Author: Compliance Department
Version 1: June 2021
- POPI is the abbreviated term for the Protection of Personal Information Act (“the Act”). The Act is distinguished from other similar pieces of legislation worldwide because the “personal information” as devinded in the Act refers to ANY information relating to an identifiable, living natural person or juristic person. This means that there is not only a requirement to safeguard the personal information of an individual but that of customers and suppliers as well;
- POPI therefore requires that Fluidco inform their customers as to the manner in which their personal information is used, disclosed and destroyed and commits to customers that their privacy will be protected by ensuring that their personal information is used in an appropriate and secure manner in accordance with applicable laws;
- This Policy is available on our website fluidco.co.za and by request from our Information Officer or Customer Service Reprehensive at Fluidco Hydraulic Systems.
- Collection of Personal Information:
- The Act provides that personal information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
- In this regard, Fluidco collects and processes the personal information of its customers for the purposes of:
- Assessing the creditworthiness (credit references searches and verifications) of customers in the provision of incidental credit;
- Using such information for the development of payments services from customers;
- Conducting due diligences on the customer with reference to complying with Fluidco’s policies relating to fraud, crime, money laundering, anti-trust, anti-bribery and corruption and sanction listed companies internationally;
- Marketing purposes in print and digital media;
- Confirming and verifying their details on record;
- For record and audit purposes;
- In connection with and complying with legal and statutory requirements or otherwise allowed by law;
- Necessary for pursuing the legitimate interests of Fluidco which the customer trades with;
- In all material instances, the consent of the customer is obligated based on the fact that Fluidco makes the customer aware of what information is required to be collected and processed, why it is collected, how it will be collected and processed, where it will be processed and to whom that information will be given to.
- The starting point with regards to the collection of personal information of customers lies in Fluidco’s respective Standard Terms and Conditions in respect of which the Customer provides consent for the use of its information to assess the creditworthiness of the Customer by Fluidco when it fills in and signs the Credit Application Form. By signing the Credit Application Form, and subject to no deletions in this regard, the Customer is deemed to have provided consent;
- In some cases, a Customer refuses to accept Fluidco’s Standard Terms and Conditions and will insist that their terms and conditions of trade with Suppliers is signed instead. Such terms and conditions are, as per the Contract Management Policy of Fluidco, required to be sent to Fluidco’s Legal for assessment. If such terms and conditions do not provide similar consent, it shall still remain the policy of Fluidco to abide by the provisions of the Act by collecting and processing information in the manner as contemplated in 2.2.
- Parameters of Disclosure of Personal Information:
- A customer’s personal information may be disclosed from Fluidco to our sister companies for the purpose of providing the customer with the opportunity to engage with our affiliated companies range of products housed in the respective companies. However, personal information relating to a customer for trade shall follow the same procedure in the collection and processing of the customer personal information as contemplated in 2.2 above;
- A customer’s personal information may also be disclosed to third parties with whom Fluidco trades with or Fluidco is required to do so in terms of applicable legislation, the law or where deemed necessary to protect the rights of Fluidco;
- In terms of 3.1 and 3.2, Fluidco’s Finance Department is responsible for the collection and processing of Customer information regarding the activation of the Customer from an incidental credit perspective. With particular reference of 3.2, if it is necessary for the personal information of the Customer to be disclosed to third parties. In accordance with the provisions of: (a) assessing the creditworthiness of the Customer and (b) conducting due diligence on the customer with reference to complying with Fluidco’s policies relating to fraud, crime, money laundering, anti-trust, anti-bribery and corruption and sanction listed companies internationally;
- In terms of 3.3, it is contemplated that providing the Customer information to such third parties, would also be a necessary requirement for pursuing the legitimate interests of Fluidco provided that such service providers themselves have a duty of responsibility to collect and process such information for the specific purpose required.
