Dear Sir or Madam,

Samuel Beck Hairdressing is committed to compliance with all applicable laws. To this

end, we have embarked on a process to ensure the implementation of compliance with the

Protection of Personal Information Act 4 of 2013 (“POPIA” or “Act”). In terms of the Protection of Personal Information Act (Section 18) we are required to provide you with this notification.

  • By way of background, to give effect to the Constitutional right to privacy, on 20 August 2013, the

National Assembly passed the Protection of Personal Information Bill [B9D of 2009], which is

largely based on the European Data Protection Directive [1].

  • The majority of the provisions of POPIA (including the conditions for lawful processing of personal information in Chapter 3 (“Processing Conditions”) commenced on 1 July 2021[2] and responsible parties[3] will have to comply with these provisions from 1 July 2021 onwards[4].
  • POPIA applies to the automated or non-automated processing of personal information entered

into a record in any form (provided that when the recorded personal information is processed by

non-automated means, it forms part of a filing system or is intended to form part thereof) by or

for a responsible party who or which is domiciled in South Africa, or not domiciled in South Africa,

unless the processing relates only to the forwarding of personal information through South

Africa[5]

  • “Processing” is broadly defined to mean –
    1. “any operation or activity or any set of operations, whether or not by automatic means, concerning
    2. personal information, including—
    3. the collection, receipt, recording, organisation, collation, storage, updating or modification,

retrieval, alteration, consultation or use;

  1. dissemination by means of transmission, distribution or making available in any other form; or
  2. merging, linking, as well as restriction, degradation, erasure or destruction of information.”

  • Personal information” is widely defined in POPIA and means information relating to an

identifiable, living, natural person, and (where applicable) an identifiable, existing juristic person,

including information relating to the race, gender, sex, pregnancy, marital status, national, ethnic

or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability,

religion, conscience, belief, culture, language and birth of the person; and information relating to

the education or the medical, financial, criminal or employment history of the person.

  • Record” means any recorded information, regardless of its form or medium, in the possession

or under the control of a responsible party (whether or not it was created by a responsible party),

including writing on any material; and information produced, recorded or stored by means of

computer equipment, whether hardware or software or both, or other device, and any material

subsequently derived from information so produced, recorded or stored.

  • Responsible parties, among other things, are obliged to comply with 8 Processing Conditions.

POPIA recognises, however, that not every person who processes personal information

constitutes a responsible party. The Act thus regulates a party styled the “operator”, which is

defined as “a person who processes personal information for a responsible party in terms of a

contract or mandate, without coming under the direct authority of that party” (our emphasis).

  • An operator, or anyone processing personal information on behalf of a responsible party or an

operator, must[6]:

  1. process such information only with the knowledge or authorization of the responsible party; and
  2. treat personal information which comes to its knowledge as confidential and must not

disclose it,unless required by law or in the course of the proper performance of their duties.

  • A responsible party must, in terms of a written contract between the responsible party and the

operator, ensure that the operator who processes personal information for the responsible party

establishes and maintains the required security measures and the operator must notify the

responsible party immediately where there are reasonable grounds to believe that the personal

information of a data subject has been accessed or acquired by any unauthorized person.[7]

 Against this backdrop, (“Samuel Beck Hairdressing”), as responsible party, has entered into an Agreement with our Employees (Operators) on the commencement of their employment and

Samuel Beck Hairdressing  will ensures that it contracts with Operators as required by POPI and it will requires appropriate security, privacy and confidentiality obligations of these operators in order to ensure that personal information is kept secure. The same protocols apply to any party to whom Samuel Beck Hairdressing may pass Personal information on to for the purposes mentioned herein

Should you require to contact us, our contact details:

  • 34 Jeffreys Street, Jeffreys Bay, 6330
  • The information Officer: Charet Beck
  • Email: samuelbeck@truewan.co.za
  • Mobile: 0832359834

We are committed to protecting and respecting any personal information you share with us Do not hesitate to contact us should you require any further information.

