How to Write a Privacy Policy

0132._How_to_Write_a_Privacy_Policy.jpeg

Various businesses may be regulated by industry regulatory bodies, which will extend the scope of a privacy policy. In addition, web-based businesses will need to consider the technical aspects of a privacy policy e.g. the use of cookies. However, the majority of businesses will have made a concerted effort towards PoPI compliance if they develop a clear policy and adhere to that policy. PoPI requires strict adherence to these eight "conditions for the lawful processing of personal information”:

  1. Accountability

  2. Processing Limitation

  3. Purpose Specification

  4. Further Processing Limitation

  5. Information Quality

  6. Openness

  7. Security Safeguards

Sample Policy

XXX regards your right to privacy as being very important and we will take all reasonable measures to ensure that your personal information is protected and maintained accurately.  Personal information is any data which may be able to identify a person. (Information that is in the public domain is excluded from this.)

Accountability

XXX is responsible for ensuring that the collection, storage, processing and even destruction of personal information is in accordance with South African Law. We have procedures in place to ensure that employees who may have access to the information, take all reasonable care and where we reveal this information to third parties as part of a business process (e.g. IT and accounts) we have contractual terms with those parties that they are not able to use this information for their own purposes.

By providing personal information to XXX, you are consenting to this policy. If you are unwilling to do so, we may not be able to give you the correct levels of service.

We may change the terms of this policy at any time. Such changes will be advertised on a XXX website and social media platforms.

Purpose Specification and Processing Limitation

XXX requires your consent to collect personal information and we will inform you of the specific purpose for which we are collecting the information and how such information may be used. We require the following information in order to…………………………………………. (e.g. set up and process your account, or process payment and delivery).

Should XXX intend to utilize the information for any future promotional messages, we will inform you of this and you will be able to opt out at any time.

We may disclose your information to comply with any law; legal or regulatory requirements, or court order; or when personal or public safety is at stake.

XXX will not sell personal information. Should XXX undergo a change of ownership we may disclose the personal information we store and process to the new entity.

Information Quality and Openness

XXX will take all reasonable measures to maintain the accuracy and currency of personal information, as is necessary to fulfill the purpose for which it was collected. XXX will request you to confirm and update your personal information from time to time and you are expected to inform XXX of any material change such as a change of address or contact information, within a reasonable period of time.

We will only retain your information for as long as it is necessary to fulfill the purpose for which it was collected. At such point, we will either request your consent to reprocess that information or we will take practical measures to destroy all digital and physical records. (Save where XXX is required to keep those records according to any South African laws.)

You may request to see all your personal information that is stored by XXX. As part of our security measures, we will ask you to verify that you are the subject of this information. Should you wish to edit or delete any of your information held by XXX, we will comply within a reasonable period of time and we will inform you if this will hamper our ability to provide you with a service.

Security Safeguards

XXX takes all reasonable measures to protect your personal information. We use computer safeguards (e.g. firewalls and data encryption) and we restrict employee access to information to only those employees who require it to do their job. We regularly review these safeguards.

XXX may transfer personal information outside South Africa to a foreign country for processing or storage. You consent to this processing or storage, even though foreign countries may not have such strong privacy laws.

A PoPI aligned privacy policy is necessary to begin the process of compliance, but it is vital that all policies, procedures, and contracts are reviewed and then strictly adhered to.

Author: Janet Askew

 
Was this article helpful?
0 out of 0 found this helpful
Return to top
0 comments