LANGVERWACHT WINERY AGRICULTURE CO-OPERATIVE LIMITED
(group of ENTITIES INCORPORATED IN THE REPUBLIC OF SOUTH AFRICA)
HEREINAFTER REFERRED TO AS ‘LANGVERWACHT’
1 JULY 2021
READ THIS POLICY CAREFULLY BEFORE COMMUNICATING WITH LANGVERWACHT, BROWSING ITS WEBSITES & OTHER ELECTRONIC PLATFORMS OR USING ANY OF THE SERVICES OR PRODUCTS OFFERED BY LANGVERWACHT. YOUR CONTINUED COMMUNICATION WITH LANGVERWACHT OR THE USE OF ITS WEBSITES AND PLATFORMS INDICATE THAT YOU HAVE BOTH READ AND CONSENT TO THE TERMS OF THIS POLICY. DO NOT COMMUNICATE WITH LANGVERWACHT OR USE ITS WEBSITES OR ELECTRONIC PLATFORMS IF YOU DO NOT ACCEPT THESE TERMS. ALL SECTIONS OF THIS POLICY ARE APPLICABLE TO ANYONE WHO COMMUNICATE WITH LANGVERWACHT, UNLESS A PARTICULAR SECTION EXPRESSLY STATES OTHERWISE.
Langverwacht subscribes to the principles for processing personal information contained in POPIA and the auxiliary legislation referred to therein. We endeavour to ensure the quality, accuracy, security and confidentiality of Personal Information in our possession.
2. INTERPRETATION AND DEFINITIONS
The words of which the initial letter is capitalized have meanings as defined below. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Account if applicable, means a unique account created for you to access our Services and Products or any part or aspect thereof;
Biometric information means information obtained through a technique of personal identification that is based on physical, physiological or behavioural characterisation, including blood-typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
Co-operative Langverwacht Winery Agriculture Co-operative Limited (also referred to as “Langverwacht”), together with all Associated Affiliates, as set out in Schedule 1, from R317, Langverwacht Wine Cellar, Bonnievale, 6730, Western Cape, Republic of South Africa that may be contacted as set out in Section 3;
Cookies are small files that are placed on your computer, mobile device or any other device used to access our Websites or other Electronic Platforms, containing the details of your browsing history on that particular Website or Electronic Platforms;
Country refers to the Republic of South Africa;
CCTV Policy Langverwacht’s CCTV policy attached hereto, marked Schedule 2.
Data Subject means the person to whom personal information relates.
Device means a device that is used to access our Services or Products through or Websites or other Electronic Platforms or that is used to communicate with us, such as a computer, a cell phone or a digital tablet;
Personal information means information relating to an identifiable, living, natural person and, where applicable, an identifiable, existing juristic person, including but not limited to —
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature, or further correspondence that would reveal the contents of the original correspondence;
(g) he views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person, or if the disclosure of the name itself would reveal information about the person.
POPIA refers to the Protection of Personal Information Act, No. 4 of 2013, as may be amended from time to time;
Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including —
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use thereof;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information.
Record means any recorded information —
(a) regardless its form or medium, including any of the following:
(i) Writing on any material
(ii) Information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored
(iii) A label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means
(iv) A book, map, plan, graph or drawing
(v) A photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced
(b) in the possession or under the control of a responsible party;
(c) whether or not it was created by a responsible party; and
(d) regardless of when it came into existence.
Responsible party means Langverwacht, who determines the purpose of and means for processing personal information.
Services & Products refer to any of Langverwacht’s Services and Products notwithstanding whether it is advertised and displayed on our Websites and other Electronic Platforms;
Service Provider means any natural or juristic person who processes data on behalf of Langverwacht. It refers to third-party operators, companies or individuals employed or contracted by Langverwacht to facilitate the delivery of Services and Products to and on behalf of Langverwacht, who provide services related to the Services and Products or to assist Langverwacht in analysing data relating to the Services and Products and the use of our Websites and other Electronic Platforms to access it;
Third-party Social refers to any website or other electronic social network through;
Media Service which you can log in or create an account to use our Websites and other Electronic Platforms;
Usage Data refers to data collected automatically, either generated by the use of our Websites and other Electronic Platforms or from your application of our Services or Products itself (for example, the duration of a page visit, IP addresses, unique device identifiers and other diagnostics data and location information).
Website refers to the website/s of Langverwacht.
you/your means the individual, Co-operative, or other legal entity on behalf of which such individual, as applicable, is accessing or using the Langverwacht Websites, Electronic Platforms, Services and Products.