[1] Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which was replaced by the General Data Protection Regulation in

May 2018.

[2] (under proclamation No. R. 21 of 2020 in Gazette no. 11136, Vol. 660 No 43461 dated 22 June 2020)

[3] “Responsible party”, in terms of POPIA, means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

[4] See section 114 of POPIA, which provides: “All processing of personal information must within one year after the commencement of this section be made to conform to this Act.”

[5] See section 3(1) of POPIA.

[6] See section 20 of POPIA.

[7] See section 21 of POPIA.

PROTECTION OF PERSONAL INFORMATION (POPI) & PROMOTION OF ACCESS TO INFORMATION POLICY (PAIA)


Introduction

Samuel Beck Hairdressing is obliged to comply with the Protection of Personal Information Act (No. 4 of 2013) (“POPI”) as well as the Promotion of Access to Information Act (No. 2 of 2000) (“PAIA”), given that it processes the personal information of its employees, clients and other data subjects from time to time as well as that there may be requesters of information relating to the company and its operations.

Samuel Beck Hairdressing guarantees its commitment to protecting data subject and third party privacy as well as ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.

POPI requires Samuel Beck Hairdressing to inform data subjects as to how their personal information is collected, processed, secured, disclosed, destroyed and the like.

This Policy therefore sets out the manner in which Samuel Beck Hairdressing deals with such personal information, stipulates the general purpose for which such information is used as well as how data subjects can participate in this process in relation to their personal information.

In addition, this policy also addresses Samuel Beck Hairdressing’sresponsibility under the Promotion of Access to Information Act (No. 2 of 2000)(PAIA) and the processing personal information provisions must be read along with this statutory provision. In respect of PAIA, the company has developed a manual and made it available as prescribed in section 51 of the PAIA. Where parties/ requesters submit requests for information disclosure in terms of this manual, internal measures have been developed together with adequate systems to process requests for information or access thereto.

The right of access to records of Samuel Beck Hairdressing by a requester under PAIA requires of Samuel Beck Hairdressing that a requester must be given access to a record if.

  • that record is required for the exercise or protection of any rights;
  • that person complies with the procedural requirements in PAIA and the s51 manual relating to a request for access to that record; and
  • Access to that record is not refused in terms of any ground for refusal contemplated in the PAIA statute.

The provisions of this policy must be read along with all other relevant practices and procedures that are used to for the purpose hereof.

Collection of personal information

Samuel Beck Hairdressing collects and processes data and information pertaining to its employees, suppliers, clients and other stakeholders (data subjects). The type of information will depend on the need for which it is collected and will be processed for that process only. Whenever possible, Samuel Beck Hairdressing will inform the data subject of the information required, the purpose thereof and the other rights contained at law. This will include whether the information is mandatory or optional.

Where necessary, Samuel Beck Hairdressing will indicate to the data subject the consequence of failing to provide such personal information.  For example, Samuel Beck Hairdressing may not be able to employ an individual without certain personal information relating to that individual or the company may not be in a position to render services to a client in the absence of certain information which is required.

Examples of the personal information Samuel Beck Hairdressing collects includes, but is not limited to information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. information relating to the education or the medical, financial, criminal or employment history of the person;
  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person
  4. the biometric information of the person;
  5. the personal opinions, views or preferences of the person;
  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Processing limitation

Personal information will be processed by the company in a manner that is –

  • lawful; and
  • reasonable (not infringe the privacy of the data subject).
  • Specific limitations that Samuel Beck Hairdressing shall observe in processing personal information includes –
  • Minimalistic and adequacy given the purpose for which it was originally collected;
  • Obtaining consent to the processing if required in the circumstances;
  • Carrying out actions for the conclusion or performance of a contract;
  • Complying with an obligation imposed by law on the company;
  • Protecting a legitimate interest of the data subject;
  • Processing for the proper performance of a public law duty by a public body;
  • Processing is necessary for pursuing the legitimate interests of the company or of a third party to whom the information is supplied.

