personal data is not up to date

*    Data  Operator contracts

 

INFORMATION OFFICE  RESPONSIBILITIES

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI  Act, Condition 1, and Chapter 5, Part B.

 

Information Officer Responsibilities : The Information Officer has the following responsibilities:

*   Developing, publishing and maintaining a POPI Policy which addresses all relevant provisions of the POPI Act, including but not limited to the following:

o    Reviewing the POPI Act and periodic updates as published

o    Ensuring that POPI Act induction training takes place for all staff

o    Ensuring that periodic communication awareness on POPI Act responsibilities takes place

o    Ensuring that Privacy Notices for internal and external purposes are developed and published

o    Handling data subject access requests

o    Approving unusual or controversial disclosures of personal data

o    Approving contracts with Data Operators

o    Ensuring that appropriate policies and controls are in place for ensuring the Information Quality of personal information

o    Ensuring that appropriate Security Safeguards in line with the POPI Act for personal information are in place

o    Handling all aspects of relationship with the Regulator as foreseen in the POPI Act

o    Provide direction to any Deputy Information Officer if and when appointed

 

Appointment : The appointment of the Van Jaarsveld Consulting Information Officer will be authorised by the Designated Head.

Consideration will be given an annual basis of the re- appointment or replacement of the Information Officer; the need for any  Deputy to  assist the Information Officer.

 

PROCESSING LIMITATIONS

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 2.

 

Processing Limitation : Van Jaarsveld  Consulting undertakes to comply with  the POPI  Act, Conditions 2 in terms of processing limitation, sections 9 to 12, subject to the following stipulation (Forms of Consent).

 

Forms of consent : Van Jaarsveld Consulting undertakes to gain written consent where appropriate; alternatively a record must be kept of electronic consent.

 

Nature of Personal Information : Van Jaarsveld Consulting has used the POPI- Personal Information Diagnostic tool to identify all instances of personal information in the organisation.

 

PURPOSE SPECIFICATION

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 3.

 

Purpose specification : Van Jaarsveld Consulting undertakes to comply with  the POPI Act, Conditions 2 in terms of processing limitation, sections 13 and 14, subject to the following stipulation (Retention periods).

 

Retention periods : Van Jaarsveld Consulting will establish retention periods for at least the following categories of data:

*        Directors

*        Staff

*        Customers

*        Suppliers

Detailed coverage of the relevant retention periods has  been documented in the Personal Information Diagnostic tool.

 

FURTHER PROCESSING LIMITATIONS

 

Scope : The scope  of this  aspect of the policy is defined by the provisions of the POPI Act, Condition 4.

 

Further processing limitation : Van Jaarsveld  Consulting undertakes to comply with the POPI Act, Conditions 2 in terms of processing limitation, section 15.

 

INFORMATION QUALITY

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 5.

 

Van Jaarsveld Consulting will comply with all of the aspects of Condition 5, section 16.

 

Accuracy : Van Jaarsveld Consulting will regularly review its procedures for ensuring that  its records remain accurate and consistent and, in particular:

*    ICT systems will be designed, where possible, to encourage and facilitate  the entry  of accurate data.

*    Data on any individual will be held in as few places as necessary, and all staff will be discouraged from establishing unnecessary additional data sets.

*    Effective procedures will be in place so that all relevant systems are updated when information about any individual changes.

*     Staff who keep more detailed information about individuals will be given  additional guidance on accuracy in record keeping.

 

Updating : Van Jaarsveld Consulting will review all  personal information on an annual basis in November of each year.

​

Archiving : Archived electronic records of Van Jaarsveld Consulting are stored securely off site in Avalon Technologies servers.

​

OPENNESS

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 6.

 

Openness : In line with Conditions 6 and 8 of the Act, Van Jaarsveld Consulting is committed to ensuring that in principle Data Subjects are aware that their data is being processed and

*     for what purpose it is being processed;

*     what types of disclosure are likely; and

*     how to  exercise their rights in relation to the data.

 

Procedure : Data Subjects will generally be informed in the following ways:

*    Staff: through this policy

*    Customers and other interested parties: through the Van Jaarsveld  Consulting Privacy Notice

*    Whenever data is collected, the number of mandatory fields will be kept to a minimum and Data Subjects will be informed which fields are mandatory and why.

 

SECURITY SAFEGUARDS

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 7, section 19 to 22.

 

This section of the policy only addresses security issues relating to personal information. It does not cover security of the building, business continuity or any other aspect of security.

 

Specific risks : Van Jaarsveld Consulting has identified the following risks:

*     Staff with access to personal information could misuse it.

*     Staff may be tricked into giving away information, either about customers / member or colleagues, especially over the phone, through “social engineering”.

 

Setting security levels : Access to information on the main Van Jaarsveld Consulting computer system will be controlled by function.

Van Jaarsveld Consulting has used the POPI- Personal Information Diagnostic tool to identify security levels required for each record held which contains Personal Information.

