MELON CONSULTING (PTY) LTD IS COMMITTED TO COMPLIANCE WITH, AND ADHERES TO, THE PROTECTION OF PERSONAL INFORMATION ACT No 4 of 2013, AND CAN CONFIRM THAT WE COMPLY WITH THIS LEGISLATION.
- INTRODUCTION
This Data Protection and Information Sharing Policy describes the way that Melon Consulting (Pty) Ltd registration no will meet its legal obligations and requirements concerning confidentiality and information security standards. The requirements within the Policy are primarily based upon the Protection of Personal Information Act, No 4 of 2013. - DEFINITIONS
Consent means the voluntary, specific and informed expression of will;
Data Subject means the natural or juristic person to whom the Personal Information relates;
Direct Marketing means approaching a Data Subject personally for the purpose of selling them a product or service, of requesting a donation;
POPIA means the Protection of Personal Information Act, No. 4 of 2013;
Personal Information means information relating to an unidentifiable, living, natural person, or an identifiable, existing juristic person, as defined in POPI;
Processing means an operation or activity, whether or not by automatic means, concerning Personal Information;
PAIA means the Promotion of Access to Information Act, No 2 of 2000;
Responsible Party means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information - PURPOSE OF THIS POLICY
The purpose of this Policy is to inform Data Subjects about how Melon Consulting Processes their Personal Information.
Melon Consulting, in its capacity as Responsible Party, shall strive to observe, and comply with its obligations under POPIA as well as accepted information protection principles, practices and guidelines when it Processes Personal Information from or in respect of a Data Subject.
This Policy applies to Personal Information collected by Melon Consulting in connection with the services which Melon Consulting provides. This includes information collected directly from you as a Data Subject, as well as information we collect indirectly though our service providers who might collect your information on our behalf.
This Privacy Policy does not apply to the information practices of Third-Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Melon Consulting does not manage or employ. These Third-Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them. - PROCESS OF COLLECTING PERSONAL INFORMATION
Melon Consulting collects Personal Information directly from Data Subjects as and when required for a defined purpose, unless an exception is applicable (such as, for example, where the Data Subject has made the Personal Information public or the Personal Information is contained in or derived from a public record).
Melon Consulting will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
Melon will also in some cases collect information through from Third Parties. Where Melon Consulting obtains Personal Information from Third Parties, Melon Consulting will ensure that it obtains the consent of the Data Subject to do so. - PERSONAL INFORMATION KEPT
Melon consulting collects personal information of our employees, potential employees, clients, suppliers, business contacts and website users. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Data Subject Personal Information Processed
Clients: Individuals Natural Persons Names; contact details; physical and postal addresses; date of birth; ID number; tax related information; nationality; gender; confidential correspondence
Clients – Juristic Persons / Entities Names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories; beneficiaries; ultimate beneficial owners; shareholding information; BBBEE information
Contracted Service Providers Names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories; beneficiaries; ultimate beneficial owners; shareholding information; BBBEE information
Employees / Directors Names; gender; pregnancy; marital status; race; age; language; education information; financial information; employment history; ID number; physical and postal address; contact details; well-being
Recruitment Information:
Below is also a chart describing the categories of other personal data we collect for recruitment purposes:
Additional personal details, contact details and identifiers. In addition to the personal details listed above, Melon may collect additional personal details for recruitment/employment purposes, such as national identification number, marital/civil partnership status, domestic partners, dependents, emergency contact information, professional calendar availability/scheduling information for meeting/communication purposes.
Education information and professional or employment-related information. Melon Consulting may collect information about your education and professional or employment-related information, such as your employment history.
Melon Consulting may collect information about your education and professional or employment-related information, such as your employment history. Melon Consulting may collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status). Melon Consulting collects this information for specific purposes, such as health/medical information in order to accommodate a disability or illness (subject to legal limits on the timing of collection of such information and other applicable limitations) and to provide benefits; background checks and diversity-related personal information (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.
Documentation required under immigration laws Melon Consulting may collect data on citizenship, passport data, and details of residency or work permit (a physical copy and/or an electronic copy).
