Popia Notice

INTRODUCTION

The Wall Foundation NPC processes personal information and other confidential information of individuals and juristic persons to deliver accounting services to our clients. The nature of the personal information which we process depends on the accounting service we render in each matter, as well as the legislative requirements to be adhered to by us.

We are obliged to process personal information in accordance with the provisions of the Protection of Personal Information Act, no. 4 of 2013 (‘the POPI Act’). This notice constitutes our policy statement to declare our firm’s commitment to comply with the POPI Act when processing personal information and special personal information, as defined in paragraphs 8.5 and 8.9 below.

This notice forms part of our agreement with you and is available on our website www.thewallfoundation.org.za and, upon request, from our office.

PURPOSE OF PROCESSING PERSONAL INFORMATION

We process personal information primarily to deliver accounting services to our clients. We also process personal information –

• for personalized marketing purposes, if you are a client of our firm or if you elected to receive marketing material from us. Please note that you have a choice not to have your personal information used for marketing purposes.

• to send newsletters to our clients and others who have elected to receive newsletters from us. Please note that clients have a choice not to receive newsletters from us.

• to conduct client satisfaction research.

• for audit and record-keeping purposes.

• to deal with requests and inquiries about personal information held by us and to update this information, when advised by you.

• should you apply for employment at our firm, to process your application.

• for the detection and prevention of fraud, crime, money laundering, or other malpractices.

• in connection with accounting process proceedings.

• in connection with and to comply with accounting and regulatory requirements (eg the requirements of the Financial Intelligence Centre Act no. 38 of 2001) or when it is otherwise required by law.

When you contact us by email, other means of electronic communication, telephone, post, or telefax, we collect, store, use, and keep record of certain personal information that you disclose to us. This includes details such as your name, address, telefax number, mobile phone number, and email communication data. By providing us with your personal information, you authorize us and associated entities or third parties (where applicable) to process such information as set out herein.

We do not intentionally collect or use personal information of children (persons under the age of 18 years), unless with the express consent of a parent or guardian, or if the law otherwise allows or requires us to process such personal information.

We do not process special personal information about you unless –

• it is necessary to establish, exercise, or defend a right or obligation in law (eg we have to process information relating to your health as part of our screening processes when you access our premises, in order to comply with Covid-19 regulations and protocols).

• we have obtained your consent to do so (eg should you apply for employment at our firm, we require your permission to do a criminal record check to process information that relates to your criminal record, if any).

We are committed to processing personal information and special personal information –

• fairly and lawfully, for specific lawful purposes.

• in accordance with any agreement, we may have with you and in accordance with the accounting standards applicable to such information or information categories.

• which is accurate and kept up to date.

• which is adequate, relevant, and not excessive or misleading.

SHARING OR TRANSFER OF PERSONAL INFORMATION

We undertake to use your Personal Information only for the purpose for which the information is essential and not to share or further process your personal information without your consent.

Please note that in certain circumstances,

• we must share personal information with third parties as part of the accounting services we render to our clients. Subject to South African legislation, we must inform you when we do so and will share only what is needed for those purposes. We aim to have agreements in place with our service providers to ensure that the personal information that we remain responsible for, is safeguarded by our service providers. Anyone to whom we pass on your personal information will be required by us to treat your information with the same level of protection as we are obliged to do.

• we have to obtain personal information about clients and other persons or entities from third parties as part of the accounting services which we render. We will inform you when we have to obtain personal information about you from a third party.

• we release accounts and other personal information to third parties when we believe that such release is appropriate to comply with the law; to enforce our client agreements and other agreements; or to protect the rights, property, or safety of our firm and our clients. We will inform you when we decide to do so and will share only what is needed for those purposes.

• South African legislation allows for the disclosure of personal information to law enforcement or other agencies without your consent. In circumstances where we are required to disclose information because we are legally obliged to do so, we will first consider the legitimate interests of all concerned.

We may need to transfer your personal information to another country for processing or storage of data or when it is otherwise required by virtue of the nature of the accounting services rendered to you. This will be done only in limited circumstances and in strict adherence of the requirements of the POPI Act and other relevant legislation.

