Page 1 of 5

InfoLogistics South Africa (Pty) Ltd

T. +27 (087) 720-1054

E. info@infologistics.co.za

W. www.infologistics.co.za

Company Registration No:

2020/035007/07

VAT No.

4710296106

PoPIA PRIVACY AND DATA PROTECTION POLICY

1. INTRODUCTION

The Protection of Personal Information Act, 2013 (“POPIA”) provides for 8 Data protection Information

principles to apply with to ensure the protection of all data that relates to companies, employees and Clients.

The Promotion of Access to Information Act, 2 of 2000 provides for access to such information and in which

instances it may be refused.

2. PURPOSE

Data privacy and data protection is important to InfoLogistics and this Policy sets out the POPIA principles in

line with existing FAIS requirements to ensure the safekeeping of all Data by InfoLogistics and

Persons/Employees/Parties (as applicable). This Policy applies to all Data obtained via products, services,

websites, events operated by InfoLogistics or by any other means.

3. DEFINITIONS

 Information: means any Data relating to the Data Subject and include reference to personal

information.

 Data Subject: means the person to whom the personal information relates and can include Clients,

employees and/or Company information.

 Processing: Any use by any means of a Data Subject’s Information.

4. THE 8 POPIA PRINCIPLES

Principle 1: Accountability: InfoLogistics must appoint an Information Officer who will be responsible for

ensuring that the 8 POPIA information principles are implemented and enforced in InfoLogistics.

Principle 2: Processing Limitation: Only necessary Information should be collected, directly from the person to

whom the Personal Information relates and with their consent and the processing should be for a lawful

purpose.

Principle 3: Purpose specification: Personal Information should be collected for a specific purpose and the

Data Subject must be made aware of the purpose for which it was collected.

Principle 4: Further processing limitation: Further processing of Personal Information must be compatible with

the purpose for which the information was collected (Principle 3).

Principle 5: Information quality: Reasonable steps must be taken to ensure that all Information collected is

accurate, complete, not misleading and up to date in accordance with the purpose for which it was collected

(Principle 3).

Principle 6: Openness: The Party collecting the Information must be transparent and inform the applicable

Regulator if it is going to process the Information and ensure that the Data Subject has been made aware that

his/her Information is going to be collected.

Page 2 of 5

InfoLogistics South Africa (Pty) Ltd

T. +27 (087) 720-1054

E. info@infologistics.co.za

W. www.infologistics.co.za

Company Registration No:

2020/035007/07

VAT No.

4710296106

Principle 7: Security Safeguards: The integrity of the Information under the control of a party, must be secured

through technical and operational measures.

Principle 8: Data Subject Participation: Data Subjects have the right (free of charge) to request confirmation

from the party that holds their Information on the details they hold and may request for it to be

amended/deleted.

5. PRACTICAL IMPLICATIONS OF THE POPIA DATA PROTECTION PRINCIPLES

Appointment of the Information Officer:

InfoLogistics has appointed an Information Officer who is a senior person in InfoLogistics, who will be

responsible for ensuring that InfoLogistics has been properly informed and trained on ensuring the

safekeeping and protection of Information in InfoLogistics and that the required processes are implemented to

ensure compliance.

The Information Officer can be contacted at

Tel: +27 (087) 720-1054 or

Email: info@infologistics.co.za

Information Purpose:

The type of Information InfoLogistics collects will depend on the purpose for which the Data is collected and

used.

InfoLogistics will collect the necessary Information from Data Subjects for various purposes, including the

following:

 rendering suitable services for e.g. services (including the rendering of advice and intermediary

services) and administrative services to Data Subjects;

 improving services and product offerings to Data Subjects;

 providing information and resources most relevant and helpful to Data Subjects;

 appointing suitable individuals/companies to provide services/products to Data Subjects;

 ensuring compliance with legislation that requires specific information to be collected.

Access to Information:

 Data Subjects have the right to request a copy of the Information that InfoLogistics hold on them or

their business. Should a Data Subject wish to obtain any such information, the Data Subject may

request it by contacting the Information Officer on the details provided above. Any such access

request may be subject to the payment of an allowable administration fee.

