Published using Google Docs
POPI Act
Updated automatically every 5 minutes

Objective

The objective of this policy is to protect BEAL TRAVEL’s information assets from threats, whether internal or external, deliberate, or accidental, to ensure business continuity, minimize business damage and maximize business opportunities. This policy establishes a general standard on the appropriate Protection of Personal Information (POPI) within BEAL TRAVEL. It provides principles regarding the right of individuals to privacy and reasonable safeguards of their personal information as required by the Protection of Personal Information Act 4 of 2013 (POPIA).

Scope

This policy applies to the sole proprietor or key individuals, representatives, and staff of BEAL TRAVEL. The sole proprietor or key individuals (or management) are ultimately responsible for ensuring that information security is properly managed.

 The Information Officer, Marijke van Lelyveld, is responsible for:

 The development and upkeep of this policy,

Ensuring this policy is supported by appropriate documentation, such as procedural instructions,

Ensuring that documentation is relevant and kept up to date,

Ensuring this policy and subsequent updates are communicated to relevant managers, representatives, staff, and customers, where applicable.

Management, representatives, and staff are responsible for adhering to this policy, and for reporting any security breaches or incidents to the Information Officer.

The external individual(s) who (are) contracted to handle the information technology of BEAL TRAVEL must adhere to the same information security as that of BEAL TRAVEL and will confirm by a separate agreement that they have such security measures in place in respect of the processing of personal information.

Key Principles

Management, representatives, and staff members of BEAL TRAVEL are committed to the following principles:

 

To be transparent with regards to the standard operating procedures governing the collection and processing of personal information,

To comply with all applicable regulatory requirements regarding the collection and processing of personal information,

To collect personal information only by lawful and fair means and to process personal information in a manner compatible with the purpose for which it was collected,

Where required by regulatory provisions, to inform individuals when personal information is collected about them,

To treat sensitive personal information that is collected or processed with the highest of care as prescribed by regulation,

Where required by regulatory provisions or guidelines, to obtain individuals’ consent to process their personal information,

To strive to keep personal information accurate, complete, and up to date and reliable for their intended use,

To develop reasonable security safeguards against risks such as loss, unauthorized access, destruction, use, amendment, or disclosure of personal information,

To provide individuals with the opportunity to access the personal information relating to them and, where applicable, to comply with requests to correct, amend or delete personal information,

To share personal information, such as permitting access, transmission, or publication, with third parties only with a reasonable assurance that the recipient has suitable privacy and security protection controls in place regarding personal information,

To comply with any restriction and/or requirement that applies to the transfer of personal information internationally.

Monitoring

Management and the Information Officer of BEAL TRAVEL are responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes.

Management, representatives, and staff of BEAL TRAVEL are to be trained according to their functions in regulatory requirements, policies and guidelines that govern the protection of personal information. BEAL TRAVEL will conduct periodic reviews and audits, where appropriate, to demonstrate compliance with privacy regulations, policy and guidelines.

 Operating controls

BEAL TRAVEL shall establish appropriate privacy standards and operating controls that are consistent with this policy and regulatory requirements.

This will include:

Allocation of information security responsibilities,

Incident reporting and management,

User ID addition or removal,

The signing of Consent and Acknowledgement Forms,

Information security training and education, and

Data backup.

 Implementation

 This policy is implemented by BEAL TRAVEL and will be adhered to by the sole proprietor or all key individuals, representatives and staff who are tasked with collecting and processing personal information. Non-compliance with this policy may result in disciplinary action and possible termination of employment or mandate, where applicable.