PROTECTION OF PERSONAL INFORMATION POLICY FOR MAPHIKE ATTORNEYS INC. (“MAPHIKE INC”) IN COMPLIANCE WITH THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
The Policy applies to all Data Subjects, who access and make use of this website and/or application and all the Personal information collected and processed by Maphike Inc.
- Data Subject
This refers to the natural or juristic person to whom personal information relates, such as an individual client, customer or a company that makes use of this website and/or application.
An operator means an independent contractor who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
- Responsible Party
Maphike Inc collects, processes and stores personal information on its own behalf in compliance with the provisions of POPIA.
- COLLECTION OF PERSONAL INFORMATION
Maphike Inc collects the following personal information:
- Telephone number;
- Email address;
- Booking history;
- Custom tags and notes; and
- Any other additional information voluntarily shared by the Data Subject
- PROCESSING OF PERSONAL INFORMATION
Maphike Inc will ensure that personal information under its control is processed:
- in a fair, lawful and non-excessive manner, and
- only with the informed consent of the data subject, and
- only for a specifically defined purpose.
Maphike Inc processes personal information for the purpose of online table bookings and/or reservations, online ordering of food and applicable beverages and for marketing purposes as determined by Maphike Inc.
Maphike Inc will be responsible for the processing of personal information where the data subjects contacts us telephonically to make table bookings, place orders and for any enquiries which may require any exchange of personal information.
Maphike Inc will under no circumstances distribute or share personal information between separate legal entities, associated organisations or with any individuals that are not directly involved with facilitating the purpose for which the personal information was originally collected and/or for agreed usage set out herein. Where applicable, the data subject will be informed of the possibility that their personal information will be shared and be provided with the reasons thereof.
- RIGHTS OF DATA SUBJECTS
Maphike Inc will ensure that it gives effect to the following seven rights.
- The Right to Access Personal Information
Maphike Inc recognises that a data subject has the right to establish whether Maphike Inc holds personal information related to it including the right to request access to that personal information via email to firstname.lastname@example.org subject line “PERSONAL INFORMATION REQUEST”.
- The Right to have Personal Information Corrected or Deleted
The data subject has the right to request, where necessary, its personal information must be corrected or deleted where Maphike Inc is no longer authorised to retain the personal information.
- The Right to Object to the Processing of Personal Information
The data subject has the right, on reasonable grounds, to object to the processing of its personal information. In such circumstances, Maphike Inc will give due consideration to the request and the requirements of POPIA.
Maphike Inc may cease to use or disclose the data subject’s personal information and may, subject to any statutory and/or contractual obligation, approve the destruction of the personal information.
- The Right to Object to Direct Marketing
The data subject has the right to object to the processing of its personal information for purposes of direct marketing by means of unsolicited electronic communications. Failing which, Maphike Inc may use the personal information for direct marketing.
- The Right to Complain
The data subject has the right to submit a complaint regarding an alleged infringement of any of the rights protected under POPIA. The complaint can be lodged by completing the form found here (www.maphikeinc.co.za) Maphike Inc will use its best endeavours to resolve the dispute as speedily as reasonably possible.
- The Right to be Informed
The data subject has the right to be notified that its personal information is being collected by Maphike Inc, as we hereby do. The data subject also has the right to be notified in any situation where Maphike Inc has reasonable grounds to believe that the personal information of the data subject has been accessed or acquired by an unauthorised person.
Maphike Inc keeps an appropriate record of all personal information.
Record means any recorded information, regardless of form or medium, including any of the following:
- writing of any material;
- information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
- label, marking or other writing that identifies or describes anything of which it form part, or to which it is attached by any means;
- book, map, plan, graph or drawing;
- photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced
- AGREEMENT TO BE BOUND AND CONSENT TO PROCESS
By making use of and accessing Maphike Inc’s website and/or application, the Data Subject:
- SECURITY OF PERSONAL INFORMATION
- Maphike Inc is committed to protecting personal information from misuse, loss, theft, unauthorized access, modification, or disclosure by using electronic and physical defenses.
