Privacy Policy

POPIA POLICY

External Processing of Personal Information Notice

Document Owner:
Finishing Touch Trading 516 (Pty) Ltd
Registration Number 2009/014664/07
Hereafter referred to as “Augos”, “us”, “we”, or “our”

Date Created: Wednesday 30 June 2021

This is an external notice which serves to describe to suppliers, customers, and other data subjects the steps taken by Augos to ensure that all personal information processed by it is so done in accordance with relevant data privacy laws, including (but not limited to) the Protection of Personal Information Act No. 4 of 2013.

1. Purpose of this Processing of Personal Information Notice

  1. This Processing of Personal Information Notice (“Notice”) is intended to inform data subjects of how, when and why personal information is processed by Augos as required by the Protection of Personal Information Act No. 4 of 2013 (“POPI”), specifically section 18 thereof.
  2. “Personal Information” includes Special Personal Information and Personal Information as defined in section 1 of POPI.
  3. This notice serves to highlight the ways in which we will ensure that we process personal information in accordance with the provisions, principles and conditions set out under POPI, which provisions, principles and conditions are reflective of requirements imposed upon us by POPI and other national and international legally binding data privacy laws, regulations, or other guidelines.

2. Definitions

  1. For purposes of this notice, please take note of the definitions of certain terms as reflected in section 1 of POPI. Furthermore, please take specific notice of the following terms (used throughout this notice) and their corresponding meanings.
    1. “consent” means consent given to us by you to process your personal information, which consent is required by POPI to be voluntary, specific and informed. Such consent may be expressed or implied, meaning it can be given specifically, verbally or by means of writing, or can be inferred by way of your actions.
    2. “data subject” is the person (natural or juristic) to whom the personal information relates.
    3. “operator” is any person who processes your information on our behalf in terms of a contract or mandate without coming under our direct authority.
    4. “personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
      1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
      2. Information relating to the education or the medical, financial, criminal or employment history of the person;
      3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
      4. The biometric information of the person;
      5. The personal opinions, views or preferences of the person;
      6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
      7. The views or opinions of another individual about the person; and
      8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
    5. “Process” means, in relation to personal information, the:
      1. Collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
      2. Dissemination by means of transmission, distribution or making available in any other form; or
      3. Merging, linking, as well as restriction, degradation, erasure or destruction of information.
      This definition is extended to words bearing the same or similar meaning in another context, which words include, but are not limited to, “processing”, “processed”, and “processes”.
    6. “Responsible Party” is the party that is processing the personal information of the data subject, which in this case is Augos.
    7. “Special Personal Information” means personal information as referred to in section 26 of POPI.

3. Nature of the Personal Information Processed by Us

  1. In the normal course of our business we are required to contract with various persons. Whilst these persons are generally juristic in nature, the personal information of natural persons is often also processed in these contractual relationships. The provisions of this notice apply equally to both natural and juristic persons. However, the context of each provision may demand a change in the way the word ‘personal information’ is understood as certain attributes are only attributable to natural/juristic persons.
  2. The most common types of personal information we process include:
    1. Contact Information such as company names, natural person names, e-mail addresses, phone numbers, mobile numbers, and postal addresses;
    2. Financial Account Information such as bank account numbers, VAT numbers, Income Tax numbers, invoice details, shareholder information and trustee information;
    3. Online Information such as passwords used to access our software, IP addresses used to browse our website and/or web-enabled platforms, and any other information that you willingly supply to us through the internet (by means of surveys, request forms or otherwise);
    4. Identifier Information such as company registration numbers, electricity provider utility names, internet service provider names, identity/passport numbers, supplier numbers, vendor numbers, tender information, and physical addresses;
    5. Employment Related Information such as curriculum vitae, identification numbers, passport numbers, education history, work history, qualification records, and other records relating to your employment at Augos; and
    6. Correspondence Information such as the content of our communications with you, suggestions made, comments made, feedback given, or other information gathered during such correspondence.
  3. Notwithstanding the fact that the above are the most common form of personal information that we process, we will ensure that all information that meets the definition of “personal information” in section 1 of POPI is processed in accordance with this notice.

4. Principles Governing How We Process Personal Information

  1. When processing personal information, we are obliged to do so in a lawful, legitimate, and responsible manner and in accordance with the provisions, principles, and conditions set out under POPI.
  2. In order to ensure that we do so, we will adhere to provision 4.2.1 (including sub-provisions) of this notice.
    1. Consent is required from the data subject in order to process their personal information, unless such processing:
      1. Is required in order to perform in terms of a contract concluded, or to conclude such contract, to which the data subject is a party;
      2. Is required in order to comply with obligations imposed upon us by law or by regulatory bodies empowered to impose legally binding duties;
      3. Is for a legitimate purpose or is necessary to protect and/or pursue the legitimate interest(s) of:
        • The data subject;
        • The person processing the personal information (being either the responsible party or an operator); or
        • That of a third party to whom the personal information is supplied; or
      4. Is necessary for the proper performance of a public law duty on behalf of a public body.