This Policy explains the procedures and governing principles on how we process your Personal Information with regards to the collection, receipt, usage and disclosure, electronically and manually, when using our Websites and other Electronic Platforms or accessing our Services and Products.
This policy applies to all Personal Information collected from all Data Subjects with whom Langverwacht interacts, including but not limited to employees, contractors, customers, clients, service providers, suppliers and other third parties who conclude any type of agreement or contract with Langverwacht.
Although absolute security cannot be guaranteed, Langverwacht implemented, reasonable technical, administrative and operational security measures to protect your Personal Information against accidental or intentional manipulation, loss, misuse, destruction or unauthorised access to or disclosure of the information we process.
We will comply with POPIA when processing your Personal Information and will continue to maintain and improve security measures consistent with legal and technological developments.
- Our Websites, Electronic Platforms, Services and Products;
- Informing you of changes made to our Websites, Electronic Platforms, Services and Products;
- Responding to any queries or requests you may have;
- Developing a more direct and substantial relationship with you for the purposes described in this clause;
- Developing an online user profile;
- For security, administrative and legal purposes;
- For direct marketing with the option ‘to opt out.’
Your information will not be stored for longer than is necessary for the purposes described herein or as required by applicable legislation.
Please contact the Information Officer referred to below regarding your Personal Information that is processed by Langverwacht.
You have the right to lay a complaint at any time with the Information Regulator of South Africa. The Co-operative would, however, appreciate the chance to deal with your concerns before you approach the Information Regulator’s Office, accordingly, please contact the Co-operative in the first instance to assist you.
If you are dissatisfied with our resolution of your complaint, you have the right to refer it to the Information Regulator, the supervisory authority for protection of personal information in South Africa.
General enquiries email: firstname.lastname@example.org
Complaints email: complaints.IR@justice.gov.za
To view the Co-operative’s Promotion of Access to Information Act (PAIA) manual, visit our website for the link.
The contact details of Langverwacht’s Information Officer are as follow:
NAME AND SURNAME OF INFORMATION OFFICER
CORNELIUS JOHANNES GERBER
Telephone Number: 023 616 2815
Mobile Number: 082 563 9054
Langverwacht Wine Cellar
P.O. Box 87
4.PERSONAL INFORMATION WE COLLECT FROM YOU
Personal Information may be processed only if, given the purpose for which it is processed, such processing is adequate, relevant, not excessive, and in accordance with the relevant provisions of POPIA. The purpose must relate to a function or a Service or Product of Langverwacht.
Langverwacht collects and processes personal information pertaining to the proper functioning, management and governance of Langverwacht’s business.
Should you decide to register with or function as a user on our Websites or other Electronic Platforms, engage with Langverwacht and/or use any of the Langverwacht’s Services or Products, you thereby expressly consent to, and opt-in to Langverwacht collecting, collating, processing, and using the following types of Personal Information about you. We only collect and use the minimum Personal Information we need in order to provide and improve your experience of our Websites, Electronic Platforms, Services and Products.
Personal Information may include, but is not limited to:
- Email and/or physical address
- First name and Last name
- Fixed line or Mobile phone numbers
- Usage Data
- Information provided by you or from a responsible party authorised by you:
Langverwacht processes Personal Information which we either processes as responsible party, or which is received from another responsible party to whom you have provided your Personal Information with your consent that it may be shared with us as the Operator.
We collect your Personal Information through direct interactions with you and when you:
- submit an enquiry or application form and/or contact Langverwacht or request that we contact you;
- When you engage or interact with Langverwacht, for example through social media, e-mails, letters and phone calls;
- When you visit or browse our Websites;
- When you conclude a contract with us;
- When you complete any of Langverwacht’s documents, including our client forms, standard terms and conditions, surveys, promotional competitions or employment contracts, sign up for an account or subscribe or register to access or use any of our Websites, Electronic Platforms, Services and Products;
- When you make use or purchase any of Langverwacht’s various Services or Products.
If it is legally required Langverwacht will obtain your consent before collecting your Personal Information for the purposes of conducting its business or delivering of the Services or Products.
The third parties from whom we may collect your Personal Information include, but are not limited to, the following:
- Your spouse, dependants, partners, employer, joint applicant or account holder and other similar sources;
- Individuals you have authorised, to share your Personal Information;
- Attorneys, tracing agents, debt collectors, other persons that assist with the enforcement of agreements and credit.