Financial information for payroll/benefits purposes Banking and other relevant financial details we need for payroll/benefits purposes.
Requested recruitment information Information requested to provide during the recruitment process, to the extent allowed by applicable law.
Recruitment information you submit Information that you submit in CVs, letters or other written materials (including photographs).
Information generated by us during recruitment Information generated by interviewers and recruiters related to you, based on their interactions with you or basic Internet searches where allowed under applicable law.
Recruitment information received from third parties Information related to you provided by third-party placement firms, recruiters, or job-search websites, where applicable.
Website Users Information:
The Melon Consulting server automatically records information that a browser sends whenever we receive a website visit. These server logs may include information such as visitor web requests, Internet Protocol address, browser type, browser language, the date and time of visitor request and one or more cookies that may uniquely identify the browser. Melon Consulting collects certain information from the visitor’s web browser, including Internet usage information.
When you visit Melon Consulting, we may send one or more cookies – a small file containing a string of characters – to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences or storing session information.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our website.
Melon collects certain information from web beacons on our website to compile anonymous information about our website. Our website may contain electronic image requests that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal information. We merely use them to compile anonymous information about our website.
- PURPOSE FOR PROCESSING PERSONAL INFORMATION
Melon Consulting understands its obligation to make Data Subjects aware of the fact that it is Processing their Personal Information and inform them of the purpose for which Melon Consulting Processes the information.
Melon Consulting will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or for specific, lawful and clear purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.
It will ensure that there is a legal basis for the Processing of any Personal Information. Further, Melon Consulting will ensure that Processing will relate only to the purpose for and of which the Data Subject has been made aware (and where relevant, consented to) and will not Process any Personal Information for any other purpose(s).
Melon Consulting will generally use Personal Information for purposes required to operate and manage its normal operations and these purposes include one or more of the following non-exhaustive purposes:
• for the purposes of providing its services to clients and where relevant, for purposes of doing appropriate client onboarding
• procurement and supply purposes;
• for purposes of monitoring the use of Melon Consulting’s online platforms by Data Subjects.
• in connection with the execution of payment processing functions, including payment of Melon Consulting ‘s suppliers’/service providers’ invoices;
• for employment-related purposes such as recruiting staff, administering payroll, etc.;
• in connection with internal audit purposes (i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
• in connection with external audit purposes. For this purpose, Melon Consulting engages external service providers and, in so doing, shares Personal Information of the Data Subjects with third parties;
• for such other purposes to which the Data Subject may consent from time to time;
• for such other purposes as authorised in terms of applicable law; and
• to comply with any applicable law or any query from Government authorities, including any regulatory authority that has authority over Melon Consulting. - LAWFUL PROCESSING OF PERSONAL INFORMATION
Where Melon Consulting is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where:
Consent of the Data Subject is obtained;
• Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
• Processing complies with an obligation imposed by law on Melon Consulting;
• Processing is necessary for pursuing the legitimate interests of Melon Consulting or of a third party to whom the information is supplied.
• Melon consulting will make the manner and reason for which the Personal Information will be Processed clear to the Data Subject.
• Where Melon Consulting is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to Melon Consulting’s Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under POPIA.
• If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, Melon Consulting will ensure that the Personal Information is no longer Processed. - SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
Special Personal Information is sensitive Personal Information of a Data Subject and Melon Consulting acknowledges that it will generally not Process Special Personal Information unless:
• Processing is carried out in accordance with the Data Subject’s consent;
• Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
• Processing is for historical, statistical or research purposes, subject to stipulated safeguards;
• Information has deliberately been made public by the Data Subject; or
• specific authorisation applies in terms of POPIA.
Melon Consulting acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of the parent or guardian of that Child or where it is permitted to do so in accordance with applicable laws. - SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
Melon Consulting may transfer personal data to our service providers, partners, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Melon’s internal policies. - GENERAL DESCRIPTION OF INFORMATION SECURITY MEASURES
Melon Consulting attaches great importance to the right to privacy and the protection of personal information.