 InfoLogistics will not disclose or share Information relating to any Data Subject unless: it is specifically

agreed with the Data Subject; it is already publicly available or in the interests of the public; required

in terms of Law or if InfoLogistics believes in good faith that the Law requires disclosure thereof.

Page 3 of 5

InfoLogistics South Africa (Pty) Ltd

T. +27 (087) 720-1054

E. info@infologistics.co.za

W. www.infologistics.co.za

Company Registration No:

2020/035007/07

VAT No.

4710296106

 InfoLogistics’ PAIA Manual (in terms of the Promotion of Access to Information Act, 2 of 2000) sets out

the process for access by third parties to a Data Subject’s Information kept by InfoLogistics, and the

instances in which it may be refused.

Collection of Information:

 General: InfoLogistics collects Information in various ways e.g. directly from individuals (for example,

when purchasing a product, solution or service, registering an account, using a product, or signing up

for a newsletter), from employers, publicly available information, through cookies, and/or similar

technology. Where possible, InfoLogistics must inform Data Subjects which information they are

legally required to provide to InfoLogistics, and which information is optional. With the Data Subject’s

consent, InfoLogistics may supplement the information with other information received from other

companies and/or organizations such as the South African Revenue Services (SARS) in order to

enable InfoLogistics to render suitable and proper services to Data Subjects.

 User Supplied Information: The Data Subject may be required to provide some personal information,

for example, his/her name, address, phone number, email address, payment card information (if

applicable), and/or certain additional categories of information as a result of using/receiving

professional services, purchasing products or solutions, and using websites and related services.

InfoLogistics will keep this information in a contact database for future reference, as needed.

 Marketing: InfoLogistics may use certain Information provided by Data Subjects to offer them further

services that InfoLogistics believes may be of interest to them or for market research purposes. These

services are subject to prior consent being obtained from Data Subjects. If a Data Subject no longer

wishes to receive further services or offers from InfoLogistics, it may unsubscribe from the services or

contact the Information Officer at the contact details provided above.

 Usage and Web server logs: InfoLogistics may track information about a Data Subject’s usage and

visits on InfoLogistics’ website. This Information may be stored in usage or web server logs, which are

records of the activities on InfoLogistics’ services, products and/or sites. InfoLogistics’ servers

automatically capture and save such Information electronically. Some examples of the Information that

may collected include the Data Subject’s:

o Unique Internet protocol address;

o Name of the Data Subject’s the unique Internet Service Provider

o the city, state, and country from which a Data Subject accesses InfoLogistics’ website

o the kind of browser or computer used;

o the number of links clicked within the site;

o the date and time of visits to the site;

o the web page from which the Data Subject arrived on InfoLogistics’ site;

o the pages viewed on the site;

o Certain searches/queries conducted on the site via InfoLogistics’ services, products and/or

websites.

o the information collected in usage or web server logs help InfoLogistics’ to administer the

services, products and sites, analyse its usage, protect the product and/or website and

content from inappropriate use and improve the user's experience.

 Cookies: In order to offer and provide a customized and personal service through InfoLogistics’

products and websites, InfoLogistics may use cookies to store and help track information about the

Data Subject. A cookie is a small text file sent to the Data Subject’s device that InfoLogistics uses to

store limited information about the Data Subject’s use of the services, products or website.

Page 4 of 5

InfoLogistics South Africa (Pty) Ltd

T. +27 (087) 720-1054

E. info@infologistics.co.za

W. www.infologistics.co.za

Company Registration No:

2020/035007/07

VAT No.

4710296106

InfoLogistics uses cookies to provide the Data Subject with certain functionality (such as to enable

access to secure log-in areas and to save the Data Subject having to re-enter Information into

product, services or website forms) and to personalize InfoLogistics’ services, products or website

content. Without cookies, this functionality would be unavailable.

Retaining of Information:

InfoLogistics may retain personal information for purposes of reporting, administration, monitoring its website

or to communicate with Data Subjects. Information may be retained only to serve the purpose of collecting the

Information and be deleted/destroyed once the purposes has been fulfilled, subject to subject to other

Regulatory requirements where Information is to be kept for a specific prescribed period. Information and

records of a personal nature of Clients and/or Employees will be stored for a period of 5 years before being

destroyed.