- Information that is collected automatically:
Langverwacht receives and stores information which is transmitted automatically from your Device when you browse the internet and access our Websites or other electronic Platforms. This information includes Usage Data (that is collected automatically), information from cookies (which are described in clause 9 below), browser type, operating system used by you, type of mobile device you use, your mobile device unique ID, embedded web links, and other commonly used information-gathering tools, unique device identifiers and other diagnostic data. These tools collect certain standard information that your browser sends to websites such as your browser type and language, access times, and the address from which you arrived at the websites.
- Information from Third-Party Social Media Services:
Langverwacht may allow you to create an account and log in to access our Services and Products through the following third-party Social Media Services:
If you decide to register through or otherwise grant Langverwacht access to a Third-Party Social Media Service, we may collect Personal Information that is already associated with your Third-Party Social Media Service’s account, such as your name, your email address, your activities or your contact list associated with that account.
Should your Personal Information change, please update it by providing us with updates of your Personal Information as soon as reasonably possible to enable us to update it. Langverwacht is under no obligation to ensure that your Personal Information or other information supplied by you is correct.
You warrant that the Personal Information disclosed to Langverwacht is directly from you, especially when provided as the user on our Websites or Electronic Platforms or in connection to our Services or Products, and all such Personal Information is lawfully yours to provide. You also warrant that any Personal Information provided to Langverwacht from a third-party responsible party, was attained from you lawfully and provided to the Co-operative with your express consent to the relevant responsible party to do so.
5.WHEN DO WE COLLECT YOUR PERSONAL INFORMATION
Langverwacht will only process your Personal Information for lawful purposes relating to our business if:
- You have consented thereto;
- A person legally authorised by you, the law or a court, has consented thereto;
- It is necessary to conclude or perform under a contract Langverwacht has with you;
- If Langverwacht is legally required or permitted to;
- It is required to protect or pursue your, our or a third party’s legitimate interest; and/or
- You are a child, and a competent person (such as a parent or guardian) has consented thereto on your behalf.
- 6.HOW WE USE YOUR PERSONAL INFORMATION
Any processing of your Personal Information will be for Langverwacht’s legitimate business purposes and as a necessary function of your engagement with us. You have expressly consented to this by using the Websites, Electronic Platforms, Services or Products of Langverwacht. Langverwacht will not, without your express consent:
- use your Personal Information for any purpose other than as set out below:
- in relation to the provision and monitoring of the Services and Products to you and/or access to the Websites and Electronic Platforms of Langverwacht, including, but not limited to, opening, managing and maintaining your accounts, contacts, agreements or relationship with us;
- for security and identity verification, and to check the accuracy of your Personal Information;
- to fulfil a contract with you, which includes the delivery of orders for Services and Products;
- to contact you through any form of electronic or other communication as may be requested by you;
- for internal record keeping of responsible third parties and the development of metrics of third-party searches;
- to contact you with news, special offers and general information about other goods, services, events and functionalities which we offer that are similar to those that you have already purchased or enquired about (unless you have opted out from receiving marketing material from us);
- to conduct affordability assessments, credit assessments and credit scoring (where applicable) and to develop credit models and credit tools; and/or
- to improve the Websites and Electronic Platforms of Langverwacht by, for example, monitoring your browsing habits, or tracking your activities on the Websites and Electronic Platforms; or
6.1.9 for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services and Products, marketing and your experience; or
6.1.10 Comply with any legal or regulatory obligations such as criminal investigation purposes, tax or financial laws.
- disclose your Personal Information to any third party other than set out below:
- to the employees of Langverwacht and/or Service Providers who assist us to interact with you via our Websites and Electronic Platforms, email or any other method, for your use of the Services and Products, and thus need to know your Personal Information in order to assist us to communicate with you in a proper and efficient way;
- to external responsible parties who already have your express consent to process and/or attain such Personal Information from and/or with us;
- to the professional service providers of Langverwacht (such as the insurers or lawyers of Langverwacht where we believe that it is required under the contractual relationship with the Co-operative’s service provider to do so);
- to the Service Providers of Langverwacht (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, Langverwacht’s contracts dictate that these Service Providers may only use your information in connection with the services they perform for us, not for their own benefit and under the same standards we operate; and
We also share our research and statistical information with various third parties. However, this information does not include your personal information, cannot be linked to you and you cannot be identified from these statistics.
We will not use your Personal Information for any other purpose without your permission.
We keep your information for as long as we need it to provide our Websites and Electronic Platforms, Services or Products to you, and are required or allowed by law or the contract between you and us, or you have agreed to us keeping your information.
