iTRINITY Consulting (Pty) Ltd
|1 June 2021|
|DRM||Document and Records Management|
Policies, Procedures, Guidelines, and Protocols
|POPI-Act – Compliance Policy|
|POPI-Act – Information Security Policy (ISP)|
7.1 Collection of Personal Information (PI)
7.2 Processing of Personal Information (PI)
7.3 Security Safeguards
7.4 Use of third-Party Websites
7.5 Your Rights – Access to Your Personal Information
7.6 Your Rights – Correction of and Controlling Your Personal information
7.7 Your Rights – Processing of Your Personal Information for a Specific Purpose
7.8 Your Rights – Disclosure of Your Personal Information (PI)
iTRINITY Consulting is an IT Support Services Company and we are committed to compliance with the Protection of the Personal Information Act (POPI Act)
Nature of Business
At iTRINITY Consulting we are passionate about Information Technology (IT) and our clients, and we strive to consistently provide innovative solutions to make our clients’ business more efficient.
We pride ourselves on our flexibility towards our clients by developing customized solutions to fit their company needs
Our focus is to provide a one stop IT solution inclusive of the following IT services:
- Managed IT Services ensuring an IT infrastructure that is reliable and effective;
- Networking services that minimize downtime;
- Solution Design design, including LAN and WAN solutions;
- Hardware & Software – we supply, install, and support a wide variety of hardware and software;
- Microsoft Office 365 – we offer the full suite of Microsoft Office 365;
- Cloud Solutions – iTRINITY Consulting Cloud Solutions offers our clients on-demand services, virtual networks, storage, and much more, via Cloud Computing Infrastructures;
- Upgrades – we ensure our client’s infrastructure is always on the highest standard. We enjoy helping and educating our clients on the benefits of upgrading & building their IT infrastructures.
- IT Management – we offer our clients effective IT and Project Management, by supplying trusted IT solutions for our clients’ companies.
- Security – we provide security services to our client to ensure that IT Security is implemented as business insurance. Our focus is to minimize the risk of digital infiltration and unauthorised access to systems and data.
- IT Audits – we examine and evaluate your organization’s IT infrastructure, policies and IT operations. iTRINITY Consulting will then determine how to protect our clients’ corporate assets and ensure data integrity.
|Name & Surname||Terence Holding|
|Managing Director||Terence Holding|
|Information Officer||Terence Holding|
|Physical Address||Unit 5, Willowcrest Office Estate, 655 van Hoof Street, JHB|
|Postal Address||PO BOX 21439 Helderkruin 1733|
|Telephone Number||+27 11 664 6219|
|Cellphone Number||+27 82 787 3338|
Table 1 – Contact Details
This Policy sets out how iTRINITY Consulting deals with the Personal Information (PI) collected via their company website, and the processing thereof. This Policy is available on the iTRINITY Consulting website namely, https://itrinity.co.za/
iTRINITY Consulting is committed to protect their client’s/customer’s privacy and ensure that the Personal Information (PI) collected via the company website is used appropriately, transparently, securely and in accordance with applicable laws.
2. Some Definitions
Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Information.
Simply put, means informed permission (consent) to process or use Personal Information.
This refers to the natural or juristic person to whom Personal Information relates, such as an individual client, customer or an organisation that supplies an organisation with products or other goods such as:
- information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
Simply put, the Data Subject refers to and individual or legal entity to whom the Personal Information (PI) relates.
The approach to the Data Subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:
- promoting or offering to supply, in the ordinary course of business, any goods or services to the Data Subject; or
- requesting the Data Subject to make a donation of any kind for any reason.
Simply put, means you need consent from the Data Subject to use Personal Information (PI) for marketing purposes.
The Information Officer is responsible for ensuring the organisation’s compliance with the POPI Act.
- Where no Information Officer is appointed, the head of the organisation will be responsible for performing the Information Officer’s duties.
- Once appointed, the Information Officer must be registered with the South African Information Regulator established under the POPI Act prior to performing his or her duties. Deputy Information Officers can also be appointed to assist the Information Officer.
Information Privacy focuses on the use and governance of PI—things like putting policies in place to ensure that the Data Subject’s PI is collected, shared and used in appropriate ways. Information Privacy is mostly dependant or organisational measures and people behaviours.
Information Security focuses more on protecting Personal Information (PI) from malicious attacks and the exploitation of stolen data for profit. Information Security is mostly dependant on operational measures such as technology systems, access protocols and passwords etc.
3. Policy Purpose
4. Policy Scope
All employees, subsidiaries, business units, departments and individuals directly associated with iTRINITY Consulting are responsible for adhering to this Policy and for reporting any security breaches or incidents to the Information Officer.
Any Third-Party Service Provider responsible for providing and managing the Website platform must adhere to the same information security principles contained in this Policy to ensure security measures are in place in respect of processing of Personal Information (PI).
This Policy and its guiding principles apply to:
- iTRINITY Consulting governing committee/team;
- all branches, business units and divisions of iTRINITY Consulting;
- all employees and volunteers;
- all contractors, suppliers and other persons acting on behalf of iTRINITY Consulting.
The Policy’s guiding principles find application in all situations and must be read in conjunction with the provisions of the POPI Act.
5. Policy Function and the Conditions of the POPI Act
In terms of the POPI Act, “process” and “processing” of Personal Information (PI) is defined as any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
- a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- b) dissemination by means of transmission, distribution or making available in any other form; or
- c) merging, linking, as well as restriction, degradation, erasure or destruction of information.
