Employees and other persons acting on behalf of CapeSoft Eco Time will, during the course of the performance of their services, gain access to and become acquainted with the personal information of certain clients, suppliers and other employees.
Employees and other persons acting on behalf of CapeSoft Eco Time are required to treat personal information as a confidential business asset and to respect the privacy of 3rd Parties.
Employees and other persons acting on behalf of CapeSoft Eco Time may not directly or indirectly, utilise, disclose or make public in any manner to any person or third party, either within CapeSoft Eco Time or externally, any personal information, unless such information is already publicly known or the disclosure is necessary in order for the employee or person to perform his or her duties.
Employees and other persons acting on behalf of CapeSoft Eco Time must request assistance from their line manager or the Information Officer if they are unsure about any aspect related to the protection of a 3rd Party's personal information.
Employees and other persons acting on behalf of CapeSoft Eco Time will only process personal information where:
The 3rd party, or a competent person where the 3rd party is a child, consents to the processing
The processing is necessary to carry out actions for the conclusion or performance of a contract to which the 3rd party is a party
The processing complies with an obligation imposed by law on the responsible party
The processing protects a legitimate interest of the 3rd party
The processing is necessary for pursuing the legitimate interests of CapeSoft Eco Time or of a third party to whom the information is supplied
Furthermore, personal information will only be processed where the 3rd party:
Clearly understands why and for what purpose his, her or its personal information is being collected; and
Has granted CapeSoft Eco Time with explicit written or verbally recorded consent to process his, her or its personal information.
Employees and other persons acting on behalf of CapeSoft Eco Time will consequently, prior to processing any personal information, obtain a specific and informed expression of will from the 3rd party, in terms of which permission is given for the processing of personal information. Informed consent is therefore when the 3rd party clearly understands for what purpose his, her or its personal information is needed and with who it will be shared. with. Consent can be obtained in written form which includes any appropriate electronic medium that is accurately and readily reducible to printed form. Alternatively, CapeSoft Eco Time will keep a voice recording of the 3rd party's consent in instances where transactions are concluded telephonically or via electronic video feed.
Consent to process a 3rd party's personal information will be obtained directly from the 3rd party, except where:
The personal information has been made public
Where valid consent has been given to a third party
The information is necessary for effective law enforcement
Employees and other persons acting on behalf of the CapeSoft Eco Time will under no circumstances:
Process or have access to personal information where such processing or access is not a requirement to perform their respective work-related tasks or duties.
Save copies of personal information directly to their own private computers, laptops or other mobile devices like tablets or smart phones. All personal information must be accessed and updated from the CapeSoft Eco Time central database or a dedicated server.
Share personal information informally. In particular, personal information should never be sent by email, as this form of communication is not secure. Where access to personal information is required, this may be requested from the relevant line manager or the Information Officer.
Transfer personal information outside of South Africa without the express permission from the Information Officer.
Employees and other persons acting on behalf of CapeSoft Eco Time are responsible for:
Keeping all personal information that they come into contact with secure, by taking sensible precautions and following the guidelines outlined within this policy.
Ensuring that personal information is held in as few places as is necessary. No unnecessary additional records, filing systems and data sets should therefore be created.
Ensuring that personal information is encrypted prior to sending or sharing the information electronically. The IT Manager will assist employees and where required, other persons acting on behalf of CapeSoft Eco Time, with the sending or sharing of personal information to or with authorised external persons.
Ensuring that all computers, laptops and devices such as tablets, flash drives and smartphones that store personal information are password protected and never left unattended. Passwords may not be shared with unauthorised persons.
Ensuring that their computer screens and other devices are switched off or locked when not in use or when away from their desks.
Ensuring that where personal information is stored on removable storage medias such as external drives, CDs or DVDs that these are kept locked away securely when not being used.
Ensuring that where personal information is stored on paper, that such hard copy records are kept in a secure place where unauthorised people cannot access it. For instance, in a locked drawer of a filing cabinet.
Ensuring that where personal information has been printed out, that the paper printouts are not left unattended where unauthorised individuals could see or copy them. For instance, close to the printer.
Taking reasonable steps to ensure that personal information is kept accurate and up to date. For instance, confirming a 3rd party's contact details when the client or customer phones or communicates via email. Where a 3rd party's information is found to be out of date, authorisation must first be obtained from the relevant line manager or the Information Officer to update the information accordingly.
Taking reasonable steps to ensure that personal information is stored only for as long as it is needed or required in terms of the purpose for which it was originally collected. Where personal information is no longer required, authorisation must first be obtained from the relevant line manager or the Information Officer to delete or dispose of the personal information in the appropriate manner.
Undergoing POPI Awareness training from time to time.
Employees and other persons acting on behalf of CapeSoft Eco Time will, during the course of the performance of their services, gain access to and become acquainted with the personal information of certain clients, suppliers and other employees.
Employees and other persons acting on behalf of CapeSoft Eco Time are required to treat personal information as a confidential business asset and to respect the privacy of 3rd Parties.
Employees and other persons acting on behalf of CapeSoft Eco Time may not directly or indirectly, utilise, disclose or make public in any manner to any person or third party, either within CapeSoft Eco Time or externally, any personal information, unless such information is already publicly known or the disclosure is necessary in order for the employee or person to perform his or her duties.
Employees and other persons acting on behalf of CapeSoft Eco Time must request assistance from their line manager or the Information Officer if they are unsure about any aspect related to the protection of a 3rd Party's personal information.
Employees and other persons acting on behalf of CapeSoft Eco Time will consequently, prior to processing any personal information, obtain a specific and informed expression of will from the 3rd party, in terms of which permission is given for the processing of personal information. Informed consent is therefore when the 3rd party clearly understands for what purpose his, her or its personal information is needed and with who it will be shared. with. Consent can be obtained in written form which includes any appropriate electronic medium that is accurately and readily reducible to printed form. Alternatively, CapeSoft Eco Time will keep a voice recording of the 3rd party's consent in instances where transactions are concluded telephonically or via electronic video feed.