Table of Contents

Privacy policy

Effective Date

04/ 02/ 2024

Version No

1

  1. OBJECTIVE OF THE POLICY
    1. The Protection of Personal Information (POPI) policy is intended to educate individuals/companies about the ways in which their Personal Information may be used.
    2. The Protection of Personal Information Act, 4 of 2013 (signed into law in November 2013) has the following aims:
      1. to promote the protection of Personal Information processed by organisations in the public and private sectors;
      2. to establish minimum requirements for the processing of Personal Information;
      3. to establish an Information Regulator with powers;
      4. to provide for the issuing of codes of conduct;
      5. to protect the rights of people regarding unsolicited electronic communications and automated decision making;
      6. to regulate the transborder flow of information;
      7. to provide for connected matters.
    3. This policy has been developed in line with the Personal Information (POPI) Act, 4 of 2013 and aims to ensure that the processing of Personal Information & Special Personal Information adhere to the conditions for lawful processing as set out in Chapter 3 of the POPI Act.
    4. The POPI Act and this policy do not apply to the processing of Personal Information of a deceased person. Note Botle Buhle Brands (Pty) Ltd (hereinafter referred to as ‘Botle Buhle Brands’) reserves the right to amend the contents of this policy as and when required. The policy currently in effect will apply to all employees regardless of the policy that applies at the time of employment.
    5. The POPI act includes identifiable, existing juristic person (where applicable) in its definition of Personal Information. The processing of Personal Information of the directors of companies or partners in business partnerships fall within the parameters of the POPI Act and this policy.
  2. DEFINITIONS
    1. ‘’Competent Person’’ - means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child.
    2. ‘‘Consent’’ - means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of Personal Information.
    3. “Company” – means a legal registered entity.
    4. “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person, including, but not limited to:
      1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
      2. Information relating to the education or the medical, financial, criminal or employment history of the person.
      3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment to the person.
      4. The biometric information of the person.
      5. The personal opinions, views, or preferences of the person.
      6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
      7. The views or opinions of another individual about the person, and
      8. The name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person . The definition of Personal Information includes Special Personal Information.
    5. “Special Personal Information” includes the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or the biometric information of a data subject. It also relates to the criminal behaviour of a data subject regarding the alleged commission of an offence or any proceedings in respect of any offence allegedly committed by the data subject or the disposal of such proceedings; a history of a person’s education, medical, financial, criminal or employment history; and/or the processing of biometric information of a person.
  3. LEGAL PRINCIPLES
    The following legislation is applicable to this policy:
    1. the Constitution of South Africa act 108 of 1996.
    2. The Personal Information Act, Act 4 of 2013.
    3. Regulation of Interception of Communications & Provision of Communication-related Information Act, 70 of 2002.
    4. Electronic Communications & Transactions Act, 25 of 2002.
    5. National Credit Act, 34 of 2005.
    6. The Cybercrimes and Cybersecurity Bill and relevant proposed Bills.
    7. The Spatial Data Infrastructure Act 54 of 2003.
    8. Codes of Conduct published by industries/bodies (e.g. Advertising Standards Authority of South Africa).
  4. POLICY
    1. This policy applies to any information, including contact details and correspondence, regarding clients, suppliers, and employees of Botle Buhle Brands; Human Resources and payroll data, curricula vitae, applications for employment, CCTV records, performance reviews and internal e-mail records of the employees and customers of Botle Buhle Brands.
    2. This policy applies to any information, regardless of the form it is recorded in, including but not limited to information on:
      1. Tape recorder
      2. Computer
      3. Labels
      4. Markings
      5. Books
      6. Maps
      7. Photographs
      8. Films
      9. Negative type/other devices.
    3. These policy conditions impact technology, processes, and the way Botle Buhle Brands processes Personal Information.
    4. Personal Information may only be used for purposes as agreed with Botle Buhle Brands’ customers, clients, and employees.
    5. Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply – Botle Buhle Brands shall implement opt-in and opt-out strategies.
    6. Personal Information may only be retained for as long as necessary.
    7. Botle Buhle Brands shall not process more Personal Information than is necessary.
    8. Processing of Special Personal Information is prohibited unless provisions stipulated in this policy apply.
    9. Personal Information of employees, clients, customers, and Botle Buhle Brands shall be sufficiently protected and used in a manner that facilitates transparency around the following:
      1. what is done with the Personal Information;
      2. why and how it is processed (i.e. this covers all phases of a typical information management life cycle – from collection, to usage, sharing, disposal, archiving, etc);
      3. who the Personal Information is shared with (i.e. third parties – both locally and internationally, other legal entities – sometimes within the same group or company, etc);
      4. what types of Personal Information is processed and for what purpose.
    10. Personal Information of the employees, clients, and customers includes:
      1. contact details;
      2. demographic information;
      3. personal history, criminal record;
      4. email addresses, date of birth and age;
      5. education information
      6. physical address; and
      7. financial information as well as communication records.
    11. Personal Information (PI) of Botle Buhle Brands includes:
      1. financial information;
      2. intellectual property (processes, methods);
      3. ICT systems/ programmes; and
      4. CCTV surveillance and guard monitoring systems.
  5. PROCEDURE
    1. Botle Buhle Brands shall identify Personal Information and take reasonable measures to protect the data. This will likely reduce the risk of data breaches and avoid legal ramifications for Botle Buhle Brands.
    2. Botle Buhle Brands shall receive consent from individuals before they can obtain and retain Personal Information for communication or any other purpose.
    3. The employee, clients, customers at Botle Buhle Brands will be kept updated of what is being done with their information and the associated reasoning.
    4. In accordance with the Protection of Personal Information Act, as soon as a privacy breach is detected and established, it must be reported to the Information Regulator and to the party whose information was accessed.
    5. The Responsible Party shall explain how the breach occurred, what has been done to contain any harm and how will any such breach be prevented in the future.
    6. A Data Subject has the right to complain and escalate any issues related to the privacy of their Personal Information.
    7. Employees are expected to protect the Personal Information of Botle Buhle Brands e.g.:
      1. confidential files are expected to be put in a secure area (locked draws); and
      2. personal login details to Botle Buhle Brands’ ITC systems are expected to be kept confidential to avoid unauthorised access to private systems.
    8. Failure to comply with the requirements of the policy will result in immediate dismissal, fine or severe legal consequences.
  6. RELEVANT POLICIES
    1. Code of Conduct.
    2. PAIA/Section 51 Manual.
    3. Data Breach Policy.
  7. RELEVANT DOCUMENTS
    1. Information Officer – Appointment letter.
    2. Deputy Information Officer - Appointment letter
    To download a copy of the signed policy, please click below:
    Download Privacy Policy
    To download a copy of the related documents, please click below:
    Download Code of Conduct
    Download Data Breach Policy

How did we do?

Leave policy

Recruitment and Selection policy

Contact