The Protection of Personal Information Act, 4 of 2013 (POPIA), is a law which regulates the processing of Personal Information owned by persons and legal entities (Data Subjects) in and outside South Africa.
POPIA requires that the person processing a Data Subject's Personal Information (the Responsible Party) complies with certain data privacy principles and conditions, including:
QSupport Cloud (Pty) Ltd, in order to perform its operations, processes Personal Information on a regular basis. As a Responsible Party, QSupport Cloud (Pty) Ltd is obligated to comply with the provisions of POPIA and has developed this Data Protection Policy to govern how all directors, employees, representatives, agents, vendors, customers, clients and service providers process Personal Information.
The following definitions apply throughout this policy:
Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Information.
The person to whom the Personal Information relates, who owns and provides QSupport Cloud (Pty) Ltd or its Operators with their Personal Information.
Information relating to any identifiable, living, natural person (and where applicable, an identifiable existing juristic person), including but not limited to: race, gender, age, health, financial history, employment history, identifying numbers, email addresses, physical addresses, telephone numbers, location information, biometric information, personal opinions and correspondence.
Any operation or activity concerning Personal Information, including collection, receipt, recording, storage, retrieval, use, dissemination, transmission, merging, linking, restriction, degradation, erasure or destruction of information.
The party who is to process a Data Subject's Personal Information — in this case, QSupport Cloud (Pty) Ltd.
A natural or juristic person who processes a Data Subject's Personal Information on behalf of QSupport Cloud (Pty) Ltd under a contract or mandate, without coming under the direct authority of QSupport Cloud (Pty) Ltd.
This policy describes the provisions which apply to the Personal Information that QSupport Cloud (Pty) Ltd processes and sets out how all directors, employees and representatives are to process Personal Information when operating in the QSupport Cloud (Pty) Ltd environment.
The primary objectives are to provide standards, guidelines and useful instruments on how Personal Information is to be processed, safeguarded and protected as required under POPIA — covering both the rights of Data Subjects and the legal guidelines that QSupport Cloud (Pty) Ltd must follow.
This policy applies to all QSupport Cloud (Pty) Ltd directors and employees regardless of their position or professional qualification. All directors and employees are prohibited from processing Personal Information other than in accordance with the principles set out in this policy.
This policy applies to all contractors, representatives, agents, vendors, customers, clients and service providers engaged by QSupport Cloud (Pty) Ltd. The contents of this policy are included and referenced in all relevant trading documents.
QSupport Cloud (Pty) Ltd remains the Responsible Party for all Personal Information processed under its control and authority, even where an Operator processes such information on its behalf. QSupport Cloud (Pty) Ltd has established a privacy governance structure, defined data privacy roles, appointed an Information Officer, and established a formal data privacy training programme.
QSupport Cloud (Pty) Ltd ensures that Personal Information is processed lawfully, is not excessive, and is only used for the stated purpose. Processing occurs only with the necessary consent of the Data Subject, except where no consent is required under POPIA and a legitimate business requirement exists. All Data Subjects are informed of their rights to data privacy under POPIA.
All Personal Information processed by QSupport Cloud (Pty) Ltd is processed for a specific, explicitly defined and lawful purpose related to a function or business activity. Data Subjects are made aware of the purpose of collection and processing.
QSupport Cloud (Pty) Ltd ensures that all Personal Information held is complete, accurate and not misleading. Data Subjects are given the opportunity to update and correct their Personal Information on a regular basis.
Personal Information is only used for as long as required to achieve the stated purpose. On expiration of the legal retention period, all records containing Personal Information are permanently deleted or destroyed in a manner that prevents reconstruction. All records containing Personal Information are archived for a minimum of 7 (seven) years from the date the relevant purpose ended, or for any longer statutory retention period.
QSupport Cloud (Pty) Ltd implements appropriate technical and organisational measures to safeguard the integrity of Personal Information — minimising and preventing loss, damage and unauthorised destruction. All electronic devices holding Personal Information must be password protected and encrypted. Physical records must be kept under lock and key when not in use.
Where a suspected security breach occurs, the person discovering it must immediately notify the Information Officer in accordance with the Personal Information Breach Procedure.
QSupport Cloud (Pty) Ltd only sends direct marketing communications to Data Subjects who have provided prior consent. Every communication includes an opt-out mechanism. Data Subjects who opt out are immediately removed from all marketing lists.
QSupport Cloud (Pty) Ltd does not transfer Personal Information to a third party in a foreign country unless the Data Subject has consented, the transfer is to a country with equivalent data protection legislation, or the transfer is necessary for the performance of a contract. Employees must consult with the Information Officer before any trans-border transfer of Personal Information.
QSupport Cloud (Pty) Ltd has appointed an Information Officer who is responsible for ensuring compliance with POPIA, providing guidance to the organisation, dealing with Data Subject access requests, developing privacy strategy, monitoring compliance, responding to breaches, and administering privacy roles and responsibilities.
The Information Officer is the custodian and enforcer of this Data Protection Policy.
Contact the Information Officer:
Email: accounts@qsupportcloud.com
Telephone: +27 10 630 0156
Post: Unit 11, 7 Numerosa Road, Kempton Park, 1619, Gauteng
Where any Data Subject feels that their Personal Information has not been processed with the necessary level of privacy and confidentiality, or wishes to enquire, complain or object to the use of their Personal Information, they must submit their query, complaint or objection to the Information Officer.
Data Subjects also have the right to lodge a complaint with the Information Regulator of South Africa at www.justice.gov.za/inforeg/.
All records housing Personal Information must be:
Non-compliance with POPIA can result in severe consequences, including:
Civil claims, criminal charges, administrative penalties of up to R10,000,000, and damage to QSupport Cloud (Pty) Ltd's brand and reputation.
Any non-compliance or violation of this policy must be brought to the immediate attention of the Information Officer. Non-compliance by directors or employees may constitute misconduct and result in disciplinary action. Non-compliance by contractors or service providers may be considered a breach of contract, entitling QSupport Cloud (Pty) Ltd to terminate the contractual relationship and/or pursue damages.
This policy has been informed by and must be read in conjunction with the following legislation:
This policy supersedes all earlier versions and is effective from 1 January 2020.