7.1 You have the right to ask us not to contact you for marketing purposes. Use any of the various “opt out” options that will be provided when we send you marketing communications, alternatively you may contact the Information Officer.
7.2 You also have the right to request access to the information we have collected about you and request that we correct or update any incorrect or incomplete information or delete your information (where there is no good reason for us to continue to process it). Such request can be submitted by using Langverwacht’s PAIA manual, which is available from our Information Officer. For any personal information held by any third-party responsible party, you must approach that responsible party for the realisation of your personal information rights with them, and not with Langverwacht.
- LINKS TO OTHER WEBSITES & SHARING YOUR INFORMATION
Langverwacht have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services and have not evaluated these parties and their practices.
If at any stage, after you have given us your consent, you no longer wish us to use or share your personal information with an affiliate party; you may at any stage withdraw your consent. By choosing to withdraw your consent with affiliated third parties there may be an impact on our offering to you, and it will be explained to you on your request to withdraw your consent.
- COOKIES PROVISIONS
9.1 The Websites and Electronic Platforms of Langverwacht may use of “cookies” to automatically collect information and data through the standard operation of the internet servers. Cookies are small text files a website can use (and which we may use) to recognise repeat users, facilitate the user’s on-going access to and use of a website and allow a website to track usage behaviour and compile aggregate data that will allow the website operator to improve the functionality of the website and its content, and to display more focused advertising to a user by way of third-party tools.
9.3 For more information on the exact cookies and technical data used, please contact the Information Officer who will gladly provide a full technical breakdown of same cookies and technical data.
- INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
10.1 We may transfer your Personal Information to recipients outside of the Republic of South Africa.
10.2 Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the legal and other related services that are required by Langverwacht clients.
POLICY ON CLOSED-CIRCUIT TELEVISION
(In terms of the Protection of Personal Information Act, 4 of 2013)
This Policy on Closed-Circuit Television (‘CCTV’) was drafted in accordance with the Responsible Party’s pursuit of crime prevention. This Policy on CCTV aims to put this endeavour into practice and to protect the wellbeing of the Responsible Party’s employees and visitors. The policy seeks to ensure that the CCTV system is managed in such a way that it does not infringe on the rights of those involved. The policy may also be reviewed from time to time if the need arises.
All terms used herein, but not necessarily specifically defined, will carry the same meaning as in the Responsible Party’s Policy regarding the Protection of Personal Information & Privacy, to which this policy constitutes a Schedule.
- CCTV – refers to a Closed-Circuit Television system.
- POPIA – refers to the Protection of Personal Information Act, 4 of 2013.
- BUSINESS PREMISES – any portion of a premises on which the Responsible Party operates business, including, but not necessarily limited to, any building, structure, hall, room, office, recreation area, land or demarcated area that is under the control of the Responsible Party and to which a member of the public is accessed or can usually be admitted.
- The Responsible Party has installed CCTV infrastructure on the premises where it conducts business.
- The cameras are positioned to cover the main routes in the area, points of access to and the Business Premises itself. Footage recorded is stored for a limited period of time.
- This policy applies to all persons entering the Responsible Party’s Business Premises. Any such person submits to the policy.
- The Responsible Party shall process Personal Information (as recorded in the CCTV material) strictly according to the provisions of POPIA at all relevant times, considering the individual’s constitutional right to privacy.
- Authorisation for the recording and location of, as well as access to CCTV material (data), rests with the Responsible Party. Access to the data via the Responsible Party systems will be allowed, provided that the person concerned has been granted prior consent – as set out below or if otherwise legally permissible.
- To the extent that the Responsible Party provides the data to parties and businesses, as indicated below, the Responsible Party deals in the capacity of ‘operator’, as defined in POPIA. Insofar as the Responsible Party can be regarded as the party responsible for processing the data, it acts as the ‘responsible party’, as defined in POPIA.
- The Responsible Party will fulfil its obligations under POPIA, depending on the capacity in which it acts under any circumstances.
- The Responsible Party will process Personal Information, considering the purpose for which it is handled, and will do so in a manner that will ensure that the information is complete, relevant and not excessive.
- Details and records of all information processed by the Responsible Party shall be maintained to the extent required by legislation.