A data subject may object, at any time, to the processing of personal information and if a data subject has objected to the processing of personal Samuel Beck Hairdressing shall no longer process the personal information.

Collection must be directly from the data subject, except as otherwise provided for unless the information is contained in or derived from a public record or has deliberately been made public by the data subject.

Samuel Beck Hairdressing shall not process special personal information without complying with the specific provisions of the POPI statute (and with the above section) and such information pertains to personal information concerning—

  1. the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
  2. the criminal behaviour of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

Collection of employee information

For the purposes of this Policy, employees include potential, past and existing employees of Samuel Beck Hairdressing

Samuel Beck Hairdressing will, when appointing new employees, require information from the prospective employee in order to process the employee’s information on Samuel Beck Hairdressing’s systems. Such information is reasonably necessary for Samuel Beck Hairdressing’s record purposes as well as to ascertain if the prospective employee meets the requirements for the position to which he or she is being appointed, and is suitable for appointment as well as qualifies for certain benefits.

Samuel Beck Hairdressing will use and process such employee information for purposes including those set out below and to make lawful decisions in respect of that employee and its business.

Use of employee information

Employees’ personal information will only be used for the purpose for which it was collected and intended. This would include, but is not limited to:

  • submissions to the Department of Employment and Labour
  • submissions to the Receiver of Revenue
  • for audit and recordkeeping purposes
  • in connection with legal proceedings
  • in connection with and to comply with legal and regulatory requirements
  • in connection with any administrative functions of the Company
  • disciplinary action or any other action to address the employee’s conduct or capacity
  • in respect of any employment benefits that the employee is entitled to
  • pre and post-employment checks and screening
  • any other relevant purpose to which the employee has been notified of
  • any compliance requirements at law.

Should information be processed for any other reason, Samuel Beck Hairdressing will inform the employee accordingly.

Samuel Beck Hairdressing acknowledges that personal information may only be processed if certain conditions are met which, depending on the merits include –

  • The employee consents to the processing
  • The processing is necessary to attend to the justifiable rights and obligations of the parties
  • The processing complies with an obligation imposed by law on the company
  • Processing protects a legitimate interest of the employee
  • Processing is necessary for pursuing the legitimate interests of the company or of a third party to whom information is supplied.

Collection of client and/ or supplier information

For purposes of this Policy, clients and suppliers include potential, past and existing clients and suppliers.

Samuel Beck Hairdressing collects and processes its clients’ and supplier’s personal information, for purposes such as those mentioned hereunder. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Examples of personal information collected from clients and suppliers include, but are not limited to:

  • Identity number, name, surname, address, postal code
  • Residential and postal address
  • Contact information
  • Banking details
  • Company registration number
  • Full name of the legal entity
  • Tax and/or VAT number
  • Details of the person responsible for the client’s account

Samuel Beck Hairdressing also collects and processes clients’ personal information for marketing purposes in order to ensure that our products and services remain relevant to our clients and potential clients.

Use of client and supplier information

The personal information of these parties will only be used for the purpose for which it was collected and as agreed. This may include, but not be limited to:

  • Providing products or services to clients
  • In connection with sending accounts and communication to a client in respect of services rendered
  • Confirming, verifying and updating client details
  • Conducting market or customer satisfaction research
  • For audit and record keeping purposes
  • In connection with legal proceedings
  • In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.

Samuel Beck Hairdressing acknowledges that personal information may only be processed if any of the conditions set out hereunder are met:

  • Client consents to the processing;
  • The processing is necessary to attend to rights and obligations that are justifiable;
  • The processing complies with an obligation imposed by law on the company;
  • Processing protects a legitimate interest of the party;
  • Processing is necessary for pursuing the legitimate interests of the company or of a third party to whom information is supplied.

Disclosure of personal information

Samuel Beck Hairdressing may share data subject’s personal information with third parties as well as obtain information from such third parties for reasons set out above.

