Data Protection Notice
The purpose of this document is to update you on our status in implementing the Protection of Personal Information Act, No. 4 of 2013 (POPIA) which came into effect on 01 July 2021. The Act promotes the protection of personal information and establishes the minimum requirements for the processing thereof.
This notice applies to all the companies making up Cyberwin, with the specific company processing your information being dependent on the specific service provided.
1. Who we are
Your privacy, and that of the related data subjects, is of utmost importance to us. As an ‘operator’ in terms of the Act, we are committed to keeping personal data confidential and secure, while being transparent in the manner in which we process it.
Our responsibility to you is governed by our contractual arrangement, which requires us to be compliant with all applicable laws and regulations. As such, we are doing all that is necessary to ensure that any non-compliance risk (in our capacity as ‘operator’) is mitigated. As Cyberwin, we have dedicated all the necessary resources to ensure that we are prepared for implementation of POPIA.
2. What we need
Our POPIA Policy governs the use and storage of your data. A copy of our POPIA Data Protection Policy will be available on request at the appropriate time.
Cyberwin is an ‘Operator’ of the personal data, the data subject provides us, often through you, the ‘Responsible party’. We collect and use personal data to administer our relationship with you; including to respond to your enquiries or complaints, to provide our products and services to you, to manage our Contracts with you, to inform you about our products and services, to administer and improve our Services, to respond to requests from authorities, to comply with our contractual and legal obligations, and for other legitimate business purposes.
To achieve this, we collect the following type of personal data:
- In respect of clients and third parties:
- Personal details of principals (including full names, identity numbers, contact details)
- Full address details
- Contact numbers
- Email addresses
- Financial and payment data such as banking details, invoices and payment terms as well as any personal data for fulfilling and legitimate processing billing information
- In respect of Employees:
- First name
- Last name
- Identity / Passport number
- Full address details
- Contact numbers
- Email addresses
- Banking details
3. Why we need it
The above personal data is required in order to provide you with the following:
- Delivery of the contracted service (i.e. consulting or Managed IT Services, Managed Security Services)
- Delivery of product (where applicable)
- Interaction and procurement with third party Vendors
- Account set up and administration
- Meeting internal/external audit requirements
- Invoicing
4. What we do with it
Any personal data is processed at the Cyberwin offices: Prosperity Park, 34 Computer Rd, Milnerton, Cape Town, 7441. Hosting and storage of personal information takes place here.
Whenever Cyberwin uses a third-party supplier or business partner, The Information Officer will ensure that this processor will provide security measures to safeguard personal data that are appropriate to the associated risks. For this purpose, the Processor POPIA Compliance Questionnaire will be used. We will establish a data sharing agreement with the supplier or contractor, to ensure the fair and lawful processing of any personal data we share.
Your personal data may be disclosed to third party service providers, acting on our behalf, in connection with managing services, finance, and accounting or other administrative services and information technology support. These third-party service providers will have access to – and process personal data only on our behalf and under our instructions and will be held to appropriate security obligations.
A list of such partners could be provided to Customers upon request provided there is a legitimate reason.
5. How long do we keep it
In terms of POPIA and other relevant Acts, we are required to keep your documents according to the Data Retention Policy. After this period, your personal data will be irreversibly destroyed. For further information on our personal data retention schedule, our Data Retention Policy can be provided upon request.
6. Client data protection
Several information security controls are in place to protect client data. These controls are in line with the principles and requirements of the Act and are being enhanced on an on-going basis.
These controls include, but are not limited to:
- Physical and logical access controls.
- Password controls.
- Period review of access to critical systems.
- Portable media controls.
- Virus management and firewalls; and
- Information Security Policies and Cyber security controls.
7. What are your rights?
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted (where applicable). Please contact us through the contact details as given, whereupon you will be sent a Data Subject Access Request Form.
In the event that you wish to complain about how we have handled your personal data, please contact Information Officer at InformationOfficer@cyberwin.co.za or in writing to Prosperity Park, 34 Computer Rd, Milnerton, Cape Town, 7441. Our Information Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Regulator and file a complaint with them.
A formal breach reporting process is being finalised and all incidents where client information has been compromised are reported to our Information Officer and any other relevant persons. All affected parties, including you as the client, will be notified of any incident. Each incident is thoroughly investigated, and all key themes and risk issues identified are closed out to prevent any future reoccurrences.
We are here to help
Should you require further information or have any questions on our approach to data protection, please feel free to contact us via email on InformationOfficer@cyberwin.co.za.