POPIA mainly intends to:
The Fund is committed to:
There are mainly three role players involved.
(a) The Fund (which is the responsible party in terms of POPIA),
(b) The participating employer, the administrator, other relevant service providers, advisers and members on the Joint Forum (which are operators or authorised persons in terms of POPIA), and
(c) The member (which is a data subject in terms of POPIA).
The Fund is committed to the adherence and compliance of POPIA and is committed to ensuring the protection of the personal information of members. The purpose of this policy is to ensure that the Fund and its operators and authorised persons process personal information responsibly and in a manner which demonstrates its commitment to upholding the right to privacy of members and Fund Officers, subject to justifiable limitations.
It further establishes a common standard on the appropriate protection of personal information of members and provides general principles regarding the right of individuals to privacy and to reasonable safeguarding and protection of their personal information. This policy also specifies minimum requirements and standards that are to be adhered to with regard to the processing of personal information by operators and authorised persons.
The Fund may outsource services related to its data protection and IT management to its respective service providers. The Board of Management, however, remains committed to minimising and managing the risks relating to maintaining and protecting all Fund data:
The Board of Management is equally committed to minimising and managing the operational risks that result from the Fund’s operations with specific reference to data and IT systems.
The Board of Management, in its commitment to comply with POPIA, will require that the Fund’s operators and authorised persons adhere to the lawful processing of personal information in line with POPIA.
This policy is applicable to the protection and processing of personal information throughout the information life cycle, from the point of first collection of personal information until the time that such information is destroyed or de-identified. The policy applies to the Fund, its members, the Board of Management, all service providers contracted with the Fund to deliver various services for the Fund and its members and authorised persons.
The Board of Management will take reasonable steps to ensure lawful processing of all personal information of members, taking into account these key principles:
The Fund, as the responsible party, will adopt the following measures and/or procedures to achieve compliance with the provisions of POPIA and any other data protection laws:
Members have the right to access the personal information that the Fund or an operator holds about them. Members and Fund Officers also have the right to request the Fund operators to update or correct their personal information. The Fund and its operators must take all reasonable steps to confirm a member’s identity before providing details of their personal information to them or making changes to their personal information.
The Fund’s complaints procedure described in clauses 8.12 and 8.13 must, at a minimum, contain the following: