The Protection of Personal Information Act (POPIA) is set to take effect on 1 July 2020

The POPI Act is a comprehensive privacy law that is mandatory for all businesses within the private and public sector that process personal information in South Africa. It seeks to protect and regulate the processing of personal information, falling into the broader Constitutional right to privacy.

The POPI Act requires businesses to regulate how information is organised, stored, secured, and discarded. This ensures that the business can maintain the integrity and confidentiality of its clients’ and employees’ personal information by preventing loss, damage, and unauthorised access to the personal data. The Act therefore guarantees that personal information will be used in a responsible and ethical manner by businesses from the time it is collected until the time it is destroyed.

The commencement of certain sections of the POPI Act, which took effect on 1 July 2020, deals with, among other things:

  • the purpose of the Act,
  • the application and exclusion provisions,
  • the lawful processing of personal information and exemptions thereof,
  • sections relating to the Information Officer,
  • prior authorisation,
  • codes of conduct issued by the Information Regulator,
  • provisions regulating direct marketing by means of unsolicited electronic communications,
  • enforcement, complaints, offences, and penalties

POPIA was signed into law in 2013 but did not take full effect at the time. Various developments have since taken place such as the appointment of the Information Regulator in 2016 and final POPI Regulations which were published in 2018.

The act aims to protect personal information, falling into the broader Constitutional right to privacy. POPIA seeks to regulate every step of the processing of personal information from how personal information must be handled when it is collected until the time it is destroyed. But what exactly should be considered as personal information and what does processing mean?

Personal information broadly means any information relating to an identifiable, living, natural person or where applicable, an identifiable, existing juristic person (companies, CC’s etc.) and includes, but is not limited to:

  • contact details: such as email addresses, telephone numbers, physical addresses etc.
  • demographic information: such as age, sex, race, ethnicity etc.
  • information relating to the education or medical, financial, criminal, or employment history of the person
  • biometric information: such as fingerprints
  • the personal opinions, views or preferences of the person
  • the views or opinions of another individual about the person
  • private correspondence sent by the person or further correspondence that would reveal the contents of the original correspondence
  • The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Processing means anything that can be done with the Personal Information including collection, usage, storage, dissemination, modification, or destruction.

We may share this information with:

The only person/s entitled to access data covered by this notice are the Mizu staff who need to access the information for the execution of their direct work services or required outputs.

When will we process your personal information:

In terms of the Protection of Personal Information Act (POPIA), the justification ground which we base our processing on consists of the following:

  • The data subject or a competent person where the data subject is a child consents to the processing. Kindly note that you have the right to withdraw your consent;
  • The processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is a party;
  • The processing complies with an obligation imposed by law on the business;
  • The processing protects a legitimate interest of the data subject;
  • The processing is necessary for the proper performance of a public law duty by the business;

Or

  • The processing is necessary for pursuing the legitimate interests of the business or of a third party to whom the information is supplied.

How we store your personal information:

Your information is securely stored:

Where data is stored on paper, it will always be kept in a secure place where an unauthorised person cannot access or see it.

This also applies to data stored electronically, which has been printed out were necessary for record purposes.

We will keep your information for no longer than necessary for the purpose for which it was obtained. If a document and/or information is no longer required, we will dispose of your information by deleting it and/or shredding hard copies of the information.

Your data protection rights:

  • You may request Mizu to correct or supplement any of your personal data.

 

How do we use cookies ?

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. Specific cookies known as HTTP cookies are used to identify specific users and improve your web browsing experience.

Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer.

When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.