Samuel Beck Hairdressing may also disclose data subject’s information where there is a duty or a right to disclose in terms of applicable legislation, the law or where it may be necessary to protect Samuel Beck Hairdressing’s rights.

Safeguarding personal information and consent

It is a requirement of POPI to adequately protect the personal information Samuel Beck Hairdressing holds and to avoid unauthorised access and use of personal information. The Samuel Beck Hairdressing shall review its security controls and processes on a regular basis to ensure that personal information is secure.

It will take appropriate, reasonable technical and organizational measures to prevent loss or damage or unauthorized destruction of personal information, and unlawful access to or processing of personal information.

This will be achieved by –

  • Identifying internal and external risks;
  • Establishing and maintain appropriate safeguards;
  • Regularly verifying these safeguards and their implementation;
  • Updating the safeguards;
  • Implementing generally accepted information security practices and procedures.

Samuel Beck Hairdressing shall appoint an Information Officer who is responsible for the encouragement of compliance with the conditions of the lawful processing of personal information and other provisions of POPI and PAIA. The responsibilities of the Information Officer include –

  • That a compliance framework is developed, implemented, monitored and maintained;
  • That a personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
  • That a manual is developed, monitored, maintained and made available as prescribed in section 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000);
  • internal measures are developed together with adequate systems to process requests for information or access thereto; and
  • company staff awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.

Information Officer Details

Name: Charet Beck

Telephone number: 0832359834

Postal address: 34 Jeffreys Street, Jeffreys Bay, 6330

Physical address: 34 Jeffreys Street, Jeffreys Bay, 6330

Email address: samuelbeck@truewan.co.za

Each new employee will be required to sign an employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.

Every employee currently employed within Samuel Beck Hairdressing will be required to either sign an addendum to their employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI OR be trained on the provisions and application of POPI and PAIA.

Samuel Beck Hairdressing’s suppliers, insurers and other third-party service providers will be required to sign a service level agreement guaranteeing their commitment to the Protection of Personal Information. This is, however, an ongoing process that will be evaluated as required.

Consent to process client information is obtained from data subjects (or a person who has been given authorisation from the client to provide the client’s personal information) during the introductory, appointment and needs analysis stage of the relationship as far as is reasonably possible.

Direct Marketing

The rights of data subjects in respect of direct marketing by means of unsolicited electronic communications, directories and automated decision-making must be complied with at all times. In this regard, the company shall ensure that –

  • The processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMS’s or e-mail is not allowed unless the data subject has given his, her or its consent to the processing; or is a customer of Samuel Beck Hairdressing
  • In the event of direct marketing, it will only approach data subjects whose consent is required and who have not previously withheld such consent, only once in order to request the said consent. This will be done in the prescribed manner and form.

In addition, Samuel Beck Hairdressing will only process the personal information of a data subject who is a customer of Samuel Beck Hairdressing and where the contact details of the data subject were acquired in the context of the sale of a product or service. The data subjects will only be approached for the purpose of direct marketing of Samuel Beck Hairdressing’s own similar products or services. In all instances, the data subject shall be given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details at the time when the information is collected.

Any communication for the purpose of direct marketing will contain details of the identity of the sender or the person on whose behalf the communication has been sent and an address or other contact details to which the recipient may send a request that such communications cease.

Transfer of information outside of SA

Samuel Beck Hairdressing will not transfer personal information about a data subject to a third party that is in a foreign country unless—

  • (i) the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection of personal information and effectively upholds principles for reasonable processing of the information.
  • (ii) the data subject consents to the transfer;
  • (iii) the transfer is necessary for the performance of a contract between the data subject and the company;
  • (iv) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the company and a third party; or
  • (v) the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject to that transfer and if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.

CCTV

Video footage that has been recorded processed and stored via CCTV camera surveillance systems comprise personal information insofar as it is ‘information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.’ The company will, when making use of CCTV, alert people as to the use of CCTV on the premises.

