CONSENT TO PROCESSING OF PERSONAL INFORMATION IN TERMS OF THE
PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013
between
Hinterland SA (PTY) LTD TRADING AS AGRINET
(Registration Number 1984/008258/07)
(hereafter referred to as “the company”)
and
__________________________
(Identity Number /Registration Number)
(hereafter referred to as the “client”)
1.
INTRODUCTION
The Constitution of the Republic of South Africa provides that everyone has
the right to privacy and the Protection of Personal Information Act, 4 of 2013
(the Act) gives effect to this right including the right to protection against
unlawful collection, retention, dissemination and use of personal information.
The company is committed to protecting its client’s privacy and recognizes that
it needs to comply with statutory requirements in collecting, processing, storing
and distributing of personal information. All personal information collected by
the company will be processed in a lawful, justifiable and reasonable manner.
The company is under a duty to provide clients with a number of details
pertaining to the use of and subsequent processing of their personal
information, before such information is used or processed. In accordance with
this requirement, the company sets out under the attached document known
as the Informed Consent Notice, the reasons why personal information is
required and how the company will use and handle this information.
Page 1 of 10
2.
INTERPRETATION
2.1
The following expressions shall bear the meanings assigned to them below
and cognate expressions bear corresponding meanings:
2.1.1
“Hinterland SA (Pty) Ltd trading as Agrinet” means Hinterland SA (Pty) Ltd
(registration number 1984/008258/07) a private company duly registered in
terms of the company laws of the Republic of South Africa, its affiliates,
subsidiaries and associated companies as defined in the Companies Act, 2008
(hereafter referred to as the company);
2.1.2
“Biometrics” means a technique of personal identification that is based on
physical, physiological or behavioural characterisation including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition;
2.1.3
“Child” means a natural person under the age of 18 years who is not legally
competent, without the assistance of a competent person, to take any action
or decision in respect of any matter concerning themselves;
2.1.4
“Consent” means any voluntary, specific and informed expression of will in
terms of which permission is given for the processing of personal information;
2.1.5
“Data Subject" means the client who will provide the company or its
operator(s) with personal information and who consents when providing such
personal information, to the company or its operator’s use thereof in
accordance with this Notice (hereafter referred to as the client);
2.1.6
“Deputy Information Officer” refers to the person duly authorized by the
Chief Executive Officer of the company and appointed by the company to
facilitate or assist the Chief Executive Officer with any request in terms of the
Act;
2.1.7
“Information Officer” refers to the person duly authorized by the Chief
Executive Officer of the company and appointed by the company to facilitate
or assist the head of the company with any request in terms of the Act;
2.1.8
“Operator” means a third party who processes personal information on behalf
of the responsible party;
2.1.9
‘‘Personal information’’ means information relating to a natural person or
juristic person, and may include the following:
Page 2 of 10
2.1.9.1
Information relating to the race, gender, sex, pregnancy, marital status,
national, ethnic or social origin, colour, sexual orientation, age, physical or
mental health, well-being, disability, religion, conscience, belief, culture,
language and birth of the person;
2.1.9.2
Information relating to the education, medical, financial, criminal or
employment history of the person;
2.1.9.3
Any identifying number, symbol, e-mail address, physical address, telephone
number, location information, online identifier or other particular assignment to
the person;
2.1.9.4
Biometric information such as fingerprints or DNA;
2.1.9.5
Personal opinions, views or preferences;
2.1.9.6
Correspondence sent by the person that is implicitly or explicitly of a private or
confidential nature or further correspondence that would reveal the contents of
the original correspondence;
2.1.9.7
2.1.9.8
The views or opinions of another individual about the person; and
The name of the person if it appears with other personal information relating
to the person or if the disclosure of the name itself would reveal information
about the person.
2.1.10
‘‘Processing’’ means any activity, whether or not by automatic means,
concerning personal information, including:
2.1.10.1
The collection, receipt, recording, organisation, collation, storage, updating or
2.1.10.2
Modification, retrieval, alteration, consultation or use;
2.1.10.3
Dissemination by means of transmission, distribution or making available in
any other form; or
2.1.10.4
Merging, linking, as well as restriction, degradation, erasure or destruction of
information
2.1.11
‘‘Record’’ means any recorded information regardless of form or medium,
including any of the following:
2.1.11.1 Writing on any material;
2.1.11.2 Information produced, recorded or stored by means of a tape-recorder,
computer equipment, whether hardware or software or both, or other
Page 3 of 10
device, and any material derived from such information;
2.1.11.3 Label, marking or other writing that identifies or describes anything of which it
forms part, or to which it is attached;
2.1.11.4 Book, map, plan, graph or drawing; and
2.1.11.5 Photograph, film, negative, tape or other device which contain
visual images and are capable, of being reproduced in the possession or under
the control of a responsible party.