Correcting/Amending/Updating/Deletion of Information:

Data Subjects are required to inform InfoLogistics should there be any changes to the Information kept by

InfoLogistics. A Data Subject may request InfoLogistics to correct, amend, update or delete its Information at

any time when applying or making use of any products, services or solutions of InfoLogistics, by contacting the

Information Officer at the contact details provided above. InfoLogistics will take all reasonable steps to confirm

the Data Subject’s identity before making changes to Information.

Information Security:

InfoLogistics shall apply the following measure to ensure security of Personal information:

 InfoLogistics will take all reasonable precautions to protect Information from loss, misuse,

unauthorized access, disclosure, alteration and destruction.

 InfoLogistics will not sell, rent, or lease mailing lists with Information to third parties and will not make a

Data Subject’s Information available to any unaffiliated parties, except for approved agents, suppliers

and contractors, or as otherwise specifically provided for, as agreed with the Data Subject in writing or

as required in terms of any Law.

 InfoLogistics may disclose Information of a Data Subject or Information about a Data Subject’s usage

of InfoLogistics’ services, products, websites or mobile applications to unaffiliated third parties as

necessary to enhance services, product experience to meet InfoLogistics’ obligations to content and

technology providers or as required by law, subject to agreements in place that provides for the

protection of Information of Data Subjects.

 InfoLogistics has implemented appropriate security measures to help protect Information against

accidental loss and from unauthorized access, use, or disclosure. InfoLogistics stores Information

about Data Subjects in a restricted access server with appropriate monitoring and uses a variety of

technical security measures to secure Information, including intrusion detection and virus protection

software. InfoLogistics may also store and process Information in systems located outside

InfoLogistics’ premises or the Data Subject’s home country. However, regardless of where storage

and processing may occur, InfoLogistics takes appropriate steps to ensure that Information is

protected as required under relevant Data Protection/Privacy laws.

 The Data Subject’s access to some of InfoLogistics’ services and content may be password protected

and non-disclosure of such usernames and passwords are required to ensure the safekeeping of the

Data Subjects Information. It is recommended that the Data Subject sign out and close the browser of

the account or service at the end of each session.

Page 5 of 5

InfoLogistics South Africa (Pty) Ltd

T. +27 (087) 720-1054

E. info@infologistics.co.za

W. www.infologistics.co.za

Company Registration No:

2020/035007/07

VAT No.

4710296106

 InfoLogistics is legally obliged to provide adequate protection of Information, hold and prevent

unauthorised access and use of Information, InfoLogistics is therefore committed to ensure that all

Information of the Data Subject (Clients and/or Employees) will be kept safe and secure and not be

disclosed to any unauthorized third parties, without the consent of the relevant Data Subject.

 InfoLogistics may from time-to-time transfer Information within and between various worldwide

locations in compliance with the country of origin’s regulations and this Policy.

 Persons/Employees/Parties (as applicable) are not allowed to disclose any Information to any

unauthorized third party as it may lead to a breach, disciplinary action and possible dismissal.

 InfoLogistics takes reasonable steps to protect Personal Information, which is held in a firewalled

server. InfoLogistics can however not guarantee the security of information transmitted to it

electronically from Data Subjects and they do so at their own risk. InfoLogistics maintains

administrative, technical and physical safeguards to ensure protection of information against loss,

misuse or unauthorized access, disclosure, alteration or destruction of the information provided to

InfoLogistics by the Data Subject or you’re the Data Subjects employer. InfoLogistics seeks to ensure

compliance with Data Protection/Privacy regulations, laws and industry best practices in respect of the

security of a Data Subjects Personal Information and despite InfoLogistics’ best endeavors to ensure

protection of information. Where the Data Subject is located in another country with other data

protection/privacy laws, InfoLogistics may transfer Personal Information to such other countries but

they may not always guarantee the same level of protection for Personal Information as the one in

which the Data Subject resides (despite InfoLogistics’ best endeavors to ensure protection of

Information. By providing information to InfoLogistics, the Data Subject consents to these transfers.

6. APPROVAL OF THE POPIA PRIVACY AND DATA PROTECTION POLICY

Name & Surname

Title

Signature

Date

David O’Rourke

Director

dd/mm/yyyy

Shawn Lourens

Information Officer

dd/mm/yyyy