Privacy Policy (POPI Act)
Definitions
'consent' means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;'
'Constitution' means the Constitution of the Republic of South Africa, 1996 (Act 108 of 1996);
'customer' means a natural person or a juristic person who has makes use of our services.
'data / personal information' means information about an identifiable individual, such an individual in this case being the customer.
'private body' means—
(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business or profession; or
(c) any former or existing juristic person, but excludes a public body;
'processing' means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information;
'Promotion of Access to Information Act' means the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000);
'public body' means — (a) any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or (b) any other functionary or institution when—
(i) exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or
(ii) exercising a public power or performing a public function in terms of any legislation;
'record' means any recorded information- (a) regardless of form or medium; (b) in our possession or under our control; and (c) whether or not it was created by Feather-Light Services.
'responsible party' means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
'third party', in relation to a request for access to (b) a record of FLS, means any person (including, but not limited to, a public body) other than the customer.
1. Adherence to POPI Act of South Africa
As of 30 June 2021 all businesses that process the personal data of any individual as part of their operations is required to adhere to the POPI (Protection of Personal Information) Act of South Africa. The following is information regarding how the institution of the act and our adherence to it affects our customers and the processing of their personal data.
1.1 Responsible Party
Alastair Stewart t/a Feather-Light Services (FLS) is the Responsible Party under the POPI Act, and operates in Cape Town, South Africa. FLS is dedicated to respecting the rights and personal information of our customers. We have taken all necessary steps to adhere to the POPI Act in the collection, processing, and protection of our customers’ data. FLS will only collect data that is relevant and necessary to carry out the services we offer.
1.2 Information Officer
The Information Officer for FLS is Alastair Stewart. Anyone needing to contact the Information Officer can do so at alastair@featherlightservices.com.
2. Types of Data Collected:
2.1 Customer Onboarding:
I.) Full names of individuals and companies
II.) Email Addresses
III.) Mobile, Home, and Office telephone numbers
IV.) Physical Addresses of private homes and offices
V.) Onboarding Date
VI.) Financial transaction records
2.2 Data Collected as part of IT services rendered (incidental to and depending on the services that the customer receives, as well as whether they have opted for us to record information as a precaution in the event that they misplace it):
I.) Login details for customer hardware (smartphones, tablets, laptop & desktop computers);
II.) Login details for various software/online accounts (ie. Email address, Username, and passwords);
III.) Software registration/license keys;
IV.) Data from hard drives and other storage media (ie. During data transfer between a client’s devices, or in the process of recovering data from a faulty hard drive or PC). Such data may include files, folders, images, music, videos, emails, and software;
V.) Photographic images and physical properties of hardware, software, and environments, taken in the process of establishing scope of work in order to provide a customer with a quote (includes images of hardware specifications, building layout and elements, spatial measurements, and measurements of electrical and/or internet bandwidth usage);
VI.) Communication with the customer such as emails, text messages, and WhatsApp messages, including voice messages;
VII.) Timelines and details regarding tasks and work carried out for or in behalf of the customer (including hardware & software faults found, correspondence with third party service providers that the customer is subscribed to, specific repair effort details and their results, and any related customer interactions);
VIII.) Remote login credentials for devices in order to assist customers remotely where possible.
2.3 Data Collected as part of Design-specific services rendered:
I.) Private or Business contact details including full names, titles, mobile and telephone numbers, and email addresses, physical addresses, and customer personnel details such as information of employees/business partners;
II.) Website links and Social Media handles;
III.) Brand design information such as logos, symbols, slogans, banners, email signatures, and letterheads;
IV.) Digital photographs which may feature the customer as the subject such as profile images for social media and website banners;
V.) Creative and informational write-ups pertaining to the purpose and goals of a customers’ business;
VI.) Product information including images, descriptions, cost, technical specifications, shipping information, sales procedures;
VII.) Information of business qualifications, memberships, affiliations, and certificates.
2.4 How We Use Collected Data:
2.4.1 Customer Onboarding Information:
I.) Communicating with customers via telephone, email, or text message including voice messages regarding the scheduling of appointments, or in response to requests for IT assistance and questions related to our services, or for the provision of unsolicited IT advice and information.