6. Amendment to this Policy
It is recommended that you periodically review this Policy to stay informed of updates and/or amendments.
- need further information about our privacy practices or
- wish to give or withdraw consent;
- need to exercise preferences or access or correct your Personal Information (PI);
Please contact us at the numbers/addresses listed on our website.
7. Policy Statements
7.1 COLLECTION OF PERSONAL INFORMATION (PI)
Section 9 of the POPI Act states that “Personal Information (PI) may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
iTRINITY Consulting therefore collects and processes your Personal Information (PI) via our website mainly to provide you with access to our services and products. The type of Personal Information (PI) we collect will depend on the purpose for which it is collected and used. We will only collect Personal Information (PI) that we need for that purpose.
We collect/can collect your PI via our Website where you provide us with your Personal details by completion of our Information Form on the Contact Us page inclusive of:
- Your first name and surname;
- Your email address;
- Your mobile number;
- Your interest in our Products.
We also collect your PI indirectly from you via website based electronic cookies in order to:
- monitor Website usage metrics via the Cookies;
- improve Website performance and
- automate and improve services via the Cookie analytical data collected on the Web Server.
7.2 PROCESSING OF PERSONAL INFORMATION (PI)
We will use your Personal Information (PI) which is collected via our Information Form and/or our automated cookies, only for the purposes for which it was collected or agreed with you.
We will not keep the Personal Information (PI) collected via the Website’s Information Form or Website Cookies for longer than is necessary to fulfil that purpose unless we have to keep it for legitimate business or legal reasons.
Any direct marketing communications that we send to you, after your initial engagement with us via the website Information Form, will include the means necessary to opt out, as effortless as possible.
7.3 SECURITY SAFEGUARDS
We are committed to ensuring that your Personal Information (PI) is secure, and we are legally obliged to provide adequate protection for the Personal Information (PI) we hold and to stop unauthorised access and use of such Personal Information (PI).
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online via our Information Form and automated Website Cookies.
The Personal Information (PI) collected via Cookies are currently managed and stored on the Web Servers of our Third-Party Domain Suppliers and we cannot be responsible or liable for any Third-Party’s actions or their security controls on the information that they may collect or process. We do however request on an annual basis a list of the Cookie information attributes collected on their Web Servers – see Appendix B for a list of Cookie attributes currently collected.
In order to ensure the security of your Personal Information (PI) when we contract with third parties, we do impose appropriate security, privacy and confidentiality obligations on them to ensure that the Personal Information (PI) that we remain responsible for, is kept secure. Our undertaking is also to ensure that anyone to whom we pass your Personal Information (PI) agrees to treat your information with the same level of protection as we are obliged to.
7.4 USE OF THIRD-PARTY WEBSITES
7.5 YOUR RIGHTS – ACCESS TO YOUR PERSONAL INFORMATION
You have the right to request a copy of the Personal Information (PI) we hold about you. To do this, simply contact us at the numbers/addresses listed on our home page and specify what information you would like.
7.6 YOUR RIGHTS – CORRECTION OF AND CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your Personal Information (PI) in the following ways:
- You can delete/disable/block cookies through your web browser – PLEASE NOTE: this may limit certain features on our Site.
You have the right to ask us to update, correct or delete your Personal Information (PI). If you believe that any Personal Information (PI), we are holding or have collected, relating to you is incorrect or incomplete, please inform us as soon as possible so that we can promptly correct it.
7.7 YOUR RIGHTS – PROCESSING OF YOUR PERSONAL INFORMATION FOR A SPECIFIC PURPOSE
We will process and use your Personal Information (PI) only for the specific purpose it was collected for and we will not sell, distribute or lease your Personal Information (PI) (collected via our Website Form or Cookies) to Third Parties unless we have your permission or are required by any applicable law, subpoena, order of court or legal process served on us or to protect and defend our rights or property.
7.8 YOUR RIGHTS – DISCLOSURE OF YOUR PERSONAL INFORMATION (PI)
We may share the Personal Information (PI) collected via our website with:
- our employees, and/or business partners that require the information to fulfil their work duties;
- our suppliers and/or vendors that require the information to assist with your order fulfilment;
- law enforcement (if required to do so);
- our business partners and other third parties who are involved in the delivery of products or services to you, on a basis of informed consent only.
8. Policy Activation
|Activation||iTRINITY Consulting hereby declares this policy and all the actions stipulated as part of Business-as-Usual practices.|
What are Cookies?
The term “cookies” refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications. A web cookie is a small file which asks permission to be placed on a user’s computer hard drive. Cookies help the user’s browser navigate a website and the cookies themselves cannot collect any information stored on the user’s computer or files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service.
Once the user agrees, the file is added, and the cookie helps to analyse web traffic or lets the user know when he/she visits a particular site. Cookies allow web applications to respond to users as an individual. The web application can tailor its operations to individual user needs, likes and dislikes by gathering and remembering information about user preferences – thus creating a type of user profile.
Traffic log cookies are used to identify which pages are being used and cookies are used to learn more about the way users interact with website content and help to improve user experience when visiting websites by compiling statistical data.
A cookie in no way gives us access to a user’s computer or any information about him/her, other than the data the user chooses to share.
Users can choose to accept or decline cookies.
Most web browsers automatically accept cookies, but users can usually modify their browser settings to decline cookies if you prefer. The downside is that it can prevent users to take full advantage of Websites’ functionality.