2. DEFINITION OF PERSONAL INFORMATION
Personal Information is “personal information” as defined in section 1 of the Protection of Personal Information Act 4 of 2013 (“POPI Act”). This is information relating to an identifiable, living natural person or existing juristic person. Please refer to the POPI Act for a detailed definition and various types or categories of personal information.
3. CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION COLLECTED
The PIRB only collects general personal information (some of which may be publicly available) and aims to only collect that personal information which is necessary for it to carry out its Services and other facilities provided to you.
- The PIRB collects the following categories of personal information:
- a. Registered Individual – such as name, contact details, email, physical and postal addresses, company details, gender, racial status, disabilities, designations, professional experience, work experience (CVs) and qualifications.
- b. Alumni (Training and Event Delegates and past Corporate Clients) – such as name, contact details, email, physical and postal addresses, company details and documents (where necessary), dietary requirements, and allergies. With regards to Corporate Services company documents required for services and specifically in respect to Board Appraisal Services, director’s personal opinions on the performance of the board is collected and stored to report. Further information may be requested by the PIRB depending on the Service being provided or for statistical or healthy and safety reasons.
- c.Designations – same information as per Registered Individual s above including records of results and decisions, certification records such as date awarded and such information as may be required from the South African Qualifications Authority from time to time.
- d. Suppliers/Procurement – such as company name, address and contact details, banking details, VAT number and BEE certificate/level information.
- f. Employees – all applicable employee information required to be kept from a labour law perspective and running of the organisation. Such information relates to internal employees and not external clients. As such the rest of this Policy will not cover Employee Information as this is dealt with in PIRB internal HR Policies. Furthermore, external parties (unless with applicable court orders or legal reasons) shall not have access to such Employee Information.
4. HOW PERSONAL INFORMATION IS COLLECTED
Your personal information is obtained directly from you either via online forms on our website, email communications, requests for proposals, hard copy forms submitted to the PIRB (such as training facilitator review forms); and on occasion telephonically (only under specific circumstances and at your request). In instances where Corporate Clients require services, the Corporate Client representative may provide individual director information to the PIRB. It is the responsibility of the Corporate Client to ensure it has consent from such individuals to share their general personal contact information.
5. PURPOSE FOR COLLECTING PERSONAL INFORMATION
- The PIRB collects personal information for the following purposes:
- a. To provide you with services offered and requested.
- b. To understand your specific needs and requirements, and to improve the PIRB Registered Individual benefit, service and value offering.
- c. To provide you with PIRB communications about the services being rendered, and keeping you informed of governance-related updates.
- d. To provide you with PIRB related marketing material due to your past interaction and use of the PIRB services.
- e. For health and safety purposes.
- f. For statistical, historical and/or reporting purposes.
The PIRB will always ask for your permission before it uses your personal information for any purpose not disclosed above or unrelated to the operations/services of the PIRB and its use in the ordinary course of business.
6. RECIPIENTS OF PERSONAL INFORMATION
The Personal information collected is used only by the PIRB and its employees in the rendering of its organisational purpose and services. Only in instances where the sharing of personal information to recipients outside of the PIRB is necessary to fulfil a PIRB obligation or service will such information be provided. See clause 7 below for further information
7. PERSONAL INFORMATION SHARED TO THIRD PARTIES
As part of the Registered Individual Benefits provided to PIRB Registered Individual s, the PIRB may be required to provide third party service providers with minimal Registered Individual personal information (such as for example name, Registered Individual ship number, contact details) to provide such Registered Individual Benefits.
Personal information provided to third-party service providers for such purposes will be limited to only that information which is necessary for the Registered Individual to enjoy such benefit which he/she is entitled to. No further information will be provided and third-party service providers are prohibited from using Registered Individual details for any other purpose other than providing the Registered Individual Benefit or for statistical and historical purposes.
Your privacy is important to us. The PIRB will therefore not sell, rent or provide your personal information to unauthorised entities or third parties for their independent use without your consent.
