Protection of Personal Information Privacy Policy
NAME OF BODY: SHANCON PROJECTS CC
REGISTRATION NO.: 2005/044620/23
Shancon Projects CC (“SH”) is a Profit Company with members. Its main object is to develop luxury residential projects at affordable prices. The Nature of the business requires a clear and concise Marketing strategy to be implemented into the public domain.
In conducting its business, advancing its objectives and general functions, SH collects and processes Personal Information in accordance with its obligations in terms of its Memorandum of Incorporation and Rules (“MOI”), the Companies Act 71 of 2008 (“the Companies Act”) and the Community Schemes Ombud Services Act 9 of 2011 (“the CSOS Act”).
This policy complies with the Protection of Personal Information Act 4 of 2013 (“POPI Act”); the Promotion of Access to Information Act 2 of 2000 (“PAIA”) ; the Companies Act; the CSOS Act and good Corporate Governance Practices and, ensures that the Personal Information collected is accurate, complete and reasonable.
The Key Risks identified are breach of confidentiality of information, breach of security by allowing unauthorised access to the information and harm to individuals in the event of outdated or misleading information.
What is “Personal Information”?
Information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing, juristic person; and includes information such as: names, identifying numbers, race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth by allowing unauthorised access to the information and harm to individuals in the event of outdated or misleading information.
Processing includes:
The collection, receipt, recording, organising, storage, updating, distributing, merging, linking and destroying of information.
Purpose of processing personal information:
Compliance with legislation, storage for record purposes, conducting business, marketing and advancing objectives of SH.
Scope of Protection of Personal Information Act:
Lawfulness – personal information must be processed lawfully, in a reasonable manner and, in a manner which does not infringe on the privacy of the individual.
Minimality – personal information may only be processed if, given the purpose for which it is processed, it is adequate and relevant and, it is not excessive.
Consent and Justification – personal information may only be processed if, amongst other things:
The Individual consents to processing;
Processing is necessary to carry out business objectives;
Processing complies with an obligation imposed by law;
Processing is necessary for pursuing the legitimate interests of the business (or third party to whom the information is supplied).
Collection – personal information must be collected directly from the Individual, unless:
The information is contained in or obtained from public record;
The collection of information from another source would not prejudice a legitimate interest of the individual;
The collection of information from another source is necessary;
The collection from the individual is not reasonably practicable in the circumstances.
Information Policy
How the information is collected:
- Online Marketing
- Marketing Strategies
- Prospective Owner
- Director
- Visitor
- Staff
What information is collected:
- Full names;
- Preferred names;
- Date of Birth;
- SA ID number;
- Passport number;
- Language;
- Education;
- Cell phone numbers;
- Work contact details;
- Personal fax numbers;
- Personal email addresses;
- Physical Address;
- Postal Address;
- Vehicle registration, make, model & colour;
- Special interest;
- Details of Occupation.
- Full names;
- Preferred names;
- Date of Birth;
- SA ID number;
- Passport number;
- Language;
- Education;
- Cell phone numbers;
- Work contact details;
- Personal fax numbers;
- Personal email addresses;
- Physical Address;
- Postal Address;
- Vehicle registration, make, model & colour;
- Special interest;
- Details of Occupation.
- Full names;
- Preferred names;
- Date of Birth;
- SA ID number;
- Passport number;
- Cell phone numbers;
- Work contact details;
- Personal fax numbers;
- Personal email addresses;
- Physical Address;
- Postal Address;
- Vehicle registration, make, model & colour;
- Special interest;
- Details of Occupation.
- Initials and surname;
- ID number;
- ID Photograph;
- Passport Number;
- Mobile phone number;
- Vehicle colour, make, model and registration number;
- Address/person being visited.
- Full names;
- Preferred names;
- Date of Birth;
- SA ID number;
- Passport number;
- Sex;
- Pregnancy;
- Religion;
- Language;
- Education;
- Cell phone numbers;
- Personal fax numbers;
- Email addresses;
- Physical Address;
- Postal Address;
- Bank Account details;
- Vehicle registration, make, model & colour;
- Special interest.
How the information is held:
- Hard copy
- Electronically
- Hard copy
- Electronically
- Hard copy
- Electronically
- Hard copy
- Electronically
- Hard copy
- Electronically
Purpose:
- Conduct business and objectives of SH
- Communication
- Conduct business and objectives of SH
- Communication
- Conduct business and objectives of SH
- Communication
- Conduct business and objectives of SH
- Security
- Conduct business and objectives of SH
- Communication
Access:
- As required in terms of Law
- As required in terms of MOI
- As required in terms of Law
- As required in terms of MOI
- As required in terms of Law
- As required in terms of MOI
- Consent required
- Consent required
SAFETY & SECURITY MEASURES:
- Firewall.