RETENTION OF PERSONAL INFORMATION

We will retain your personal information for as long you permit us to do so and/or in accordance with the provisions of any applicable legislation.

Please note that we are obliged in law to retain documents containing personal information for at least seven years from the date of the last entry recorded in each particular book or other documents of record or file.

SAFEGUARDING OF PERSONAL INFORMATION

We are required to take reasonable measures to adequately protect all the personal information we hold and to avoid unauthorized access and use of such personal information. To comply with this requirement, we maintain reasonable industry-standard physical, electronic, and procedural safeguards in respect of the personal information we collect, store, disclose and destruct.

Our written communication with clients and third parties occurs mostly via the internet. For this reason, we have implemented generally accepted and up-to-date electronic communication safety measures. However, the internet is not entirely secure and therefore we cannot unconditionally guarantee the security of any information you provide to us via email, social media, or other communication platforms. Should you be particularly concerned about the safety of specific personal information you intend to send to us, you should liaise with your contact person at the firm regarding the appropriate communication platform to be used.

In the unlikely event that an information security breach in respect of your personal information should occur, we will inform you thereof. We will also investigate the security breach and will take all reasonable measures to limit any possible damage which may arise from such breach.

ACCESS TO AND AMENDMENT OF PERSONAL INFORMATION HELD BY US

Our information officer is Mr Martin Heunis, the chairperson of our firm. Our deputy information officer is Mrs. Erica Heunis. Please phone Mrs. Heunis on 0027 72 758 0882, or write to her at info@thewallfoundation.org.za if you:

• have any queries about this notice.

• need further information about our privacy practices.

• wish to request a copy of the personal information we hold in respect of yourself and the purpose for holding it. We will take all reasonable steps to confirm your identity before providing details of your personal information to you. There may be a reasonable charge for providing any information so requested.

• wish to amend, correct, or destroy your personal information held by us. Please contact us to update your personal information whenever your details change.

If we do not respond to a request from yourself pertaining to your personal information to your satisfaction, you may lodge a complaint at the office of the Information Regulator at the following addresses:

• Website: https://www.justice.gov.za/inforeg/index.html

• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

• Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017

• Complaint email address: complaints.IR@justice.gov.za

• General inquiry email address: inforeg@justice.gov.za.

CHANGES TO THIS NOTICE

We may amend our personal information practices and review this notice from time to time. Amendments will be communicated as necessary and will appear on our website.

DEFINITIONS OF TERMS USED IN THIS NOTICE

In this notice, the following terms and expressions will have the meaning as assigned to them by the POPI Act:

Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible, or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our firm.

The data subject is an individual or juristic person to whom the personal information relates.

Electronic communication means any text, voice, sound, or image message sent over an electronic communications network that is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.

An information security breach is any incident:

• in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed, or otherwise used or processed in an unauthorized manner; or

• that results in the unauthorized access of information, applications, services, networks, and/or devices by bypassing our firm’s security mechanisms.

Personal information is information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –

• information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, color, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and the birth of the person;

• information relating to the education or the medical, financial, criminal, or employment history of the person;

• any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignments to the person;

• the biometric information of the person;

• the personal opinions, views, or preferences of the person;

• correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

• the views or opinions of another individual about the person; and

• the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Processing means any operation or activity or any set of operations of the responsible party, whether by automatic means, concerning personal information, including —

• the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation, or use of personal information;

• dissemination of personal information by means of transmission, distribution, or making available in any other form; and

• merging, linking, as well as restriction, degradation, erasure, or destruction of personal information.

Record means any recorded information regardless of form or medium, including any of the following:

• writing on any material;

• information produced, recorded, or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other devices, and any material subsequently derived from information so produced, recorded, or stored;

• label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;

• book, map, plan, graph, or drawing; and

• photograph, film, negative, tape, or other devices in which one or more visual images are embodied to be capable, with or without the aid of some other equipment, of being reproduced.

• in the possession or under our firm’s control, whether it was created by us; and regardless of when it came into existence.

Responsible party means The Wall Foundation NPC

Special personal information is information that relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, or biometric information of a data subject. It also includes criminal behaviour relating to alleged commissions of offenses or any proceeding dealing with alleged offenses.