POPIA Privacy Notice
BSS Africa respects and protects your privacy. Our privacy notice applies to all persons whose information we collect, regardless of form and medium. This includes our employees, consultants, agents service providers and customers. This privacy notice applies to all our services and related websites.
This is a general notice that explains:
- Who we collect personal information from.
- What personal information we collect.
- Why we collect your personal information.
- How we use your personal information; and
- What rights you have in relation to your personal information.
This notice also explains:
- You can access the information we hold about you and ask for that information to be corrected; and
- You can make a complaint about the way we have handled your personal information.
For example, where we ask you to provide personal information in relation to your employment or in a public submission to a policy proposal, we will provide you with a privacy notice at the time of collection or as soon as practicable afterwards. These privacy notices explain our personal information handling practices in relation to that particular purpose or activity.
Our Contact Details are at the bottom of this notice.
We collect and hold a broad range of personal information in records relating to:
- Course Registration.
- Correspondence between yourself and the company in terms of using our services.
- Employment and personnel matters relating to staff and contractors.
- Facilitating appointments.
- Facilitating meetings.
- Contract management.
- Complaints (including privacy complaints) and feedback provided to us.
- Requests under the Promotion of Access to Information Act, 2000 (PAIA).
- Legal advice provided by lawyers.
We collect personal information in a variety of ways. These include:
- Paper-based forms.
- Online (web-based forms and e-mail); and
- Phone calls, faxes and face to face meetings.
- Course registrations forms
- Google analytics
- Linked In
We often collect personal information directly from you. However, in some circumstances we may also collect information about you from a third party.
- Certain third-party service providers may collect or check information from or about you on our behalf. For example, where we use external employment agencies, vetting agencies, credit bureaus, lawyers, accountants, consultants, professional bodies, banks, travel agencies, non-government organisations and security companies.
- Some of this information is passed on to third party partners who are our academic, training and content partners.
- We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities.
We collect personal information from and about:
Visitors to our website:
- We collect information that you give to us directly via our website contact forms.
Our job applicants and employees:
- We collect information from you when you apply for a job, internship and if you are successful and we employ you, give you an internship.
- We may also collect information about you from third parties, like educational bodies or previous employers.
- We also collect information about employees’ and interns’ use of email and the internet to monitor and review e-mail and internet activity, where we believe it is reasonable and necessary to detect abuse or unlawful activity on the department’s resources. You cannot expect privacy in this regard.
Users of our digital platforms:
- We collect information you give us directly via contact or feedback forms.
- We also use common technologies (including ‘cookies’) to track use and
improve user experience. Only employees can access the digital
platforms, so we can identify users.
Our suppliers, service providers, contractors and consultants:
- We collect information from you when you apply to be listed on our supplier database and bid to supply goods or services to us.
- We may also collect or check information about you from various private or public bodies, such as banks or tax authorities.
Our delegates and users of our services and facilities:
- We collect information you give us when you send us a letter, an email or text message, or when you use social media or our call centre to contact us.
- We also collect personal information when it is directly relevant to the specific services, we provide to you.
We also collect information from visitors to our buildings and facilities in terms of the Control of Access to Public Premises and Vehicles Act, 1985.
The personal information we collect, and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- Your name, address and contact details (for example your phone number or email address);
- Information about your identity (such as date of birth, country of birth, passport details, visa details and driver’s licence);
- Information about your personal circumstances (for example age, gender, marital status and occupation);
- Information about your financial affairs (for example payment details, bank account details, and business and financial interests);
- Information about your employment (for example applications for employment, work history, referee comments and remuneration); and
- Government identifiers.
We do not necessarily collect all this information from every person but only where it is necessary.
Special personal information
We may also collect ‘special personal information’ which is a subset of personal information under the POPIA.
Special personal information includes information about the following:
- Your health.
- Your membership of a professional or trade association, or a trade union.
- Your racial or ethnic origin.
- Criminal activities you may have been involved in; and
- Your biometrics (including photographs and voice or video recordings of you).
