Company Policy: Protection of Personal Information Act (POPIA) Compliance
Effective Date: 30 June 2021
This policy outlines the procedures and guidelines for QuickEasy Software, a company specializing in the development, sale, and support of ERP software, to ensure compliance with the Protection of Personal Information Act (POPIA) of South Africa. The policy aims to protect the privacy rights of individuals and ensure the responsible handling of personal information collected and processed by the company.
This policy applies to all employees, contractors, and third parties who handle personal information on behalf of QuickEasy Software within the context of developing, selling, and supporting ERP software. It covers all personal information collected, stored, processed, or transmitted in any form, including electronic and physical records.
Personal Information: Refers to any information relating to an identifiable natural or juristic person.
Processing: Refers to any operation or set of operations performed on personal information, such as collection, storage, use, and disclosure.
Responsible Party: Refers to QuickEasy Software, which determines the purpose and means of processing personal information.
Data Subject: Refers to the individual to whom the personal information relates.
4. Compliance with POPIA Principles
4.1. Accountability: QuickEasy Software has appointed Zoe van der Vyver as the Information Officer responsible for overseeing the company's compliance with POPIA. Zoe van der Vyver will ensure that adequate resources are allocated to protect personal information, implement necessary policies and procedures, and act as the point of contact for data subjects and the Information Regulator. Zoe van der Vyver will work closely with relevant departments and stakeholders to promote a culture of privacy and data protection throughout QuickEasy Software. Any inquiries or concerns regarding the handling of personal information can be directed to Zoe van der Vyver or the designated contact person within the company.
4.2. Lawful Processing: Personal information will only be collected and processed for lawful purposes, with the consent of the data subject or as permitted by POPIA. The purpose of collection will be clearly communicated to data subjects, and personal information will not be used for any other purposes without obtaining additional consent unless otherwise authorized by law.
4.3. Minimization of Data: QuickEasy Software will collect and process only the minimum amount of personal information necessary for the intended purpose within the context of developing, selling, and supporting ERP software. Unnecessary collection or retention of personal information will be avoided.
4.4. Accuracy: Reasonable steps will be taken to ensure the accuracy and completeness of personal information collected and processed by QuickEasy Software. Data subjects will have the right to request the correction of inaccurate or incomplete personal information.
4.5. Storage Limitation: Personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected unless otherwise required by law or consented to by the data subject. Once the retention period has expired, personal information will be securely disposed of.
5. Training and Awareness
QuickEasy Software will provide regular training and awareness programs to ensure that all employees, contractors, and third parties handling personal information within the context of developing, selling, and supporting ERP software are aware of their responsibilities under this policy and POPIA. Employees will be required to sign confidentiality agreements and adhere to the principles outlined in this policy.
6. Breach Notification
In the event of a personal information breach, QuickEasy Software will promptly assess the extent of the breach, take necessary actions to mitigate any potential harm, and notify affected individuals and the Information Regulator as required by POPIA. The breach notification will include relevant details about the breach, the potential impact, and the steps taken to address the situation.
7. Data Protection Impact Assessments (DPIA)
QuickEasy Software will conduct Data Protection Impact Assessments as required by POPIA. These assessments will be carried out for any new projects or processes involving the processing of personal information. The purpose of DPIAs is to identify and mitigate privacy risks and ensure that adequate safeguards are in place to protect personal information.
8. Vendor Management
QuickEasy Software will establish and maintain a process for vendor management to ensure that third-party vendors handling personal information on behalf of the company comply with POPIA. Contracts and agreements with vendors will include provisions for the protection of personal information and the requirement for vendors to adhere to applicable data protection regulations.
9. Continuous Improvement and Compliance
QuickEasy Software is committed to continuously reviewing and improving its data protection practices to ensure ongoing compliance with POPIA. The company will monitor regulatory developments and industry best practices to stay up-to-date with evolving privacy requirements. Regular internal audits will be conducted to assess compliance with this policy, and appropriate measures will be taken to address any identified gaps or non-compliance.
10. Policy Review
This policy will be reviewed and updated on a regular basis to reflect changes in legislation, technology, and business practices. Employees will be notified of any updates to the policy, and their compliance with the revised policy will be required.
QuickEasy Software is dedicated to protecting the privacy and personal information of individuals in accordance with the requirements of POPIA. This policy serves as a framework to ensure the responsible collection, processing, storage, and disposal of personal information within the context of developing, selling, and supporting ERP software. Compliance with this policy is mandatory for all employees, contractors, and third parties working with personal information on behalf of QuickEasy Software.