Security breaches

Should Samuel Beck Hairdressing detect a security breach on any of its systems that contain personal information, the company shall take the required steps to assess the nature and extent of the breach in order to ascertain if any information has been compromised.

Notification will be provided in writing by means of either:

  • email
  • registered mail
  • place on our website.

The notification shall provide the following information where possible:

  • description of possible consequences of the breach;
  • measures taken to address the breach;
  • recommendations to be taken by the data subject to mitigate adverse effects;
  • the identity of the party responsible for the breach.

In addition to the above, Samuel Beck Hairdressing shall notify the Regulator of any breach and/or compromise to personal information in its possession and work closely with and comply with any recommendations issued by the Regulator.

The following provisions will apply in this regard –

  • The Information Officer will be responsible for overseeing the investigation;
  • The Information Officer will be responsible for reporting to the Information Regulator within 3 working days of a breach/ compromise to personal information;
  • The Information Officer will be responsible for reporting to the Data Subject(s) within 3 working days of a breach/ compromise to personal information;
  • The timeframes above are guidelines and depending on the merits of the situation may require earlier or later reporting.

Access and correction of personal information

Data subjects have the right to request access to any personal information that Samuel Beck Hairdressingholds about them.

Data subjects have the right to request Samuel Beck Hairdressing to update, correct or delete their personal information on reasonable grounds. Such requests must be made to Samuel Beck Hairdressing’s Information Officer (see details above)

Where an employee or client objects to the processing of their personal information, Samuel Beck Hairdressing may no longer process said personal information. The consequences of the failure to give consent to process the personal information must be set out before the data subject confirms his/her objection.

The data subject must provide reasons for the objection to the processing of his/her personal information.

Retention of records

Samuel Beck Hairdressing shall ensure the safeguarding and protection of all personal information or data. Samuel Beck Hairdressing is obligated to retain certain information as prescribed by law. This includes but is not limited to the following:

With regard to the Companies Act, No. 71 of 2008 and the Companies Amendment Act No 3 of 2011, hard copies of the documents mentioned below must be retained for 7 years:

  • Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act
  • Notice and minutes of all shareholders meetings, including resolutions adopted and documents made available to holders of securities
  • Copies of reports presented at the annual general meeting of the company
  • Copies of annual financial statements required by the Act and copies of accounting records as required by the Act.

The Basic Conditions of Employment No. 75 of 1997, as amended requires Samuel Beck Hairdressing to retain records relating to its staff for a period of no less than 3 years.

Amendments to this policy

Amendments to this Policy will take place from time to time subject to the discretion of Samuel Beck Hairdressing and pursuant to any changes in the law. Such changes will be brought to the attention of employee’s clients where it affects them.

Requests for information

Objection to the processing of personal information

A data subject who wishes to object to the processing of personal information in terms of section 11(3)(a) of the Act, must submit the objection to the responsible party on Form 1.

In terms of requests to be processed under POPI, the following forms shall be used –

Request for correction or deletion of personal information or destruction or deletion of record of personal information

A data subject who wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information in terms of section 24(1) of the Act, must submit a request to the responsible party on Form 2.

Request for data subject’s consent to process personal information

A responsible party who wishes to process personal information of a data subject for the purpose of direct marketing by electronic communication must in terms of section 69(2) of the Act submit a request for written consent to that data subject on Form 4.

Submission of complaint

Any person who wishes to submit a complaint contemplated in section 74(1) of the Act must submit such a complaint to the Regulator on Part I of Form 5.

A responsible party or a data subject who wishes to submit a complaint contemplated in section 74(2) of the Act must submit such a complaint to the Regulator on Part II of Form 5.

In terms of requests for information under PAIA, the provisions of the PAIA s51 Manual must be complied with and Form C completed.

Any requests and/ or advice can be directed to the Information Officer set out in this policy and in the s51 PAIA manual.