POPIA MANUAL
Debt Counselling South Africa
In terms of the Protection of Personal Information Act (“POPIA” hereinafter”) and any implementing legislation, rules, or regulations issued by applicable supervisory authorities. Debt Counselling South Africa (Leigh King Admin Services cc) hereafter referred to as the Company and our clients, employees, directors, agents, appointees and assigns agree, and hereby consent, as follows:
- The terms “Controller”, “Personal Data”, “Personal Information”, “Data Subject”, “Processor”, and “Processing” shall have the meanings set forth in POPIA which is available at https://popia.co.za/.
- In order for the Company to operate and carry out our business effectively and provide you with assistance, personal data may be generated, disclosed or shared to our agents, affiliates, and associated companies including debt counsellors, and may be incorporated into files processed by either party or by the affiliates of either party as well as credit providers, payment distribution agents, attorneys or other legal practitioners or 3rd party debt counsellors providing targeted advice regarding the client situation. Data is also shared with the National Credit Regulator (NCR), Credit Bureaus (limited information) and may be shared with the Magistrates or High Court and or National Consumer Tribunal (NCT) during the debt review process or regulatory enquiries (such as mandatory reporting).
- Personal data will be stored to the extent permitted and/or required by law and with the prior consent of the data subject, the Company may store personal information indefinitely.
- The Company represents and warrants that it has all legal right and authority to disclose any personal data of any third party it discloses to the other party to this agreement, and that it has obtained the necessary consents from the relevant third party data subjects to so disclose such personal data.
- The Company shall:
- act only on instructions from the data subject when processing personal data and keep records of all processing activities;
- cooperate as requested to enable it to comply with any exercise by a data subject of rights under POPIA or to comply with any assessment, inquiry, notice, or investigation under POPIA;
- cooperate with the data subject and take all reasonable steps as may be directed by the data subject to assist in the investigation, mitigation, and remediation of any personal data breach;
- immediately inform the data subject if it believes performance of the services or compliance with any the data subject instruction violates or might reasonably be considered to violate POPIA;
- immediately notify the data subject of receipt of any complaint, personal information access request, notice, or communication which relates directly or indirectly to the processing of personal data, and provide full co-operation and assistance to the data subject in responding to such complaint, request, notice, or communication;
- not do or permit anything to be done which might cause the Company or any of its affiliates to be in violation of POPIA;
- notify the data subject promptly and without undue delay upon becoming aware of any unauthorized loss, corruption, damage, destruction, alteration, disclosure, or access to, or unauthorized or unlawful processing of, any personal data or any circumstances that are likely to give rise to a personal data breach, and if any obligation exists, to report a personal data breach under POPIA;
- process personal data in accordance with the POPIA; and
- take all appropriate technical and organizational measures to protect against unauthorized or unlawful processing of, or accidental loss, destruction, or damage to, personal data.
- The data subject represents and warrants that:
- the data subject has been informed of the existence of his/her rights to request access to, removal of or restriction on the processing of its personal data, as well as to withdraw consent at any time;
- the data subject acknowledges its right to file a complaint with the personal data regulator in the relevant jurisdiction;
- personal data obtained by the Company during the performance of their operations and business shall be that data strictly necessary for performance of the same and may only be applied or used to fulfil the purpose defined by the Company;
- for the treatment, whether automated or not, of the personal data, for any purpose, as well as for the transfer of such data to third parties, the Company shall obtain from the data subject a prior authorization in writing, according to the terms and conditions set forth in the in the laws of POPIA and any other statutory provisions and regulations applicable; and
- the data subject consents that the Company may store, transfer, change and delete all personal data in accordance with POPIA.