- Managed network switches.
- Locked network cabinets with keys in a Lock Box.
- All PCs and laptops have password protection
- Limited access to offices via lock and key.
- Contact and passive alarm systems to cover the administration complex.
- Filing cabinets in locked offices.
PERTINENT COMPANY LAW IN TERMS OF THE COMPANIES ACT:
Section 24 – form and standards for company records.
1)Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Companies Act or any other public regulation must be kept:-
a)in written form, or other form or manner that allows that information to be converted into written form within a reasonable time; and
b)for a period of seven years, or any longer period of time specified in any other applicable public regulation, subject to subsection (2).
2)If a company has existed for a shorter time than contemplated in subsection (1) (b), the company is required to retain records for that shorter time.
3)Every company must maintain:-
a) a copy of its Memorandum of Incorporation, and any amendments or alterations to it, and any rules of the company made in terms of section 15 (3) to (5);
b) a record of its directors, including:-
i.all the information required in terms of subsection (5) in respect of each current director at any particular time; and
ii.with respect to each past director, the information required in terms of subparagraph (i), which must be retained for seven years after the past director retired from the company;
c) copies of all:-
i. reports presented at an annual general meeting of the company, for a period of seven years after the date of any such meeting;
ii. annual financial statements required by this Act, for seven years after the date on which each such particular statements were issued; and
iii. accounting records required by this Act, for the current financial year and for the previous seven completed financial years of the company;
d) notice and minutes of all shareholders meetings, including:-
i. all resolutions adopted by them; and
ii. any document that was made available by the company to the holders of securities in relation to each such resolution,
for seven years after the date each such resolution was adopted;
e) copies of any written communications sent generally by the company to all holders of any class of the company’s securities, for a period of seven years after the date on which each such communication was issued; and
f. minutes of all meetings and resolutions of directors, or directors’ committees, or the audit committee, if any, for a period of seven years after the date:-
i. of each such meeting; or
ii.on which each such resolution was adopted.
4) In addition to the requirements of subsection (3), every company must maintain:-
a) a securities register or its equivalent, as required by section 50, in the case of a profit company, or a member’s register in the case of a non-profit company that has members; and
b) the records required in terms of section 85, if that section applies to the company.
5) A company’s record of directors must include, in respect of each director, that person’s:-
a) full name, and any former names;
b) identity number or, if the person does not have an identity number, the person’s date of birth;
c) nationality and passport number, if the person is not a South African;
d) occupation;
e) date of their most recent election or appointment as director of the company;
f) name and registration number of every other company or foreign company of which the person is a director, and in the case of a foreign company, the nationality of that company; and
g) any other prescribed information.
Section 24 – form and standards for company records:
1) Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Companies Act or any other public regulation must be kept:-
a) in written form, or other form or manner that allows that information to be converted into written form within a reasonable time; and
b) for a period of seven years, or any longer period of time specified in any other applicable public regulation, subject to subsection (2).
2) If a company has existed for a shorter time than contemplated in subsection (1) (b), the company is required to retain records for that shorter time.
3) Every company must maintain:-
a) a copy of its Memorandum of Incorporation, and any amendments or alterations to it, and any rules of the company made in terms of section 15 (3) to (5);
b) a record of its directors, including:-
i. all the information required in terms of subsection (5) in respect of each current director at any particular time; and
ii. with respect to each past director, the information required in terms of subparagraph (i), which must be retained for seven years after the past director retired from the company;
c) copies of all:-
i. reports presented at an annual general meeting of the company, for a period of seven years after the date of any such meeting;
ii.annual financial statements required by this Act, for seven years after the date on which each such particular statements were issued; and
iii. accounting records required by this Act, for the current financial year and for the previous seven completed financial years of the company;
d) notice and minutes of all shareholders meetings, including:-
i. all resolutions adopted by them; and
ii. any document that was made available by the company to the holders of securities in relation to each such resolution,
for seven years after the date each such resolution was adopted;
e) copies of any written communications sent generally by the company to all holders of any class of the company’s securities, for a period of seven years after the date on which each such communication was issued; and
f. minutes of all meetings and resolutions of directors, or directors’ committees, or the audit committee, if any, for a period of seven years after the date:-
i. of each such meeting; or
ii. on which each such resolution was adopted.
4)In addition to the requirements of subsection (3), every company must maintain:-
a) a securities register or its equivalent, as required by section 50, in the case of a profit company, or a member’s register in the case of a non-profit company that has members; and
b) the records required in terms of section 85, if that section applies to the company.
