top of page

THE PROTECTION OF PERSONAL INFORMATION ACT

OUR DUTY TO YOU

 

Dear Client

 

The Protection of Personal Information Act (POPI) is now in operation and we need to comply.  POPI regulates how we handle your personal information while we do our work.

 

POPI is intended to balance 2 competing interests, these are :

 

  • Your constitutional right to privacy (which requires your personal information to be protected) :  and

  • The needs of our society to have access to and to use your personal information for legitimate purposes, for example, to enable us to do work for you.

 

POPI obliges us to inform you of our process, and that is the main purpose of this correspondence.  If you wish to have greater insight into the way in which we are implementing POPI, you may ask for a copy of our company’s internal Compliance Manual.  Here is what you need to know :

 

THE COLLECTION AND PROCESSING OF PERSONAL INFORMATION

 

  1. We will collect the majority of your personal information from yourself.  Please cooperate with us when we do so.  We will also collect your personal information from any intermediary that might have referred you to us, and from public records.
     

  2. We will be collecting your personal information to enable us to fulfil the mandate that we have been given by you.
     

  3. You are legally obliged to supply the information that we need to comply with the Financial Intelligence Centre Act (FICA). This information is required to combat money laundering and the financing of terrorism. Any other information that we ask for will be required to enable us to do our work.  You have a choice as to whether you will supply us with this other information.   Please note that if you fail to supply the information we ask for, we will not be able to do our work properly. You might also be placing yourself in breach of a contract, or the law.
     

  4. We will be passing your personal information on to all third parties that require it for the purposes of doing their work which is related to what we are doing for you.
     

  5. You can rest assured that unless we are legally obliged to share your personal information, we will only share so much of your personal information as is needed by the authority that requires it, and we will only do so when it is necessary for us to do our work for you. In addition, all of our staff are bound by confidentially clauses in their letters of employment.
     

  6. If there is an international component to the work which we are doing for you, and if we are required to share your personal information with an overseas recipient, you are entitled to ask us how your personal information will be protected in this foreign country, and we will endeavour to assist you.
     

  7. You have the right of access to your personal information and the right to correct any errors relating to the information that we have on record.  In addition, you have the right to object to us continuing to process your personal information.  In this regard, please note that if you do exercise this right, we will not be able to do our work properly. In addition, this might place you in breach of a contract.
     

  8. We are obliged by law to retain our records for a period of time after we have completed our work. During this period, your personal information will also remain protected. After this period has expired, your personal information will be destroyed in a way that de-identifies you.
     

  9. THE SECURITY OF OUR SYSTEMS

    All our data is stored off site :

 

9.1 Our Customer Management System (Fusion Software) is hosted offsite in a Johannesburg based Data Centre.Backups are done daily and tested and signed off before any updates are applied to the system.

 

9.2 SharePoint is used for our day-to-day data which is cloud based and stored on Microsoft Servers with their own backup solution

 

  • Edge protection to this repository by way of Firewall called Sonic Wall

  • End Point Protection by way of Antivirus

  • Patch management, by way of RMM tool

  • RMM – remote management and monitoring tool – Dial a Nerd

  • We are encrypting all endpoints

 

9.3  Email accounts and MS365 profiles are protected with the following security measures

- MFA – Multifactor Authentication

- ATP – Advanced Thread Protection is encrypted and protected by Advanced Thread Protection with Microsoft 365, with the user accounted by a responsible party, subject to justifiable limitations that are aimed at. 

 

9.4  No data to the local device is kept other than transactional data, ie. Email attachments etc

 

9.5  Device management and procurement policy :  ConnectWise Automate and control is required by Dial a Nerd to ensure the authorised devices have access to organisational data.

 

9.6  Password policies, using the 8-character minimum with complexity set at high – mixed        use of characters


9.7  Backup Policy :

Due to being cloud based with Microsoft Office 365, backups are handled by Microsoft and therefore no manual testing is required

 

9.8  Penetration testing is done on regular basis by Dial a Nerd on network and/or device level
 

9.9  Remote working users :  All VPNS’s have to use MFA and Azure Directory Management
 

9.10  User Access Control (UAC) is implemented and updated regularly through Microsoft 365
 

9.11  On/Offboarding Policy for users is in place for the organisational users leaving and joining
 

9.12  Monthly ticket reporting and monitoring of all devices via the RMM – Connect Wise Automate enables Dial Nerd to ensure a consciousness around data use, security and processing
 

9.13  Strict control and management of 3rd party access and data sharing zones using SharePoint as the platform
 

9.14  Annual screening and scanning of networks and devices for personal information, ID numbers, credit card numbers etc done for deletion of information no longer required

 

 

Should you have any issues with the way in which we are processing your personal information, you are entitled to lodge a complaint with the Information Regulator, whose contact details  are:

33 Hoof Street

Forum 111, 3rd Floor Braampark

P.O Box 31533

Braamfontein, Johannesburg, 2017

Complaints email: complaints.lR@justice.gov.z General enquiries email: inforeg@iustice gov.za.

 

We trust however that our processing of your personal information will be handled in a way that complies with all the relevant laws and that your rights to privacy will be protected as required by law.

 

Kind Regards


lisasignature.jpg

LISA JONES

Information Officer for Swiss Financial Consulting CC t/a Advisor Office FSP 2569

bottom of page