II.) Generating Invoices and Quotations that reflect the correct customer information for both our and their tax purposes or personal/business records.
III.) Marketing communications in the case where a customer has not opted out of receiving such communication from FLS.
IV.) With consent of the customer, in signing up for a third party service provider or creating a software/online account for the client where signup/activation requires these details.
V.) In the case of physical addresses, these are used to carry out site visits for IT services that cannot be done remotely. This may include sharing the customer’s physical address with a trusted contractor when large installation projects have been requested by the customer. The customer will be notified of the intention to enlist the assistance of a third party’s services.
VI.) Financial records are kept in order to monitor customer payments and outstanding accounts, and for tax purposes. This is also used for FLS's business analytics such as forecasting and business performance summaries and planning.
2.4.2 Data Collected as part of IT services rendered:
I.) This data is used for accessing customer hardware onsite or at our office in order to carry out IT services, such as repairs, set ups, upgrades, and data transfers.
II.) This data is used for accessing customer accounts either onsite or remotely in order to assist with set up, setting configurations, troubleshooting, and securing of accounts following a hacking attempt.
III.) This data is used for registering/licensing software.
IV.) This data is used in the event that a customer requests an upgrade to their storage hardware (eg, HDD to SSD), when a hard drive is faulty and a replacement device has to be configured, and when transferring files to cloud storage or between devices. Faulty hard drives will have their data erased permanently before being discarded. Hard drives which are completely inoperable will have data physically destroyed upon customer request, or will be returned to the customer to dispose of themselves. In the case when a third party specialist’s services is required, this will be indicated to the customer and necessary data will be shared with said third party with the customer’s consent upon giving the go-ahead to use their services.
V.) This data is used in the creation of quotations, ie. for hardware upgrades and replacements, as well quotations for the installation of power or data cables in the home/office of the customer, where a route needs to be drawn up and measurements obtained to quote accurately according to the scope of work and hardware requirements. This data is also used in sourcing compatible hardware and software for replacements and upgrades, for sourcing compatible peripheral devices, and for planning purposes in relation to installation projects and the final placement of hardware/devices.
VI.) This data is used in the form of records of email, text message, and WhatsApp correspondence history with the customer whether in reply to a query, IT assistance request, running correspondence regarding troubleshooting and further actions needing to be taken, confirmation of appointments, and providing quotes and sending invoices to the customer for IT services rendered or hardware/software purchases made.
VII.) This data is used for compiling invoices for IT services rendered, repairs carried out, purchases and installations of software and/or hardware. This information also serves to aid us in carrying out long term IT assistance for the customer where problem diagnoses and attempted fixes may run over multiple appointments/days/weeks.
VIII.) This data is used to remotely connect to a customer’s device in order to carry out IT services.
2.4.3 Data Collected as part of Design-specific services rendered:
I.) This data is used in the drafting and publication of branding design in the form of sketches, wireframes, mock-ups, and completed web and print media for:
website pages, business cards, flyers, brochures, posters, decals, email signatures, social media banners, marketing campaigns, photo editing, videography, and social media posts.
II.) This data is used in the setting up of ecommerce websites and product pages, as well as marketing material in the form of posters and social media posts.
III.) This data is used when a client chooses to feature such details on a web page, social media page, email signature, or letterhead.
3. Data we do not collect:
a.) We do not collect data regarding a clients’ marital status, health condition, biometrics, religious affiliation, political standing, nationality, bank details, travel history, or legal status.
4. How the data will not be used:
a.) A customer’s data will never be shared with any third party or unauthorised person without the consent of the customer, and only in the case where this is necessary to carry out the requested IT assistance (ie. signing up for a service eg. Fibre, online account et c. , or liaising with a service provider the customer is already subscribed to). We will always indicate when a service is not being performed by FLS directly but by a third party, and a customer’s giving the go-ahead for such a service constitutes as giving us consent to share necessary data with said third party.
b.) We will never sell a customer’s data, nor make it publicly available in any format, whether in hard copy or on the web.
5. Where Customer Data is stored:
All data is stored digitally on FLS Administrative computer systems, mobile phones, and trusted Cloud services. We generally do not keep paper copies of a customer’s data unless it is provided to us in this format by the customer.