5) A company’s record of directors must include, in respect of each director, that person’s:-
a) full name, and any former names;
b) identity number or, if the person does not have an identity number, the person’s date of birth;
c) nationality and passport number, if the person is not a South African;
d) occupation;
e) date of their most recent election or appointment as director of the company;
f) name and registration number of every other company or foreign company of which the person is a director, and in the case of a foreign company, the nationality of that company; and
g) ny other prescribed information.
Section 26 – Access to company records:
1) A person who holds or has a beneficial interest in any securities issued by a profit company, or who is a member of a non-profit company, has a right to inspect and copy, without any charge for any such inspection or upon payment of no more than the prescribed maximum charge for any such copy, the information contained in the following records of the company:
a) The company’s Memorandum of Incorporation and any amendments to it, and any rules made by the company, as mentioned in section 24 (3) (a);
b) the records in respect of the company’s directors, as mentioned in section 24 (3) (b);
c) the reports to annual meetings, and annual financial statements, as mentioned in section 24 (3) (c) (i) and (ii);
d) the notices and minutes of annual meetings, and communications mentioned in section 24 (3) (d) and (e)but the reference in section 24 (3) (d) to shareholders meetings, and the reference in section 24 (3) (e) to communications sent to holders of a company’s securities, must be regarded in the case of a non-profit company as referring to a meeting of members, or communication to members, respectively; and
e) the securities register of a profit company, or the members register of a non-profit company that has members, as mentioned in section 24 (4).
2) A person not contemplated in subsection (1) has a right to inspect or copy the securities register of a profit company, or the members register of a non-profit company that has members, or the register of directors of a company, upon payment of an amount not exceeding the prescribed maximum fee for any such inspection.
3) In addition to the information rights set out in subsections (1) and (2), the Memorandum of Incorporation of a company may establish additional information rights of any person, with respect to any information pertaining to the company, but no such right may negate or diminish any mandatory protection of any record required by or in terms of Part 3 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000).
4) A person may exercise the rights set out in subsection (1) or (2), or contemplated in subsection (3):
a) for a reasonable period during business hours;
b) by direct request made to a company in the prescribed manner, either in person or through an attorney or other personal representative designated in writing; or
c) in accordance with the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000).
5) Where a company receives a request in terms of subsection (4) (b) it must within 14 business days comply with the request by providing the opportunity to inspect or copy the register concerned to the person making such request.
6) The register of members and register of directors of a company, must, during business hours for reasonable periods be open to inspection by any member, free of charge and by any other person, upon payment for each inspection of an amount not more than R100,00.
7) The rights of access to information set out in this section are in addition to, and not in substitution for, any rights a person may have to access information in terms of:
a) section 32 of the Constitution;
b) the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000); or
c) any other public regulation.
8) The Minister may make regulations respecting the exercise of the rights set out in this section.
9)It is an offence for a company to:
a. fail to accommodate any reasonable request for access, or to unreasonably refuse access, to any record that a person has a right to inspect or copy in terms of this section or section 31; or
b. to otherwise impede, interfere with, or attempt to frustrate, the reasonable exercise by any person of the rights set out in this section or section 31.
NOTABLE PROVISIONS OF SH’S MOI:
- Article – Members’ Right to Information: “A member has the right to information as set out in Section 26(1) of the Companies Act. A Member shall be entitled to the information as recorded in the Member’s Register. Unless authorised by a Member, the Company shall not be entitled to disclose any further contact details”.
- We must include this an article of your Memorandum of Incorporation.
Article 2 – Members’ Right to Information: “A member has the right to information as set out in Section 26(1) of the Companies Act. A Member shall be entitled to the information as recorded in the Member’s Register. Unless authorised by a Member, the Company shall not be entitled to disclose any further contact details”.
The consent of Members, tenants and Directors to process personal information is required to process personal information held by the SH.
Members are required to furnish the SH with their details and details of all occupants.
Visitors are required to provide certain information upon entering the Development.
The consent of visitors and guests to process personal information shall be implied by their access to the Estate and agreement to be bound by SH’s Rules.
The consent of contractors and staff to process personal information must be obtained.
All private information held in physical copies shall be kept in a filing cabinet, in locked offices, to which only the Information Officer and/or his authorised representatives shall have access to.
The SH shall have adequate firewalls and safeguards in place in respect of all personal information kept electronically, which must be reviewed by an independent IT specialist every 5 years.
All contracts entered into by the SH with third parties shall be considered to ensure that each contract contains a clause in terms of which the parties undertake to comply with the provisions of the POPI Act and protecting the SH and its Members.
Staff members’ personal information shall be retained for a period of three years after the staff member is no longer employed by the SH, whereafter, that information which is not in the public domain is to be destroyed.
Personal information regarding Members and occupants is to be retained for a period of seven years after the person is no longer a Member of SH or occupant in the Development, whereafter, that information which is not in the public domain is to be destroyed.