Melon Consulting protects personal information in accordance with applicable laws and our data privacy policies. In addition, Melon Consulting maintains the appropriate technical and organizational measures to protect personal Information against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage there to.
- RETENTION OF PERSONAL INFORMATION RECORDS
Melon Consulting may keep records of the Personal Information, correspondence, or comments it has collected in an electronic or hardcopy file format.
In terms of POPIA, Melon Consulting may not retain Personal Information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances:
• where the retention of the record is required or authorised by law or by any Government authority;
• Melon Consulting requires the record to fulfil its lawful functions or activities;
• retention of the record is required by a contract between the parties thereto;
• the Data Subject has consented to such longer retention; or
• the record is retained for historical, research, archival or statistical purposes provided safeguards are put in place to prevent use for any other purpose. Accordingly, Melon Consulting will, subject to the exceptions noted in this Policy, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
• Once the purpose for which the Personal Information was initially collected and processed no longer applies or becomes obsolete, Melon Consulting will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information. In instances where we de-identify your Personal Information, Melon Consulting may use such de-identified information indefinitely.
- KEEPING PERSONAL INFORMATION ACCURATE
Melon Consulting will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.
Melon Consulting may not always expressly request the Data Subject to verify and update his/her/its Personal Information unless this process is specifically necessary.
Melon Consulting, however, expects that the Data Subject will notify Melon consulting from time to time in writing of any updates required in respect of his/her/its Personal Information. - RIGHTS OF THE DATA SUBJECT
POPIA read with the relevant provisions of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) confers certain access rights on Data Subjects.. These rights include –
- a right of access: a Data Subject having provided adequate proof of identity has the right to: (i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or (ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
a) Melon Consulting to confirm, free of charge, whether it holds any Personal Information about him/her/it; and
b) To obtain from Melon Consulting the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided: (a) within a reasonable time; and (b) in a reasonable manner and format and in a form that is generally understandable.
- a right to request correction or deletion: a Data Subject may also request Melon Consulting to:
a) correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
b) destroy or delete a record of Personal Information about the Data Subject that Melon Consulting is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions.
c) On receipt of such a request, Melon is required to, as soon as is reasonably practicable:
correct the information;
delete or destroy the information;
provide the Data Subject with evidence in support of the information; or
where the Data Subject and Responsible Party cannot reach agreement on the request and if the Data Subject requests this, Melon Consulting will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
- a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing Melon Consulting with notice to such effect. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
Accordingly, Melon Consulting may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information. Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Information.
The Data Subject can request in writing to review any Personal Information about the Data Subject that Melon Consulting holds including Personal Information that Melon Consulting has collected, utilized or disclosed.
Melon Consulting shall respond to these requests in accordance with POPIA and PAIA and provide the Data Subject with any such Personal Information to the extent required by law and any of Melon Consulting’s policies and procedures which apply in terms of the PAIA.
The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in Melon Consulting’s records at any time in accordance with PAIA for accessing information.
If a Data Subject successfully demonstrates that their Personal Information in Melon Consulting’s records is inaccurate or incomplete, Melon Consulting will ensure that such Personal Information is amended or deleted as required (including by any Third Parties).
- CHANGES TO THIS POLICY
Melon Consulting reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.
The current version of this Policy will govern the respective rights and obligations between the Data Subject and Melon Consulting each time that the Data Subject access and use Melon Consulting’s site.
- CONTACTING MELON CONSULTING
All comments, questions, concerns or complaints regarding your Personal Information or this Policy, should be forwarded to us as follows
Contact Details
Head of organisation: Rezan Seedat
Information Officer: Steven Brooks
Address: 6 Tugela Road Vygeboom Durbanville
Telephone Number: 0219755102
Email address: popi@melonconsulting.com
If a Data Subject is unsatisfied with the manner in which Melon addresses any complaint with regard to Melon’s Processing of Personal Information, the Data Subject can contact the office of the Regulator, the details of which are set out below – Website:http://justice.gov.za/inforeg/ Tel: 012 406 4818 Fax: 086 500 3351 Email: inforeg@justice.gov.za