- The purpose of this policy is to set out the Responsible Party’s use of CCTV in accordance with the provisions of the relevant legislation. The Responsible Party will specifically strive to –
- process the data in a legal and reasonable manner without violating the privacy of the data subject;
- process the data where it is intended to protect the legitimate interests of members of the public, as well as the Responsible Party;
- protect Personal Information, with due regard for each individual’s constitutional right to privacy, when the Responsible Party or its representatives process such information, subject to justifiable limitations;
- balance the individual’s right to privacy with other rights, especially the right of members of the general public to safety and security;
- make individuals aware of their rights and remedies to protect their Personal Information from any processing inconsistent with legislation;
- adhere to voluntary and mandatory measures, including measures introduced by the Information Regulator to promote and comply with the rights that POPIA seeks to protect;
- The purpose of the Responsible Party’s CCTV network is to –
- identify crime and to deter criminals and help prevent crime;
- improve the safety of those who live, work, trade and visit in the areas covered by the CCTV network;
- assist in the arrest and prosecution of offenders (including but not limited to the use of footage, as well as videos, as evidence in criminal or civil proceedings);
- assist law enforcement agencies, including private response and security companies, with investigations into any suspected or actual crime captured on the CCTV network;
- identify vehicles who may have been involved in criminal activity in order to notify the appropriate authorities thereof;
- to reduce vandalism, theft and property-related offences at the Responsible Party premises;
- promote the safety, protection and well-being of members of the general public;
- to prevent any form of harassment of any person (or persons), or to investigate such harassment in a meaningful manner with a view to prompt and meaningful action against any offender(s);
- to prevent any form of undesirable and / or public misconduct, or to investigate such misconduct in a meaningful manner with a view of acting against any offender (s).
- Data recorded by the CCTV network will not be used for purposes other than those referred to above and/or for any purposes not permitted under POPIA.
- Data will under no circumstances be disclosed or distributed to the media or any similar party unless such disclosure or distribution is specifically required or authorised in terms of legislation.
- The purpose of this policy is to set out the Responsible Party’s use of CCTV in accordance with the provisions of the relevant legislation. The Responsible Party will specifically strive to –
- SCOPE AND FUNCTIONING OF THE CCTV NETWORK
- The Responsible Party’s CCTV network uses mounted cameras designed and placed to record footage of individuals’ movements, as well as the registration plates of vehicles on public and/or private roads and in public spaces.
- The CCTV network will be operated and data shall be made available strictly according to the requirements of the relevant legislation, considering each individual’s right to
- All data captured on the CCTV network will be reviewed by the operational staff of the Responsible Party and will be monitored to assist in the identification and prevention of crime, as well as in the interests of public safety and security.
- The software used in combination with the data recorded by the CCTV network can identify registration plates of vehicles. Registration plates may be compared to the database of registration plates of vehicles involved in crime or of interest to the South African Police Service. If any information matches, those monitoring the CCTV network will be informed accordingly. The Responsible Party does not have the capacity to search for registration plate details on the National e-Natis database, so no information will be accessible about the owner of a specific vehicle (e.g. identity number, name and physical address) unless, for example, such information was included when the vehicle was reported as stolen.
- The South African Police Service or those working with them may be asked to respond to information recorded by the CCTV network.
- All data will be stored on the computer servers of the Responsible Party or the Responsible Party’s service provider and will be identified using an automatic recording sequence.
- The retention period of the data recorded by the CCTV system may be extended or shortened in terms of any legal instruction that the Information Regulator or other competent authority may issue from time to time. Data may also be stored for a longer period if required for further investigations.
- At the end of this retention period, the data will be permanently removed and/or destroyed under the guidelines set out in POPIA.
- The CCTV network will be installed at strategic locations and in such a way that all cameras are clearly visible and identifiable by the public.
- All sub-titles that appear on the data in question, such as the location of the camera and the time and date, will be safely preserved and stored so that it is impossible to tamper with it.
- PUBLIC AWARENESS OF CCTV
- Before the installation and use of the CCTV cameras, all reasonable attempts shall be made to advise those who live and/or travel in the vicinity of the cameras of the intention to do so.
- To ensure that all members of the public are aware that they are in an area protected by a CCTV network, clear notices to such effect shall be displayed in the areas.
- DATA PRESERVATION AND PROTECTION
- Data will only be preserved for a limited period unless it is required or requested for purposes set out in this policy, which requires the data to be stored for a longer period of time. Appropriate precautions will be implemented to preserve such data for longer periods, as required by POPIA.
- Data preserved for investigation purposes must be strictly managed and subject to limited access.
- All data will be stored on the secure servers rented or owned by the Responsible Party. All data will be stored in such a way that damage or unauthorized destruction or access is prevented.