2.1.12
“Responsible Party" means the company including without detracting from the
generality thereof, its directorate and officials, management, executives, and
employees and Operators who need to process the client’s personal
information;
2.1.13
“Requester” refers to any person making a request for access to a record
of, or held by the company;
2.1.14
“Senwes
Group”
means
Senwes
Limited
(registration
number
1997/005336/06) a public company duly registered in terms of the company
laws of the Republic of South Africa, its affiliates, subsidiaries and associated
companies as defined in the Companies Act, 2008;
2.1.15
“Special Personal Information” includes any information relating to an
individual’s ethnicity, gender, religious or other beliefs, political opinions,
membership of a trade union, sexual orientation, medical history, offences
committed or alleged to have been committed by that individual, biometric
details and children’s details;
2.2
In this agreement, clause headings are for convenience and shall not be used
in its interpretation, unless the context clearly indicates a contrary intention.
2.3
An expression which denotes any gender includes the other genders.
2.4
A natural person includes a juristic person and vice versa.
2.5
The singular includes the plural and vice versa
2.6
Any reference to any statute, regulation or other legislation shall be a reference
to that statute, Regulation or other legislation as at the signature date, and as
amended or substituted from time to time.
Page 4 of 10
2.7
If any provision in a definition is a substantive provision conferring a right or
imposing an obligation on any party, then notwithstanding that it is only in a
definition, effect shall be given to that provision as if it were a substantive
provision in the body of this manual.
2.8
Where any term is defined within a particular clause other than this, that term
shall bear the meaning ascribed to it in that clause wherever it is used in this
document.
2.9
Where any number of days is to be calculated from a particular day, such
number shall be calculated as excluding such particular day and commencing
on the next day. If the last day of such number so calculated falls on a day
which is not a business day, the last day shall be deemed to be the next
succeeding business day.
2.10
Any reference to days (other than a reference to business days) months or
years shall be a reference to calendar days, months or years, as the case may
be.
2.11
The use of the word “including” followed by a specific example shall not be
construed as limiting the meaning of the general wording preceding it and the
eiusdem generis rule shall not be applied in the interpretation of such general
wording or such specific examples.
2.12
Insofar as there is conflict in the interpretation of or application of this
agreement and the Act, the Act shall prevail.
2.13
This document does not purport to be exhaustive of or comprehensively deal
with every right or obligation provided for in the Act. The client is advised to
familiarize his/her/itself with the provisions of the Act.
3.
ACKNOWLEDGMENT AND CONSENT
By signing this agreement, the client hereby acknowledges and agrees that It
is fully aware of its rights in terms of the Act. The client likewise agrees and
consents to the following:
Page 5 of 10
3.1
Use of Personal Information
3.1.1
The client consents to the company processing its Personal Information and
acknowledges that all Personal Information provided will only be used for the
purposes for which it is collected, namely the creating and maintaining of an
account with the company. Should the company require to process such
personal information for other purposes, the client’s prior consent will be
requested.
3.2
Accuracy of Information and Onus
3.2.1
The Act requires that all personal information and related details supplied, are
complete, accurate and up to date. The client declares that all personal
information supplied to the company is accurate, up to date, not misleading
and that it is complete in all respects.
3.2.2
Whilst the company will always use its best endeavours to ensure that the
client’s personal information is reliable, it remains the responsibility of the client
to advise the company of any changes thereto. The client therefore agrees to
update the information supplied, as and when necessary, in order to ensure
the accuracy of the information, failing which the company will not be liable for
any inaccuracies.
3.3
Sharing of Information
3.3.1
Personal information will be made available to employees who require these
details for their functions within the company and the Senwes Group. All
employees who have access to personal information are aware of the sensitive
nature thereof.
3.3.2
The client consents to the company disclosing its personal information:
3.3.2.1
Where such disclosure is required by law, in compliance with a duty to the
public to disclose and/or necessary to further the interests of the company;
3.3.2.2
To third party service providers;
3.3.2.3
To any person who needs the information to carry out or protect any of
the company’ rights or obligations.
Page 6 of 10
3.3.3
The company has the right to cede any or all of its rights or to delegate
any or all of its obligations it may have arising out this agreement for inter
alia the following purposes:
3.3.3.1
To obtain finance;
3.3.3.2
The sale of its business or part thereof; or
3.3.3.3
To give effect to the rights of the company.
3.3.4
The company may disclose the client’s personal information, outside the
boarders of South Africa, for any reason which the company deems
appropriate, provided that the company will notify the client of such disclosure.
3.4
Storage, Retention and Destruction of Information
3.4.1
All personal information which you provide to the company will be held and/or
stored securely. Personal information may be stored electronically and as such
may be accessible to the companies within the Senwes Group. Where
appropriate, some information may be retained in hard copy. In either event,
storage will be secure.
3.4.2
Where data is stored electronically outside the borders of South Africa, such
is done only in countries that have similar privacy laws or where such facilities
are bound contractually to no lesser regulations than those imposed by the
Act.