5. Manners of Processing Personal Information

  1. The nature of our business is such that, in most cases, personal information is processed from our first interaction with you or an individual representative of your company. Whilst the nature of the personal information we process may differ from the time of first interaction to after we have rendered our services to you, this does not affect the manner in which we process such personal information.
  2. We have identified the following as the most common ways in which we process your personal information:
    1. When we approach you, or when you approach us, in the first stages of negotiation regarding our products or services;
    2. When we negotiate and conclude an agreement with you;
    3. When we request contact details, or when contact details are supplied to us by you, when such details pertain to an agreement or negotiations preceding an agreement;
    4. When you interact with us, after the conclusion of an agreement for goods or services, where such interaction is premised on support, sales, financing, accounts, or other aspects of management, which specifically includes support relating to your subscription to our software;
    5. When you enter information onto any website form, survey, fill-in form, or other documentation of a similar nature;
    6. When you request a quote or invoice from us;
    7. When you send us a purchase agreement for goods or services after an agreement has been reached regarding the provision of such goods or services;
    8. When we configure any goods sold to you with your information so as to be able to assist you in the future with such goods (for example, when we assign the physical location of your company building/site to a metering device and record such information on our database);
    9. When you consent to being a recipient of any communication sent by us, or otherwise interact with our communications;
    10. When your information is provided to us by a third party; and
    11. When you make your information publicly available, through means such as company registers, online searches, posts on social media, governmental databases, and recruitment agencies.
  3. The sub-clauses of clause 5.2 are not representative of a closed list of ways in which we process your personal information. Instead, they serve to alert you to the most common ways that we are able to identify to the best of our ability. Should we process your personal information in any manner other than those identified above, we will still do so in accordance with Clauses 4.1 and 4.2 (including sub-clauses).

    Special attention is to be drawn to the sub-clauses of 5.2 above which concern the processing of personal information where such information is obtained elsewhere than directly from you. In such cases we will ensure that such personal information is processed in accordance with clause 4.2 (including sub-clauses).

6. Purpose of Processing Personal Information

  1. We process personal information only for purposes of legitimately conducting our business operations. Such purposes include, but are not limited to:
    1. Implementing and maintaining relationships with the data subject, which includes the initiation of communications, processing of orders (quotes, purchase orders, invoices etc.), processing of payments, and ensuring that your contact information is up-to-date;
    2. Ensuring that we constantly deliver high-quality customer service, which includes facilitating complaints, appeals, and requests for changes/verifications/modifications or similar requests;
    3. To comply with requests from regulatory bodies, governmental organisations, and other institutions empowered by law or regulations to act as an operator in relation to the personal information of data subjects in relation to whom we are the responsible party;
    4. To improve the levels of goods and services sold and rendered to you by us, which includes the monitoring of trends to advise on potential areas of improvement for data subjects, warn data subjects of potential risks, advising/consulting on any other aspect relating to the goods and services sold and rendered by us, and conducting internal audits and reviews; and
    5. To compile agreement-related reports such as safety files and file agreement-related claims such as insurance claims.

7. Processing of Personal Information of South African Data Subjects Outside the Republic

  1. Whilst we have a global presence, all personal information relating to South African data subjects processed by us as a responsible party is so processed within the Republic.
  2. Where we process personal information related to data subjects situated in a country/jurisdiction outside the Republic, such personal information will be processed in accordance with the applicable laws stipulated by such country/jurisdiction but will, as a minimum, be processed in accordance with the provisions of POPIA.

8. Safekeeping of Personal Information Processed by Us

  1. We have in place measures that aim to protect the security of all personal information processed by us, whether in our capacity as the responsible party or an operator, which measures were designed after taking into account the requirements imposed upon us by POPI, the nature, context, and purpose of the personal information that we process as well as the processing thereof, and the value that we attribute to the security of every person’s personal information.
  2. As a policy of the Company, all reasonable steps are taken to ensure that all personal information is stored in electronic format. This policy is based on the fact that most communications and other methods of processing personal information are done electronically. However, in the event that personal information is processed in hard copy format, we will take all steps reasonable under the circumstances to convert such personal information to electronic format.
    1. Where duplicate formats exist of a single source of personal information, the electronic format is considered the master copy.
  3. Electronic copies of personal information are kept on both our proprietary software as well as on software provided as a service by reputable third parties. Access to such information, and the ability to otherwise process it, is reserved for employees of the Company on a need-to-know/need-to-act basis. Such reservations are effected by means of the assignment of secure and confidential access details (username and password) to each employee of the Company.
  4. The software referred to in clause 8.3, as well as the policy referred to in clause 8.2, are regarded as being appropriate and reasonable technical and organisational measures to secure the integrity and confidentiality of personal information in our possession.
  5. Personal information is processed for as long as needed in order to achieve the purpose for which it was processed for the first time and any other permitted and reasonably linked purposes.
  6. In certain circumstances we are required by law or regulations to maintain personal information for a certain period of time.
  7. Upon the lapse of any period of time referred to in clause 8.5 or 8.6, whichever comes last, the relevant personal information will be destroyed or irreversibly un-identified.
  8. We regularly conduct internal audits and reviews to ensure that personal information is being safeguarded as per clause 8.