- Data may not be downloaded without a written request. The request must specify the reason for downloading the data, as well as the period that the data will be stored, along with strict security undertakings. The Responsible Party may refuse the request if it is not satisfied with such reasons provided.
- ACCESS TO CCTV DATA
- Only specified persons within the Responsible Party shall have access to the data to view what the cameras have recorded. However, this will only be allowed on a need-to-know basis.
- These individuals will include the following from time to time –
- Responsible Party’s Information and Deputy Information Officers;
- Persons or institutions whose legitimate interests or rights may be directly affected;
- Law Enforcement Officers
- Specified employees appointed to monitor and track the data.
- Everyone who enters into the necessary confidentiality and security agreements in terms of which each individual is granted access to any data, shall undertake to obtain only such data when and as is necessary. They are not entitled to share or distribute any data unless it is in accordance with the terms of the agreements concluded with the Responsible Party and needed to give effect to the purpose in terms of which the data was captured or as required by the relevant legislation.
- Any security Co-operative contracted by the Responsible Party to monitor the data must at all times be registered with the regulatory authority for the private security industry.
- The South African Police Service or other authorised law enforcement agents may, at short notice, make use of the material for observational purposes and to conduct detective work and the prevention of crime and to assist in such investigations.
- An institution making a request must provide the Responsible Party with a summons, or information in terms of section 205 of the Criminal Procedure Act, Act 51 of 1977, before footage referred to in the summons can be made available or, in the case of the South African Police Service’s investigating officer, a case number.
- All footage made available to the South African Police Service or other authorised law enforcement agency at their request, or where criminal activity is suspected, will be recorded in a CCTV access register. The following details are needed –
- Investigating officer’s rank and name;
- Details of the incident;
- Sign-out and acknowledgement of receipt of all evidence; and
- Any other information deemed necessary by the Responsible Party.
- Where cameras are monitored via mobile equipment such as a smartphone, tablet or similar devices, the Information Officer will ensure that no unauthorized person can view the content.
- The Information Officer or other designated officer will also be responsible for ensuring that –
- the CCTV network and its use are annually reviewed;
- the CCTV footage is stored and processed safely under this policy, as well as POPIA and any other relevant legislation;
- footage is preserved and stored and that all electronic records are managed similarly to any other sensitive record within the organisation;
- data is discarded in a manner as required by POPIA;
- any data stored at an external facility is secured by encryption;
- access control is applied and adhered to by all persons with access to any data;
- the footage is viewed and disclosed in accordance with legal obligations as well as in terms of this policy;
- persons using or maintaining the CCTV systems are properly trained and aware of their obligations under POPIA and other relevant legislation;
- each system is maintained regularly and that the systems are upgraded as deemed necessary; and
- each passive CCTV system is indicated by means of proper directions to make the public aware that they are being monitored.
- Any unlawful disclosure of any data, or any violation of any provision of POPIA, shall, as far as necessary, be reported to the Information Regulator, with associated details regarding the breach, as required by POPIA.
- ACCESS TO DATA BY PRIVATE INDIVIDUALS
- Under the Act, individuals have the right to access any data involving themselves and may, without charge, request the Responsible Party to view the data and confirm whether the individual concerned is captured on the CCTV network.
- Individuals concerned about a possible violation of their privacy may request to view the camera activities by contacting the parties responsible for checking the data.
- Any request to access data must include –
- The exact date and time when the footage was recorded;
- Information to identify the individual (if necessary);
- Proof of identity;
- The location or area of the CCTV camera that collected the data; and
- Reason for which access to the footage is requested.
- The person responsible for monitoring the data in question should respond to the request as soon as possible.
- Under POPIA, the party responsible for monitoring the data in question may provide a record or description of the data in their possession. A downloadable copy of the data will only be provided if the Responsible Party is of the opinion that the requested data does not contain personal data of anyone other than the party that made the request and that the data will be securely stored and maintained.
- A reasonable tariff will be payable for access to the data, which tariff will be determined in reference to the time, technical expertise and resources required to retrieve the data and, where necessary, to clean and desensitize the data to prevent any violation of a third party’s rights. The party that makes the request will be provided with a quotation for such fee as required by POPIA.
- If the Responsible Party is unable to comply with the request, the reasons for this must be documented. The individual will, where possible, be informed of such reasons.
- Data will only be disclosed to third parties based on a subpoena, or otherwise if the relevant legislation requires such disclosure.
- Third parties will only be granted access to the data in terms of the provisions of the Promotion of Access to Information Act (PAIA), Act 2 of 2000, if applicable.