Debt Rescue POPI Policy
1. Context and Background
Debt Rescue is committed to protecting the privacy of its clients, employees, and all other data subjects. This policy ensures compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA), reflecting our dedication to the lawful processing of personal information. The policy is designed to safeguard personal information and uphold the constitutional right to privacy, as enshrined in Section 14 of the Constitution of the Republic of South Africa.
2. Definitions
- Data Subject: The individual to whom personal information relates, including Debt Rescue clients, employees, service providers, and other stakeholders.
- Personal Information: Information relating to an identifiable living individual or existing juristic person, including but not limited to name, contact details, identity number, financial details, and other sensitive information as defined under POPIA.
- Processing: Any operation concerning personal information, such as collection, storage, modification, dissemination, or destruction.
- Responsible Party: Debt Rescue, as the entity determining the purpose and means of processing personal information.
- Operator: A third-party who processes personal information on behalf of Debt Rescue under a contract or mandate.
3. Purpose
This policy outlines Debt Rescue’s commitment to protecting personal information and ensuring that all processing activities comply with POPIA. It regulates how personal information is collected, used, stored, and destroyed, promoting transparency and accountability in all data processing activities.
4. Principles
Debt Rescue adheres to the following principles for the lawful processing of personal information:
- Accountability: Debt Rescue is responsible for ensuring compliance with the conditions for lawful processing and takes all necessary measures to protect personal information.
- Processing Limitation: Personal information is processed lawfully and in a manner that respects the privacy of the data subject. Debt Rescue ensures that the processing of personal information is adequate, relevant, and not excessive.
- Purpose Specification: Personal information is collected for specific, explicitly defined, and legitimate purposes related to Debt Rescue’s services, such as debt counselling and client management.
- Further Processing Limitation: Personal information is not processed for secondary purposes unless such processing is compatible with the original purpose.
- Information Quality: Debt Rescue ensures that the personal information it processes is accurate, complete, and up-to-date.
- Openness: Debt Rescue informs data subjects about the personal information it collects, the purpose of the collection, and their rights under POPIA.
- Security Safeguards: Debt Rescue implements appropriate security measures to protect personal information from unauthorised access, loss, or damage.
- Data Subject Participation: Data subjects have the right to access their personal information held by Debt Rescue and request correction or deletion where applicable.
5. Roles and Responsibilities
- Information Officer: Debt Rescue’s CEO is designated as the Information Officer responsible for ensuring compliance with POPIA. The Information Officer is supported by a Deputy Information Officer, who assists in executing these duties.
- Deputy Information Officer: Assists the Information Officer and must have a thorough understanding of Debt Rescue’s operations and be accessible to all data subjects.
6. Processing of Personal Information
Debt Rescue processes personal information in line with the eight conditions for lawful processing as stipulated by POPIA. These include obtaining the necessary consent, ensuring that processing is necessary for the intended purpose, and safeguarding the information appropriately.
7. Privacy Notices
Debt Rescue provides clear privacy notices to inform data subjects about how their personal information is processed. These notices include details on the types of information collected, the purpose of the processing, and the rights of the data subject.
8. Security Measures
Debt Rescue takes reasonable steps to secure personal information using appropriate technical and organisational measures, regularly reviewing and updating these measures to address new risks and threats.
9. Data Subject Rights
Data subjects have the right to:
- Request access to their personal information.
- Request correction or deletion of their personal information.
- Object to the processing of their personal information under certain circumstances.
- Withdraw consent where applicable.
10. Breach Notification
In the event of a data breach, Debt Rescue will notify the Information Regulator and the affected data subjects as soon as possible, providing sufficient information to allow them to take protective measures.
11. Amendments to the Policy
This policy may be updated from time to time to reflect changes in legislation or operational requirements. Debt Rescue will communicate any significant changes to the policy to all stakeholders.