Global Fleet Solutions (“This company”) PROTECTION OF PERSONAL INFORMATION (POPI) MANUAL
This Privacy of Personal Information (POPI) Manual (“Manual”) outlines the policies and procedures adopted by Global Fleet Solutions (“GFS,” “we,” “us,” or “our”) to ensure compliance with the Protection of Personal Information Act (POPIA) and to protect the privacy of personal information in our possession or under our control.
Purpose
The purpose of this Manual is to:
- Outline the measures taken by GFS to comply with the principles and requirements of POPIA.
- Provide guidance to employees, contractors, and third parties on the collection, use, and protection of personal information.
Scope
This Manual applies to all personal information processed by GFS, including information collected from customers, employees, contractors, and other individuals.
Responsible Party
GFS is the responsible party for the processing of personal information and is responsible for ensuring compliance with POPIA and this Manual.
Principles of POPIA Compliance
GFS is committed to upholding the principles of POPIA, including:
- Accountability: We are responsible for ensuring compliance with POPIA and for implementing measures to protect personal information.
- Processing Limitation: We only collect and process personal information for lawful and specific purposes, and we do not process personal information in a manner that is incompatible with those purposes.
- Data Minimization: We only collect personal information that is adequate, relevant, and not excessive for the purposes for which it is collected.
- Information Quality: We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date.
- Security Safeguards: We implement appropriate technical and organizational measures to protect personal information against loss, theft, unauthorized access, disclosure, alteration, or destruction.
- Openness: We are transparent about our data processing practices and provide individuals with information about how their personal information is processed.
- Individual Participation: We provide individuals with the right to access and correct their personal information and to object to its processing.
- Purpose Specification: We only process personal information for specified, explicit, and legitimate purposes and do not further process personal information in a manner incompatible with those purposes.
- Lawful Processing: We only process personal information lawfully and with the consent of the data subject or in accordance with other legal bases provided by POPIA.
Collection and Use of Personal Information
We collect and use personal information for the following purposes:
- Providing our services to customers.
- Managing employee and contractor relationships.
- Communicating with individuals.
- Compliance with legal obligations.
- Any other lawful purposes.
Security Measures
We implement the following security measures to protect personal information:
- Access controls to restrict access to personal information to authorized individuals.
- Encryption and pseudonymization of personal information where appropriate.
- Regular monitoring and testing of security controls.
- Employee training on data protection and security practices.
- Incident response procedures to address data breaches or security incidents.
Data Subject Rights
Individuals have the following rights regarding their personal information:
- Right to access: Individuals have the right to request access to their personal information and to receive a copy of the information we hold about them.
- Right to rectification: Individuals have the right to request the correction of inaccurate or incomplete personal information.
- Right to erasure: Individuals have the right to request the deletion of their personal information under certain circumstances.
- Right to object: Individuals have the right to object to the processing of their personal information for direct marketing purposes or on grounds relating to their particular situation.
- Right to data portability: Individuals have the right to receive their personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.
- Right to restriction of processing: Individuals have the right to request the restriction of processing of their personal information under certain circumstances.
Data Breach Notification
In the event of a data breach involving personal information, GFS will promptly investigate the breach and take appropriate measures to mitigate the risk to affected individuals. We will also notify the relevant regulatory authorities and affected individuals in accordance with legal requirements.
Review and Revision
This Manual will be reviewed and updated as necessary to ensure compliance with POPIA and changes in our business practices. Employees and other relevant stakeholders will be notified of any changes to this Manual.
Contact Information
If you have any questions or concerns about our privacy practices or this Manual, please contact us at sales@globalfleetsolutions.co.za