Sidewalk Speicals NPC POPIA Compliance Policy
Condition 1: Accountability
This condition defines the assigning of responsibility by organisations for overseeing compliance with the Act.
- Responsibility for compliance to the Act lies with the appointed information officer. This responsibility, unless otherwise defined, lies with the CEO.
- In some cases, a deputy information officer will be appointed if required.
- Systems used for monitoring compliance are configured to notify the appropriate information officer of any non-compliance events for investigation.
Condition 2: Limitation on Processing
This condition requires that personal information may only be processed in a fair and lawful manner.
- In accordance with the Act, Sidewalk Specials NPC does not process information for any other purposes other than the commercial engagement contracted, the continued servicing of the donor and/or adopter and the legislative and regulatory requirements.
Condition 3: Purpose Specification
The condition defines the scope within which personal information may be processed by an organisation.
- Sidewalk Specials NPC will collect and process personal information as necessary for the fulfilment of our contractual obligations to donors and/or adopters in line with legislative and regulatory requirements.
- Sidewalk Specials NPC provides a variety of disclosures to the donor and/or adopter, as to:
- The information collected
- The purpose of its collection
- The processing that will be carried out on it
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Condition 4: Further Processing Limitation
Once consent has been given for the processing of personal information for specific, legitimate and explicitly defined purposes, any further use or processing must be compatible with the initial purpose.
- Sidewalk Specials NPC only processes information in so far as is required to complete and record the adoption process as per the applicable laws, and/or associated regulations of South Africa
- Limited processing of donor and/or adopter information is conducted for continued servicing of the donor and/or adopter.
Condition 5: Information Quality
Suggested Clause 16 of the Act sets out, in general terms, the responsibility of organisations to ensure and maintain the quality of the personal information that they process.
- Sidewalk Specials NPC’ core service offering is dependent on the maintenance of the quality of information throughout a donor and/or adopter engagement.
- The processes governing collection, processing and evaluation of information are audit trailed to ensure that integrity and quality of information are maintained.
Condition 6: Openness
This condition speaks to an organisation’s duty to process information in a fair and transparent manner.
- When collecting information from Data Subjects, they must be informed of the following:
- Where information is collected, the purpose thereof, who the responsible person is, the consequences of refusal to give such information and the provisions on the processing of the information.
- During contracting and donor and/or adopter information sessions, all data collection and processing activities are shared with the donor and/or adopter.
It is made clear through those processes which information would be collected and the manner of collection.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Condition 7: Security Safeguards
All personal information should be kept secure against the risk of loss, unauthorised access, interference, modification, destruction or disclosure
- Sidewalk Specials NPC employs a multitude of measures, in line with established best practice. Including but not limited to:
- Sidewalk Specials NPC staff are identified with unique credentials for accessing our internal systems
- Sidewalk Specials NPC staff with privileged access to confidential information are monitored with activity and data loss prevention software, to secure against insider threats.
- All activity, so far as possible within the scope of each system, is audit trailed against the unique credentials.
- Active and passive security measures to monitor and mitigate against external threats to Sidewalk Specials NPC systems and data.
- Data at rest and in internal transfer are protected with end-to-end encryption.
- Sidewalk Specials NPC recommends donors and/or adopters submit sensitive data via Google Drive or SharePoint folders, in order to avoid the security weaknesses inherent in email communications and other digital sharing platforms.
- Sidewalk Specials NPC systems infrastructure is independently reviewed on a regular basis, including schedule-based checks, as well as event-based triggers. For example:
- Employee take-on and maintenance
- Equipment decommissioning
- Server provider changes
- Data monitoring events or security alerts
Annual configuration review
Condition 8: Data Subject Participation
Individuals whose personal information is processed have the right to access and/or request the correction or deletion of any personal information held about them that may be inaccurate, misleading or outdated.
- Donors and/or adopters may request an inventory of information held by Sidewalk Specials NPC, as well as request removal or correction of information, in so far as it does not contradict with any other legal or regulatory requirements for record retention. As a legal, and/or regulatory requirement, this supersedes the right of the data subject to request the deletion of personal information, however measures are in place to ensure the protection of such information, as required by POPIA.9.2.
© Sidewalk Specials, Version February 2020