Visitors’ details shall be retained for a period of 3 years.
Director’s information to be kept indefinitely and for at least 7 years.
ACCESS TO PERSONAL INFORMATION:
- Members/Occupants/Directors shall have access to information which the SH holds in respect of such Member/Occupant/ Director, upon a written request, in order to ensure the information is correct and relevant, for no fee.
- Members/Occupants/Directors to notify Information Officer if any information is incorrect/outdated and correct/updated information is to be provided.
- Access to other Members/Occupants/Directors personal information will only be provided if the request for such information is in pursuit of a legitimate purpose in furtherance of the proper management and administration of the SH.
- If the information is not required in terms of Law or the MOI, or there is a reasonable possibility that it may not be, then the personal information will not be distributed without obtaining the prior written approval of the Member/Occupant/Director concerned. If the approval is not obtained, the personal information shall not be provided.
- Any Member may request access to SH’s Information Manual in terms of Section 51 of PAIA.
INFORMATION OFFICER:
- The SH will appoint Alon Lanzer as it’s Information Officer. The Information Officer’s details will be announced from time-to-time, and registered with the Regulator.
- The Information Officer is to ensure that all personal information is accurate, complete and up to date.
- Members/Occupants/Directors shall have access to information which SH holds, upon a written request, which request must be reasonable.
- Information Officer will ensure that all personal information processed is secured and kept confidential at all times, save as where disclosure is required in terms of the Law. The Information Officer will also ensure all personal information is kept safely and securely.
- The Information Officer will notify individuals as well as the Regulator immediately in the event of a breach.
REQUEST FOR PERSONAL INFORMATION:
Any person making request for access to private information held by SH, must provide the following:
a. His/her full details;
b. Proof of Identity;
c. Details of Information required;
d. Reason information is required.
The Information Officer shall determine whether the request for information is reasonable and ought to be given in the circumstances.
Any Member may request access to SH’s Information Manual in terms of Section 51 of PAIA.
Special personal information (ie. religion, race/ethnic origin, health status, sex life, alleged criminal offences) will not be processed and/or distributed, without the individual’s specific consent.
INFORMATION OFFICER’S RESPONSIBILITIES:
1. Ensure compliance with the policy;
2. Review policy periodically;
3. Ensure personal information is processed correctly in terms of the policy;
4. Ensure that all private information is accurate, complete and up to date;
5. Handle requests for access;
6. Provide access to private information when required to do so;
7. Ensure adequate safeguards are in place;
8. Ensure that all private information processed is secured and kept confidential at all times, save as where disclosure is required in terms of the Law;
9. Ensure all private information is kept safely and securely;
10. Ensure all contracts with third parties contain a clause regarding POPI compliance;
11. Keep the Information Manual in a safe place;
12. Handle all aspects of relationship with the Information Regulator;
13. Assist Information Regulator in respect of any investigation;
14. Notify individuals as well as Regulator immediately in the event of a breach
15. Ensure Private Information is destroyed when required.
CCTV SURVEILLANE CAMERAS AND POPI:
1. Cameras will be installed in the Development.
2. The Information Officer is responsible for the control of the images, what is to be recorded and how images should be utilised.
3. In storing the footage, care is being taken that images cannot be corrupted, accessed without authorisation and that the footage is destroyed after a reasonable time.
GUARDHOUSE:
1. Identity documents are requested from visitors by the guards at the guardhouse and details of visitor recorded.
2. The information is protected by the POPI Act, cannot be shared and is destroyed after a reasonable time period.
KEY PRINCIPLES RECOGNISED:
ACCOUNTABILITY: Directors are accountable for POPI Act compliance.
CONSENT: Processing of information is undertaken with explicit consent from the individual whose information is being processed or shared, alternatively, where there is no obligation in Law, no consent in required.
PURPOSE OF INFORMATION: Personal information is only processed for specifically legitimate reasons that relate to the functions or activities of the scheme. Information is kept for as long as it is required, and is deleted thereafter.
FURTHER PROCESSING LIMITATION: Directors will not allow the database of personal information to be utilised for any other purpose not specifically related to the functioning of SH.
INFORMATION QUALITY: Information must constantly be assessed and updated.
AWARENESS OF OWNERS: Prospective Owners have been notified of what personal information the SH holds.
SECURITY SAFEGUARDS: Directors do ensure that personal information is kept safe, and have implemented the minimum requirements including firewalls and anti-virus software. If a person’s personal information has been compromised, that person will be notified immediately.
OWNER / TENANT PARTICIPATION: Any Prospective owner of SH can in writing request the correction or deletion of any of their personal information that may be misleading or out of date.
We specialise in building prestigious residential projects at the very highest standards of excellence.