- Maphike Inc will manage the security of its filing system to ensure that personal information is adequately protected. To this end, security controls will be implemented in order to minimise the risk of loss, unauthorised access, disclosure, interference, modification or destruction.
- Maphike Inc’s server is managed and stored with a third party, who is compliant with the provisions for storing and processing personal information.
- Maphike ensures that all electronic records comprising of personal information are securely stored and made accessible only to authorised individuals.
- All new employees will be required to sign employment contracts containing contractual terms for the use and storage of employee information. Confidentiality clauses will also be included to reduce the risk of unauthorised disclosures of personal information.
- All existing employees will, be required to sign an addendum to their employment containing the relevant consent and confidentiality clauses.
- A data subject may request the correction or deletion of his, her or its personal information held by Maphike Inc. Maphike Inc will ensure that it provides a facility for data subjects who want to request the correction or deletion of their personal information.
- Employees and other persons acting on behalf of Maphike Inc will under no circumstances:
- Process or have access to personal information where such processing or access is not a requirement to perform their respective work-related tasks or duties.
- Save copies of personal information directly to their own private computers, laptops or other mobile devices like tablets or smart phones. All personal information must be accessed and updated from Maphike Inc’s central database or point of use only.
- Share personal information informally. In particular, personal information should never be sent by email, as this form of communication is not secure. Where access to personal information is required, this may be requested from the relevant Manager and/or the Information Officer.
- Transfer personal information outside of South Africa, whether electronically or otherwise, without the express written consent of the Manager and/or Information Officer.
- Employees and other persons acting on behalf of Maphike Inc are responsible for:
- Ensuring that personal information is held in as few places as is necessary. No unnecessary additional records, filing systems and data sets should therefore be created.
- Ensuring that personal information is encrypted prior to sending or sharing the information electronically.
- Ensuring that all computers, laptops and devices such as tablets, flash drives and smartphones that store personal information are password protected and never left unattended. Passwords must be changed regularly and may not be shared with unauthorised persons.
- Ensuring that their computer screens and other devices are switched off or locked when not in use or when away from their desks.
- Ensuring that where personal information is stored on removable storage medias such as external drives, CDs or DVDs that these are kept locked away securely when not being used.
- Ensuring that where personal information is stored on paper, that such hard copy records are kept in a secure place where unauthorised people cannot access it. For instance, in a locked drawer, officer of a filing cabinet.
- Ensuring that where personal information has been printed out, that the paper printouts are not left unattended where unauthorised individuals could see or copy them.
- Taking reasonable steps to ensure that personal information is stored only for as long as it is needed or required in terms of the purpose for which it was originally collected. Where an employee, or a person acting on behalf of Maphike Inc, becomes aware or suspicious of any security breach such as the unauthorised access, interference, modification, destruction or the unsanctioned disclosure of personal information, he or she must immediately report to the appropriate person.
- THIRD PARTY PROCESSING
Maphike Inc may use services of POPIA compliant third party service providers for the management and storage of data, for email and SMS communication and other tasks involving personal information.
- RETENTION OF PERSONAL INFORMATION
Maphike Inc shall retain personal information for as long as it is necessary to fulfil the purpose for which it was collected where after it shall be deleted. The criteria Maphike Inc uses to determine retention periods includes whether:
- Maphike Inc is under contractual or other obligations to retain personal data;
- Personal information is needed to maintain business records.
- DIRECT MARKETING
One can choose whether to receive marketing communications from Maphike Inc.
Maphike Inc shall not avail your personal information to unaffiliated third parties for direct marketing purposes or otherwise make personal information commercially available to any third party, unless the data subject has provided consent to it.
Should data subject opt out of receiving such marketing, they will be given the option to do so, alternatively they can contact Maphike Inc in the form referred to at section 6 above.
- ENFORCEMENT ACTION
- CHANGES TO POLICY
- INFORMATION OFFICER
Maphike Inc’s Information Officer may be contacted here: www.maphikeinc.co.za or at email@example.com
DATED 22 NOVEMBER 2022