 

Security measures : Van Jaarsveld Consulting will ensure that all necessary controls are in place in terms of access to personal information. Physical barriers to the office are present in the form of an alarm, Trellidoor, and also cybersecurity is enhanced by an antivirus, strong passwords that are frequently reviewed, lock screens, and the company has a server on site and all data is backed up in the cloud.

​

Business continuity : Van Jaarsveld Consulting will ensure that  adequate steps are taken to provide business continuity in the event of an emergency.

 

Related policy : Please see the Van Jaarsveld Consulting Information Security Policy for further guidance.

 

DATA SUBJECT PARTICIPATION

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 8, sections 23 to 25.

 

Responsibility : Any subject access requests will be handled by the POPI Act

Information Officer in terms of Condition 8.

 

Procedure for making request : Subject access requests must be in writing. All staff are required to pass on anything which might be a subject access request to the POPI Act Information Officer without delay.

 

Requests for access to personal information will be handled in compliance with the POPI Act and in compliance with the Promotion of Access to Information Act (PAIA).

 

Provision for verifying identity : Where the individual making a subject   access request is not personally known to the POPI Act Information Officer their identity will be verified before handing over any information.

 

PROCESSING OF SPECIAL PERSONAL INFORMATION

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Part  B, sections 26 to 33.

 

Processing of Special Personal Information : Van Jaarsveld Consulting has the  policy of adhering to the process of Special Personal Information which relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject.

 

Special personal information includes criminal behaviour relating to alleged offences or proceedings dealing with alleged offences.

 

Unless a general authorisation, alternatively a specific authorisation relating to the different types of special personal information applies, a responsible party is prohibited from processing special personal information.

 

PROCESSING OF PERSONAL INFORMATION OF CHILDREN

 

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Part C, sections 34 and 35.

 

Processing of Personal Information of Children : Van Jaarsveld Consulting has  the policy of adhering to the process of Special Personal Information of children. This applies to under-18 individuals, so an age check is required for   all personal information records.

 

General authorisation concerning personal information of children only applies where under-18 are involved.

 

Van Jaarsveld Consulting has used the POPI- Personal Information Diagnostic tool to identify any records held which contain Personal Information of children.

 

PRIOR AUTHORISATION

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Chapter 6.

 

Prior Authorisation : Van Jaarsveld Consulting has the policy of adhering to the process of Prior Authorisation in terms of sections 57 to 59.

 

DIRECT MARKETING,  DIRECTORIES  AND AUTOMATED DECISION MAKING

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Chapter 8.

 

Direct Marketing, Directories and Automated Decision Making : Van Jaarsveld Consulting undertakes to comply with the POPI Act Chapter 8, sections 69 to 71.

 

Opting in & Opting out : Whenever data is first collected which might be used for any marketing purpose, this purpose will be made clear, and the Data Subject will be given a clear opportunity to opt in and to opt out.

 

Sharing lists : Van Jaarsveld Consulting has the policy of sharing lists (or carrying out  joint or reciprocal mailings) only on an occasional and tightly-controlled basis. Details will only be used for any of these purposes where the Data  Subject has been informed of this possibility, along with an option to opt  out, and has not exercised this option.

 

Van Jaarsveld Consulting undertakes to obtain external lists only where it can be guaranteed that the list is up to date and those on the list have been given an opportunity to opt out.

 

Electronic contact : Whenever e-mail addresses are collected, any future use for marketing will be identified, and the provision of the address made optional.

 

TRANS-BORDER INFORMATION FLOWS

​

Scope : The scope of this aspect of the policy is defined by the provisions of the POPI Act, Chapter 9.

 

Trans border information flows : Van Jaarsveld Consulting will ensure that the POPI Act Chapter 9, section 72 is fully complied with. Van Jaarsveld Consulting has used the POPI- Personal Information Diagnostic tool to identify Trans border flows which contain Personal Information.

 

Compliance with section 72 will be achieved through the use of  the necessary contractual commitments from the relevant third parties.

 

STAFF TRAINING & ACCEPTANCE OF RESPONSIBILITIES

​

Scope : The scope of this aspect of the policy is written in support of the provisions of the POPI Act, Chapter 5, Part B.

 

Documentation : Information for staff is contained in this policy document and other materials made available by the Information Officer.

 

Induction : The Van Jaarsveld Consulting Information Officer will ensure that all staff who have access to any kind of personal information will have their responsibilities outlined during their induction procedures.

 

Continuing training : Van Jaarsveld Consulting will provide opportunities for staff to explore POPI Act issues through training, team meetings, and supervisions.

 

Procedure for staff signifying acceptance of policy : Van Jaarsveld Consulting will ensure that all staff sign acceptance of this policy once they have had a chance to understand the policy and their responsibilities in terms of the policy and the POPI Act.

 

POLICY REVIEW

 

Responsibility : The Van Jaarsveld Consulting Information Officer is responsible for an annual review to be completed prior to the policy anniversary date.

 

Procedure : The Van Jaarsveld Consulting Information Officer will ensure relevant stakeholders are consulted as part of the annual review to be completed prior to the policy anniversary date.