3.4.3
The company will ensure that all the systems and operations which it uses will
at all times be of a minimum standard required by applicable laws and be of a
standard no less than the standards which are in compliance with the Best
Industry Practice for the protection, control and use of personal information.
3.4.4
The company will take appropriate and reasonable technical and
organisational measures to prevent the loss of, damage to or unauthorised
destruction of personal information as well as the unlawful access to or
processing of personal information.
3.4.5
Once the client’s personal information is no longer required, such personal
information will be safely and securely archived, as per the requirements of
Page 7 of 10
applicable
legislation. Thereafter, the personal
information may be
permanently destroyed.
3.5
Right to Object
3.5.1
In terms of section 11(3) of the Act, the client has the right to object in the
prescribed manner to the company processing its personal information. On
receipt of the objection the company will place a hold on any further processing
until the cause of the objection has been resolved.
3.5.2
The client acknowledges that should it refuse to provide the required consent
and/or information, the company will be unable to assist the client.
3.5.3
In the event of the client refusing to give the required consent, the company
will still have the right in terms of the Act to process personal information
without the client’s consent under any of the following circumstances:
3.5.3.1
Where such processing and use is necessary in order to give effect to a
contractual relationship that exists between the client and the company;
3.5.3.2
Where such processing is required in terms of the law; or
3.5.3.3
Where such processing is necessary to protect the legitimate interests of the
company or a third party.
3.6
Access to Information
In terms of section 23 of the Act as well as section 50 of the Promotion of Access
to Information Act, 2 of 2000, the client may request in writing that the company
provide it with the details of its personal information which the company holds
and what the company has done with such personal information. This request
must be sent to the company’s Deputy Information Officer together with the
client’s proof of identity. The contact details of the Deputy Information Officer
are as follows:
Deputy Information Officer:
Elmarie Joynt
Physical address:
1 Charel de Klerk street, Klerksdorp, 2570
Postal address:
PO Box 31, Klerksdorp, 2570
Telephone:
018 464 7104
Page 8 of 10
Email:
3.7
Elmarie.joynt@senwes.co.za
Consent to Direct Marketing, Advertising and Promotional Activities
The client expressly consents to the processing of its information for marketing
purposes and as such knows and understands that by agreeing to same they
may receive marketing materials in the form of electronic communication from
the company.
3.8
Complaints
You have the right to address any complaints to the Information Regulator or to
the Deputy Information Officer at the contact details provided above.
3.9
Declaration and Informed Consent
3.9.1
The client agrees that by making its personal information available, the company
is not responsible for any loss, whether direct or indirect, that may arise from
the use of such information.
3.9.2
The company will not be liable for inaccurate information on its systems as a
result of the client’s failure to update its personal information.
3.9.3
The client confirms that it has had an opportunity to read this agreement, and
fully comprehends the terms, conditions and consequences of its consent.
3.9.4
The client confirms that it has had sufficient opportunity to ask questions about
this agreement and has had these questions, if any, answered to its satisfaction.
3.9.5
The client’s consent to the terms of this consent form is provided of its own free
will and without any undue influence from any person whatsoever.
4.
3.1
PROTECTION OF THE COMPANY’S PERSONAL INFORMATION
The client undertakes to comply with the provisions of the POPIA in its dealings with
the company’s personal information. In particular, with the provisions of the Act insofar
as they pertain to:
4.1.1
Lawful processing of personal information;
4.1.2
Rights of the company;
4.1.3
Retention and restriction of records;
Page 9 of 10
4.1.4
Safeguards for the integrity of personal information;
4.1.5
Notification of security compromises; and
4.1.6
The company’s rights as they relate to direct marketing by means of unsolicited electronic
communications. The client specifically agrees not to contact the company’s client’s by
any means unless the company has provided prior written consent in respect thereof.
4.2
The client must treat all personal information which comes to its knowledge as
Confidential Information and not disclose it unless required by law or in the course of
the proper performance in terms of this clause.
4.3
The client must secure the integrity and confidentiality of personal information of the
company and it’s clients by taking appropriate, reasonable technical and
organizational measures to prevent loss of, damage to or unauthorised destruction of
the personal information and unlawful access to or processing of the personal
information. In doing so, the supplier must take appropriate and reasonable measures
to:
4.4
Identify all reasonably foreseeable internal and external risks to personal information
in its possession or under its control:
4.4.1
Establish and maintain appropriate safeguards against the risks identified;
4.4.2
Regularly verify that the safeguards are effectively implemented; and
4.4.3
Ensure that the safeguards are continually updated in response to new risks or
deficiencies in previously implemented safeguards.
4.4
The client must notify the company immediately where there are reasonable grounds
to believe that personal information has been accessed or acquired by any
unauthorised person.
Signed at ______________________ on this ______ day of ________________ 20___.
_________________
Name: _________________
Surname: _______________
Page 10 of 10