- Amendments to Personal Information:
- Customers have the right, at all material times, to access the information in the possession of Fluidco and further the customer can ask for the updating, collection or deletion of personal information on reasonable grounds. The deletion of personal information is subject to Fluidco not being restricted to comply therto by means of prevailing legislation or to protect the legitimate interest of Fluidco;
- Fluidco shall take all reasonable steps to confirm a customer’s identity before providing details of their personal information or making changes to personal information.
- Safeguarding Customers Information:
- The condition imposed by POPI requires Fluidco adequately protects the personal information of the customer and in this regard, key consideration will be given taking into account the following:
- The integrity and confidentiality of personal information in possession by taking appropriate and reasonable measure to prevent the loss or damage to or unauthorized destruction of personal information and unlawful access to or processing of personal information of the customer
- Have regard to generally and reasonably accepted information security practices and procedures;
- Take reasonable steps to identify reasonable and foreseeable risks of personal information in the possession of Fluidco and establish and maintain safeguards against the risks identified and implement the safe guards, continually update them and regularly verify them.
- With specific reference to the personal information obtained from a Customer by Fluidco Finance Department, access to the departments electronic files are restricted to designated Managers and employees who are required to process the date with permitted authorization levels to access such data. Physical documents of Customers personal information is filed under lock and key with Fluidco’s Finance Department, restricted from any third parties.
- All Fluidco’s electronic files/data are backed up daily and stored securely and safeguards are in place for the protection of such files and data which is administered by Fluidco’s IT Department along strict protocols;
- Access to Documents:
- It is a mandatory requirement at Fluidco that the information belonging to Fluidco and those of a customer must be dealt with in strict confidence and may only be disclosed where there is no fear of redress such as:
- Disclosure is subject to a legal (statutory or regulatory) requirement;
- Where there is a duty to the public to disclose such as where the public interest outweighs any interference with privacy of the individual or customer or to prevent or mitigate a serious or imminent threat to public health;
- Where the interests of Fluidco require disclosure;
- Where the disclosure is made with the express or implied consent of the customer;
Disclosure to Third Parties
- All employees of Fluidco have a duty of confidentiality to the company and have signed acknowledgement of such duty with the Fluidco where they are employed. Accordingly, customer information may only be given to a third party if the customer has consented thereto in writing and Fluidco’s Management or Financial Officer has confirmed agreement thereto as well;
- Confidential information or information belonging to Fluidco may not be disclosed to third parties without the consent of Management and the Financial Officer.
- Storage of Documents:
- The storage of hard copy documents, whether they are Fluidco’s documents, customer information and supplier information may be required to be kept for periods as stipulated by prevailing legislation. Accordingly, the request by customer to destroy personal 8nformation may not be complied with due to a prevailing statutory of regulatory requirement. In the event of uncertainty, contact Fluidco for clarity;
- A few examples are:
- Company policy – 7 years and in some cases indefinitely;
- Financial Intelligence Centre Act (FICA) – 5 years
- Compensation for Occupational Injuries & Diseases Act (COIDA) – Vary from 3 years to 40 years;
- South African Revenue Services Act – 5 years
- Electronic storage of information at Fluidco must be done in conjunction with our IT company and comply with the policies and procedures of Fluidco IT;
- The Electronic Communications Act of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is used. In this regard, IT is required to ensure that such “Business Information” is stored and archived in line with Fluidco’s policy on the Control and Retention of Documents and Records.
- Personal information that has become obsolete must be destroyed. Obsolescence does not require a consent to be destroyed other than confirmation thereof from the Information Officer. Such obsolete information must be destroyed in a manner that it is not able to be reconstituted in a legible format.
- Fluidco has a policy and procedure for the storage of and destruction of electronic data;
- Fluidco Information Officer
- POPI prescribes the appointment of an Information Officer who is responsible for the compliance with the conditions of the lawful processing of personal information and compliance with the provisions of POPI.
- The details of Fluidco Hydraulic Services Information Officer as follows:
Name: Ms Bonita Brink
Designation within Company: Account Manager
Email address: firstname.lastname@example.org
Physical Address: 40 Industry Road, Paarden Eiland, Cape Town, Western Cape, 7405