UThe PIRB will release your personal information to a party if it believes that PIRB is required by law or by a court to do so. The PIRB will also disclose your personal information if the PIRB believes that it is necessary to prevent or lessen any unlawful or harmful actions and to protect and defend legitimate business interests, rights or property of the PIRB.
8. PROTECTION OF PERSONAL INFORMATION
The PIRB values the information that you choose to provide to us and will, therefore, take reasonable steps to protect your personal information from loss, misuse or unauthorised alteration. The PIRB conducts regular security testing of its servers and ensures that its employees are trained around the protection of personal information to ensure that your personal information is used correctly and protected.
When you use the services or facilities provided by the PIRB, you may be given an access number, username, password and/or personal identification number ("PIN"). You must always keep your username, access card, password and/or PIN a secret and ensure that you do not disclose it to anyone. The PIRB shall not be held responsible for personal information accessed as a result of you providing someone with your PIRB profile username and password.
Upon your request, PIRB will provide you with its records of the personal information you provided to us. For security reasons, this information will only be sent to the e-mail address on file for the subscriber username and password associated with it.
9. STORAGE OF PERSONAL INFORMATION AND RETENTION THEREOF
Personal Information is stored on the PIRB’s servers located onsite and in the cloud (which in this case may be hosted outside of South Africa see below Clause 9) which is accessed by yourself and PIRB internal employees only. Personal Information will only be retained for so long as necessary to carry out the function, Services provided or facilitates your use by the PIRB. Due to the nature of the service rendered ie professional body registration, personal information shall not be destroyed.
Note: Registered Individual ship, Service Agreements, audit information, Certificate of Compliance, training attendance records, reports or deliverables provided to Corporate Clients in terms of the specific scope of work and personal information related thereto shall be kept for the PIRB indefinitely. The purpose of which is to ensure a continuous and accurate record of your Registered Individual ship, training history and reports/advice provided by the PIRB.
10. TRANS-BORDER FLOW OF PERSONAL INFORMATION
Your personal information may be stored on servers located outside of South Africa due to the PIRB’s Registered Individual ship programme tool. The PIRB, however, undertakes to ensure that service providers used for such cloud servers and/or services are obliged to comply with the highest standards of data protection to ensure the security of your personal information.
11. LINKS ON PIRB WEBSITE OR EMAIL COMMUNICATIONS
The PIRB is not responsible for the content or the privacy policies of websites of other institutions to which it may link you to – mainly for information purposes and access to documents provided by such institutions. The use of other third-party websites and content is at your sole discretion. This Policy applies solely to information collected by the PIRB.
12. PERSONAL INFORMATION HELD BY OR DISCLOSED BY YOU TO THIRD PARTIES
13. CORRECTION OF PERSONAL INFORMATION
It is your responsibility to ensure that the personal information provided to the PIRB is true, correct and accurate at all times. You may update and correct your personal information at any time either yourself via your online PIRB profile, via email communications to the PIRB or telephonically by calling the PIRB. The PIRB does not vet or check the information provided to it, and thus will not be held responsible for any incorrect or outdated information it may and which may be used to provide you with relevant and important communications.
14. ACCESS TO PERSONAL INFORMATION HELD BY THE PIRB
See the PIRB PAIA Manual for detailed information around your rights to access information held by the PIRB and applicable steps to follow.
15. CHANGES TO THIS POLICY
The PIRB may change this Policy at any time. Any change to this Policy will be displayed on the PIRB website. If you use this website or any of the services or facilities offered by the PIRB after the PIRB has displayed a change to this Policy, you will be deemed to have read and agreed to the change.
16. APPLICABLE LAWS
This Policy will be governed by the laws of the Republic of South Africa. Specifically, the PIRB undertakes to comply with the spirit of the Protection of Personal Information Act No.4 of 2013 (“POPI”) and the Promotion of Access to Information Act No.2 of 2000 (“PAIA”).