9. Processing of Children’s Personal Information

  1. We do not, as a general rule, process the personal information of natural persons under the age of 18 years who are not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself.
  2. In the event that we do process such personal information, we will do so in accordance with section 35 of POPIA which lays out the circumstances in which such personal information may be processed.

10. Your Rights as a Data Subject

  1. You have the right to contact us at any time in order to request a report highlighting the personal information that we have that relates to you and the identity or categories of third parties who have had, or currently have, access to your personal information.
  2. You have the right to request access to our records which contain your personal information or a description of the personal information that we hold about you.
    1. In certain circumstances we are not permitted to give you access to our records or descriptions as described in clause 10.2, or to furnish you with a report of the kind referred to in clause 10.1. These include circumstances where refusing your request is justified in order to protect:
      • The privacy of others;
      • The confidential information of third parties; or
      • The safety of others.
  3. You have the right to request that we correct your personal information that we process if you come to learn that it is inaccurate, irrelevant, excessive, misleading or was unlawfully obtained.
  4. You have the right to request that we delete or irreversibly de-identify your personal information if we do not have a legal basis which justifies its continued retention.
  5. In circumstances where our processing of your personal information is based on your consent to such, you have the right to withdraw such consent.
    1. Should you withdraw your consent, the provisions of clause 11 shall apply.
  6. You have the right to object to our handling of your personal information on reasonable grounds where we believe that the processing of such is justified on grounds of our or your legitimate interests.
  7. When exercising or attempting to exercise any of the aforementioned rights, we will require that you furnish us with a certified copy of your identity document/registration documents so that we are able to verify that the personal information in question does relate to you.
  8. Where you exercise any of the aforementioned rights, after requesting to do so in writing to us, we may charge a reasonable fee to cover the expense caused to us to comply with your request to exercise your right. We will, however, inform you of the quantum of the fee upon your request to us to exercise your right.
  9. Where we refuse to accommodate any of your requests to exercise any of your rights stated above (or founded elsewhere in law), we will furnish you with written reasons if you request.
  10. In situations where the exercise of any of your rights stated above (or founded elsewhere in law) results in us ceasing with the processing of or deleting/irreversibly de-identifying any of your personal information, we may not be able to conduct business with you as envisaged by any agreements giving effect to such business.
  11. If you are of the opinion that the way in which we process information, or other aspects of our operations related to the processing of personal information, are unlawful, you have the right to complain to the Information Regulator. Such complaints are to be submitted to the office of the Information Regulator. Contact details of the Information Regulator can be found on https://www.justice.gov.za/inforeg/.

11. Consequences of Augos Not Being Allowed to Process Your Personal Information

  1. Should we not be able to process your personal information, whether it be by reason of you withholding your consent to do so or otherwise, we cannot guarantee that we will be able to:
    1. Honour any agreements between us and you;
    2. Provide you with high levels of service delivery;
    3. Attend to your complaints, appeals, feedback, or other similar information;
    4. Process payments relating to our business with you;
    5. Improve the quality/level of goods/services sold/rendered to you; or
    6. Otherwise conduct business with you in a manner consistent with the way in which we generally conduct business with people of your nature.
  2. In situations where your consent is requested and not given, we reserve the right to process your information if we have a basis in law, apart from consent, to do so.

12. Unlawful Processing and Acquisition of, and Access to, Personal Information

  1. If you are of the opinion that your personal information has been unlawfully processed, acquired, accessed, or otherwise dealt with, you may contact the Company’s Information Officer using the details reflected in this Notice.
  2. If the Information Officer is notified of an incident of the nature reflected in clause 12.1, he/she is required to investigate it and report back to the person that notified him/her thereof within a reasonable time.

Information Officer Contact Details

Name & Surname: Tim J Stevens
Tel: +27 (21) 975 4529
E-mail: tim@augos.io

VAT Reg No: 4700255534

Finishing Touch Trading 516 (Pty) Ltd

Reg No. 2019/418843/07

Directors: G J Kruger & T J Stevens