STATEMENT TO CLIENTS / SUPPLIERS AND STAKEHOLDERS
This Privacy Statement describes how PLH Group (‘we’, ‘us’) collects and processes personal information about you; how we use and protect this information, and your rights in relation to this information, in accordance with the requirements of the Protection of Personal Information Act (POPIA)
This Privacy Statement applies to all personal information we collect about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
2. INFORMATION WE COLLECT
We may collect your personal information from a variety of sources, including personal information we collect from you directly (e.g. when you contact us and we provide services to you), and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).
Certain personal information is required as a consequence of any contractual relationship we have with you or your employer, to enable us to carry out our contractual obligations to you or your employer. Failure to provide this personal information may prevent or delay the fulfilment of these obligations.
Information we collect directly from you
The categories of personal information that we may collect directly from you as client / supplier / stakeholder include the following:
- personal details (e.g. name, age, date of birth, gender, identity number or registration number);
- contact details (e.g. phone number, email address, postal address or mobile number);
- Customer Details-Vat Numbers-delivery addresses-email addresses-client company details);
- Copies of compliance certification
- Emergency Planning and Operational data
- Environmental plans
- Physical Security plans and contracts
- Transport and Delivery Plans
- Copies of Insurance and Public Liability Insurances
- Client and 3rd party professional qualifications and professional body registration details
- Supplier contracts and supplier contact details
- Customer contracts and customer details
- Details regarding the rendering of services according to instructions given by clients
- Keeping of accounts and records
- Complying with tax laws
- Clients include potential and existing clients
Information we may collect from other sources
We may collect from other sources such as the Companies and Intellectual Property Commission; Search Works, Financial Institutions; SARS.
We must have a legal basis to process your personal information. We will only process your personal information for the purpose(s) for which it was collected and agreed with you in most cases the legal basis will be one of the following:
- to provide services, to you, as set out in the agreement with you;
- to fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, to communicate with you and to carry out instructions and requests, and for ensuring you are able to access our premises when required;
- to comply with our legal obligations to you, for example health and safety obligations while you are on any of our premises, or to a third party (e.g. to comply with a court order);
- to meet our legitimate interests so that: we are able to provide the services you request; our services function correctly in relation to your business; any complaints or concerns can be promptly relayed to us; we can respond to any questions or concerns you might have; we may carry out research and analysis to ensure products and services we offer are relevant to you; our records are kept up to date and accurate, and; to send relevant and appropriate electronic correspondence to you in order to keep you informed regarding, but not limited to, industry developments which may impact you, and to invite you to events which are fundamental to the services which we provide.
Sometimes we are authorised and/or required to collect and/or process personal information in accordance with applicable legislation. A list of the applicable legislation in terms of which records are held by us can be found in our PAIA Manual.
3. USE OF PERSONAL INFORMATION
We must have a legal basis to use your personal information. We will only use your personal information for the purpose(s) for which it was collected and agreed with you.
We use your personal information to:
- contact you with questions and other information regarding the services we are providing to you;
- ensure that our records are kept accurate and up to date where you, your employees or contractors work on or visit our facilities;
- ensure we issue accurate invoices for our services;
- send you messages about products and services which we think will be of interest to you;
- comply with legal obligations to which we are subject;
- comply with obligations in terms of our mandate from you.
4. YOUR RIGHTS
Please let us know if any of the personal information that we hold about you changes so that we can correct and update the personal information on our systems.
1. Right of access to information
You have the right to request, free of charge, confirmation as to whether we hold personal information about you. You also have the right to request a copy of the record of personal information or a description of the personal information we hold about you. Submission of access request forms together with the details of the access request procedure can be found in our PAIA Manual.
2. Right to request correction or deletion of personal information
You can request, where allowed by law, the correction, updating or deletion of the personal information held by us. You can also request, where allowed by law, the destruction or deletion of a record of information held by us. Submission of a request for correction or deletion forms together with the details of the request for correction and deletion procedure can be found in our PAIA Manual.
3. Right to object to the processing of personal information
In certain circumstances, such as when we process your information for our or your legitimate interests, you may object to the processing of your personal information, unless we are required to process the information on another bases, such as a legal basis. Submission of objection forms together with the details of the objection procedure can be found in our PAIA Manual.
4. Right to ask us to share your personal information in a usable format with another entity
We can provide the personal information which you provided to us, to you or another person, in commonly used and machine-readable format.
5. Right to object to automated decision-making and profiling
Where we use automated decision-making or profiling to make decisions, you may object to this profiling. Alternatively, you may ask that a person review a decision made, or that you be provided with the logic around such a decision, so that you can make a representation in respect of the decision.
6. Right to unsubscribe from direct marketing
Where you do not wish to receive marketing communication from us you can unsubscribe from marketing emails by clicking on the unsubscribe link in each email.
We will still be able to contact you when there is important communication required to be sent.
7. Right to withdraw consent
Where you have given your consent to a particular type of processing, you may withdraw that consent at any time by contacting us using the contact details set out below.
8. Right to lodge a complaint with the information regulator
You have the right to lodge a complaint with the Information Regulator, in the prescribed manner and form, if you believe that we are interfering with the protection of your personal information. You can contact the Information Regulator on 010 023 5207 (telephone number) and can lodge a complaint via email on email@example.com.
5. INFORMATION SHARING
In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.
We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment processing, data analytics and research. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.
Other situations in which we may disclose your personal information to a third party, are:
- to perform other services, we request from service providers, which may include other firms;
- to third parties who provide IT services, data processing or IT functionality services, for example cloud-based software providers, web hosting services, data analysis providers and data storage or backup providers;
- to fulfil our contractual obligations to you;
- where permitted by law, to protect and defend our rights and property; and
- when required by law, and/or public authorities;
We may also share aggregated personal information that cannot identify you for general business analysis, e.g. we may disclose the number of visitors to our websites or services.
6. INFORMATION SECURITY
We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. You may request a copy of our Information Security and Privacy Overview Policy from us using the contact details set out below.
We require all staff, (Partners and/or Directors and employees) to keep personal information confidential and only authorised staff have access to this personal information.
We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.
7. INFORMATION TRANSFER
We do not transfer personal information outside of South Africa and should it be required you will be informed and consent will be obtained in accordance with the appropriate data protection laws.
We anticipate that personal information may need to be transferred outside of South Africa for purposes of cloud storage, and where we do so, we will ensure that the necessary safeguards are in place to protect personal information.
8. CONTACT US
If you have questions or concerns regarding the way in which your personal information has been used, or should you have any questions about this Privacy Statement, please contact our information officer Cornelia Esterhuizen via email at firstname.lastname@example.org or at (018) 4644148 and provide the details relating to your query.
9. CHANGES TO THE PRIVACY STATEMENT
You may request a copy of this Privacy Statement from us using the contact details set out above. We may modify or update this privacy notice from time to time. You will be able to see when we last updated the Privacy Statement because we will include a revision date. Changes and additions to this Privacy Statement are effective from the date on which they are posted. Please review this Privacy Statement from time to time to check whether we have made any changes to the way in which we use your personal information.