6. How Customer Data is protected:
a.) A customer’s data is only processed by FLS staff, and only shared with necessary third parties that comply with the POPIA act, and only with the customer’s knowledge/consent.
b.)We use appropriate and up-to-date methods of data protection:
I.) Data encryption and password protection on all systems where the customer’s data is stored;
II.) Anti-hacking systems are in place to ensure low-risk of a data breach (Firewall, DNS security, Antivirus, and Internet browser security);
III.) FLS Staff are trained to identify and deal with malicious attempts to acquire access to sensitive information (ie. email scams and phishing attempts, click baiting, malicious file attachments and links etc.);
IV.) Any paper copies of a customer’s data are shredded prior to disposal;
V.) Customer’s computer hard drives are wiped in a permanent manner as the situation dictates eg. platters destroyed in the case of a non-functional drive, or whole drives completely reformatted and overwritten to render data completely non-recoverable.
7. Customers’ Rights:
7.1. Customers have the right to withhold any personal information, in whole or in part.
7.2. Customers have the right to enquire as to the nature of the personal information FLS has on record.
7.3. Customers have the right to request access to their records of personal information at any time within reason, for a fee as indicated in the PAIA manual.
7.4. Customers have the right to request that part or all of their data in our records be deleted with immediate effect.
7.5. Customers have the right to opt out of any marketing correspondence.
7.6. Customers have the right to make a complaint to the Information Officer and Information Regulator if they feel that their rights to protection of personal information have been violated in any way.
7.7. Customers have the right to appeal a decision to refuse access to personal information by FLS.
8. Acknowledgements/Disclaimers:
8.1 We wish for our customers to understand that in order to offer effective IT assistance, there will be times where we request personal information as described above. While we acknowledge the customers’ right to withhold some or all information, it must be stated that this may limit how well we are able to carry out our services.
8.2 While we take full responsibility for any negligence on our part in storing and processing a customers’ personal data, we will not be held responsible in cases where a customer’s own negligence or ignorance is the cause of a breach of their personal data.
8.3 Where customers request that we sign them up with a third party service provider, they are allowing said third party to collect and process their data. Therefore FLS cannot be held responsible for any lack of adherence to the POPI act by the third party, or data breaches experienced by the third party. It is ultimately the responsibility of the customer to read thoroughly the terms and conditions provided by the third party and to decide whether they are comfortable with the methods by which the third party will collect and process their data.
8.4 We at FLS do our best to ensure that the information we record from the customer is accurate and up to date. However, it is the Customer's responsibility to provide accurate data, and to notify us should their personal details need to be changed in any way to remain accurate (ie. in the event of a change of address, email, phone number etc.).
8.5 According to the PAIA (Promotion to Access of Information) Act and POPI Act, we may be required by law to submit a customer’s information for processing by a legal subsidiary of the Constitution (RSA).
9. Code of Conduct:
9.1. Only authorised FLS staff will request personal information from new or existing customers.
9.2. Only relevant information needed to carry out our services will be requested from our customers.
9.3. Customers will be notified of their right to refuse the recording of their data for future use, and/or request that their data be deleted from our records in whole or in part.
9.4. We will not share a customer’s personal data with any third party without the customers’ consent.
9.5. FLS commits to employing necessary means to ensure the protection of customers’ data.
9.6. FLS commits to keeping up to date with current POPIA regulations and data protection protocols.
9.7. FLS will promptly delete all records of a customer’s data upon request by the customer.
9.8. FLS will promptly provide access to the data on record of the customer upon request, for a fee. When a request for data is made, the quantity and format of the data needed by the customer will be ascertained, upon which a quote will be provided to the customer for the compilation and delivery of the requested data.
9.9. FLS will not use the customers’ data for any purpose other than to carry out the services we offer, and for marketing of products and services related to our business.
9.10. FLS will promptly remove any customer from our mailing list who opts out of receiving promotional/marketing communications.
9.11. FLS will immediately notify the customer(s) of any potential data breach or other threat to their personal data in our possession so that the customer can take the appropriate steps to secure their data.
Last Updated: 30 June 2021
The entirety of the POPI Act can be read here: https://popia.co.za/act/