POPIA and SSIB
- PURPOSE OF SSIB’s POPI AWARENESS AND COMPLIANCE POLICY
- To identify the rights of policyholders
- To ensure compliance with the act
- To uphold the undertaking of honesty and integrity of SSIB and its Representatives.
This policy is accessible in electronic or printed format from our office during office hours.
- PURPOSE OF THE ACT
- To give effect to the constitutional right to privacy by safeguarding personal information when processed by a responsible party.
- To regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards that prescribe the minimum threshold requirements for the lawful processing of personal information.
- To provide persons with rights and remedies to protect their personal information from processing that is not in accordance with the Act; and
- To establish voluntary and compulsory measures, including the establishment of an Information Regulator, to ensure respect for and to promote, enforce and fulfil the rights protected by the Act.
- Personal Information
‘‘Personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
Both individuals and companies are included in the ambit of “personal information”.
Any information already in the public domain or is not used or intended to be used in trade or commerce.
Such personal information may include the following:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence
- the views or opinions of another individual about the person
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
“Processing” is any operation or activity or any set of operations, whether or not by automatic means, concerning personal information.
Processing is therefore the automated or non-automated activity of collecting, recording, organising, storing, updating, distributing and even the act of deleting personal information.
3.3 Responsible Party
“Responsible party” is the company or entity that decides what to do with personal information and how to process the information.
Record means any information that is recorded in any format that is in the possession or under control of a responsible party, regardless of who made the record and when the record came into existence. Records may include:
- writing on any material
- book, map, plan, graph or drawing
- information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device.
- Processing and retention of Data
Data collected by SSIB in the normal course of processing insurance requirements are processed in a reasonable manner so as not to infringe on the privacy of the data, and in a manner that pertains only to the data that is compatible with the insurance needs of the policyholder and the product supplier (insurers).
Records of a personal nature are retained only for as long as is necessary.
Records may be collected from any Responsible Party in their capacity as a nominated Representative of SSIB, in the normal course of the Representative’s insurance broking functions.
All Records held by SSIB are stored electronically.
- Rights of the Policyholder
SSIB recognises and will comply with the rights of policyholders insofar as:-
- the right to have personal information processed in accordance with the conditions discussed
- the right to be notified that personal information is collected
- the right to be notified if it has been accessed by unauthorised persons
- the right to establish if a responsible party holds personal information of a data subject and to request access to the information
- the right to request correction, destruction or deletion of personal information
- the right to object to the processing of personal information
- the right not to have personal information processed for purposes of direct marketing by means of unsolicited electronic communications
- the right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing personal information intended to provide a profile of such person
- the right to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator
- the right to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information.
Provided that at all times:
- the information collected by SSIB is sufficient to carry out its obligation to accurately and adequately place insurance on behalf of the policyholder
- the information provided by the Policyholder does not constitute non-disclosure which may result in repudiation of insurance cover.