Generally, we will only collect special personal information if its collection is reasonably necessary for, or directly related to, one or more of our functions or activities or the collection is required or authorised by law.
For example, we collect special personal information such as race and disability to inform the development of a workforce plan. We require employees to complete the EEA 1 form prescribed by the Employment Equity Act, 1998. We ensure that the contents remain confidential and only use the information to comply with previously mentioned act.
We collect general personal and contact information about our employees, suppliers and users of our services and facilities.
- Job Applicants and employees: We usually collect detailed personal information about your educational, employment, financial and criminal background, and any other relevant information such as images of you, fingerprints, drivers licence details, vehicle registration number, tax number and bank account details. We may also need further information about matters such as health issues and family members, where relevant to the employment relationship.
- Suppliers, service providers, contractors and consultants: We often collect detailed personal information about your qualifications, experience or suitability as a supplier, and other relevant information such as bank account details and VAT number. We may also need further information relevant to the business relationship, such financial statements or information about solvency.
- Visitors to our buildings and facilities: We usually collect close circuit television (CCTV) images (and audio recordings, where applicable) of visitors to buildings and facilities, as well as names, identity numbers and contact details.
Business Information and Data Management
- Business information will be collected to maintain governance structures and operational requirements to manage the relationship between entities and individuals in respectful manner.
If you are concerned about the collection of your personal information, please ask the Information Officer about our policies, practices and procedures in this regard.
We routinely use your personal information:
- To communicate and manage our relationship with you.
- To provide you with courses and facilitated interventions that your company may sign you up for.
- To manage security and access control to our buildings and facilities; and
- For record keeping and other administrative purposes, as required by law.
- As a registered training provider, we are required to by law to maintain full records of delegates for reporting purposes.
We will not provide your personal information to anyone else unless you consent thereto or one of the following exceptions applies:
- You would reasonably expect us to use the information for that purpose.
- It is legally required or authorised, such as by a law, or a court or tribunal order.
- It is reasonably necessary for an enforcement-related activity.
- We reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health, or safety of any individual, or to public health or safety.
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary for us to take appropriate action in relation to the matter.
- It is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
- The information is used only for historical, statistical or research purposes and is not published in an identifiable form.
We are very careful with special personal information, and where practical, we usually group personal information together as aggregated data so that individuals cannot easily be identified.
Unless we have your clear informed consent or the law clearly allows us in certain limited circumstances, we will not:
- Sell or rent personal information.
- Use your personal information for purposes that are different, unusual or unexpected in relation to the reason for collecting it in the first place; or
- Share your personal information with third parties in circumstances other than the ones we have referred to above.
Storage and data security
We respect and protect your privacy and store your personal information according to generally accepted information security practices. We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
Where a breach of personal information occurs, we will notify the Information Regulator and affected individuals as required. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
- We try to obtain your consent to collect and use your personal information, where practical.
- You do not normally have to give us personal information, but if you do not, we may not be able to communicate with or provide services to you. You may also ask us not to send you unsolicited messages (opt-out), but then we cannot tell you about services or future events that may be important to you.
- You may access personal information we hold about you and ask us to correct or delete any that is wrong, irrelevant, out of date, misleading and so on. But we may check your identity before giving you access.
- You also have certain rights to withdraw consent or object to us using your personal information under POPIA, but these rights are limited. For example, if the purpose for which your personal information was requested initially does not exist anymore you may request that the information may no longer be used. We can decline your request to delete the information from our records if other legislation requires us to retain the information.
If you feel we are not dealing with your personal information fairly and lawfully, you may complain to the Information Regulator at JD House 27 Stiemens Street Braamfontein Johannesburg 2001 Tel: +27(0) 10 023 5200 Email: complaints.IR@justice.gov.za
Please first give us a chance to resolve any complaint by contacting us at the details below. Your complaint should include a brief description of what happened, when it happened and what personal information was affected.
Tel: 012 346 5878
Post: P.O. Box 2681 Brooklyn Square Pretoria 0181