SOUTHERN AFRICA INSTITUTE OF MANAGEMENT SERVICES
Category: Marketing & Communication
Policy Number: SAIMAS 2021 - 12
Effective Date: 01-06-2021
Policy description: To address the requirements of the Protection of Personal Information Act, 2013 (POPIA)
Related Policies and guidelines: SAIMAS Constitution and Marketing and Communication Policy Approved By: Institute Council
Committee/person Responsible: Executive President and Secretary Amended:
Review Due: 03-03-2026
This policy was prepared to address the requirements of the Protection of Personal Information Act, 2013 (POPIA). This policy will be updated at such intervals as may be deemed necessary and will be made available at the SAIMAS’ premises and on its website.
The purpose of this policy is to enable the SAIMAS to:
• comply with the law in respect of the personal information it holds about individuals.
• follow good practice.
• protect SAIMAS’ staff/council members and other individuals.
• protect the institute from the consequences of a breach of its responsibilities.
Further, the purpose of this manual is to ensure that the public is aware of:
• how the SAIMAS will handle personal information.
• the kind of personal information that the SAIMAS processes.
• how complaints can be made in relation to the processing of their personal information.
2. DEFINITION OF PERSONAL INFORMATION
Personal information is “personal information” as defined in terms of section 1 of the Protection of Personal Information Act 4 of 2013 (“POPIA”). This is information relating to an identifiable, living natural person or existing juristic person. Please refer to POPIA for a detailed definition and various types or categories of personal information.
3. CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION COLLECTED
The SAIMAS only collects general personal information (some of which may be publicly available) and aims to only collect that personal information which is necessary for it to carry out its services and other membership benefits provided to you. The SAIMAS collects the following personal information:
Members – such as name, contact details, email, physical and postal addresses, company details, designations, professional experience, work experience (CVs) and qualifications. Member profiles provide for other information to be provided but this is voluntary information that can be provided at the discretion of the member.
Non-members – such as name, contact details, email, physical and postal addresses, company details, designations. Non-member profiles provide for other information to be provided but this is voluntary information that can be provided at the discretion of the non-member. These are persons normally attending SAIMAS activities like workshop, webinars and conferences.
Suppliers/Procurement – such as company name, address and contact details, banking details, VAT number and BEE certificate/level information.
Employers of members and non-member – such as companies/government department name, address and contact details, banking details, VAT number.
Employees – all applicable employee information required to be kept from a labour law perspective and running of the organisation. Such information relates to internal employees and not external clients. As such the rest of this Policy will not cover Employee Information as this is dealt with in SAIMAS internal HR Policies. Furthermore, external parties (unless with applicable court orders or legal reasons) shall not have access to such Employee Information.
4. HOW PERSONAL INFORMATION IS COLLECTED
Your personal information is obtained directly from you either via online forms on our website or submitted on paper forms, email communications, and on occasion telephonically (only under specific circumstances and at your request).
5. PURPOSE FOR COLLECTING PERSONAL INFORMATION
The SAIMAS collects personal information for the following purposes:
a. To process your membership application and to provide you with services offered and requested.
b. To understand your specific needs and requirements, and in order to improve the SAIMAS member benefit, service and value offering.
c. To provide you with SAIMAS communications in relation to the services being rendered, and keeping you informed of governance related updates.
d. To provide you with SAIMAS journal/newsletter in relation to the services being rendered, and keeping you informed of management services trends, news and developments and related updates.
e. To provide you with SAIMAS related benefit/marketing material due to your past interaction and use of the SAIMAS services.
f. To ensure payment to suppliers for services procured.
g. For health and safety purposes.
h. For statistical, historical and/or reporting purposes.
The SAIMAS will always ask for your permission before it uses your personal information for any purpose not disclosed above or unrelated to the operations/services of the SAIMAS and its use in the ordinary course of business.
6. RECIPIENTS OF PERSONAL INFORMATION
The personal information collected is used only by the SAIMAS and its employees in the rendering of its organisational purpose and services. Only in instances where the sharing of personal information to recipients outside of the SAIMAS is necessary in order to fulfil a SAIMAS obligation or service will such information be provided.
7. PERSONAL INFORMATION SHARED TO THIRD PARTIES
As part of the member benefits provided to SAIMAS Members, the SAIMAS may be required to provide third party service providers with minimal Member personal information (such as for example:
name, membership number, contact details) in order to provide such Member Benefits. Personal information provided to third party service providers for such purposes, will be limited to only that information which is necessary in order for the member to enjoy such benefit which he/she is entitled to. No further information will be provided, and third-party service providers are prohibited from using Member details for any other purpose other than providing the Member benefit or for statistical and historical purposes.
Your privacy is important to us. The SAIMAS will therefore not sell, rent nor provide your personal information to unauthorised entities or to third parties for their independent use without your consent. The SAIMAS will release your personal information to a party if it believes that SAIMAS is required by law or by a court or statutory body to do so. The SAIMAS will also disclose your personal information if the SAIMAS believes that it is necessary to prevent or lessen any unlawful or harmful actions and to protect and defend legitimate business interests, rights, or property of the SAIMAS. SAIMAS will inform you when your personal information must be released.
8. PROTECTION OF PERSONAL INFORMATION
The SAIMAS values the information that you choose to provide to us and will therefore take reasonable steps to protect your personal information from loss, misuse or unauthorised alteration. The SAIMAS conducts regular security testing of its servers and ensures that its employees are trained around protection of personal information to ensure that your personal information is used correctly and protected.
When you use the services or facilities provided by the SAIMAS, you may be given an access number, user name, password and/or personal identification number ("PIN"). You must always keep your user name, access card, password and/or PIN a secret and ensure that you do not disclose it to anyone. The SAIMAS shall not be held responsible for personal information accessed as a result of you providing someone your SAIMAS profile username and password. Upon your request the SAIMAS will provide you with its records of the personal information you provided to us. For security reasons, this information will only be sent to the e-mail address on file for the subscriber username and password associated with it.
If you wish to object to the SAIMAS processing your personal information, kindly complete Form 1 (Annexure A) in terms of POPIA and send same to the Information Officer at the SAIMAS or to saimas@global,co,za. Objecting to the processing of your personal information, may result in services being stopped, access or implementation issues and/or other service inefficiencies and communications.
9. STORAGE OF PERSONAL INFORMATION AND RETENTION THEREOF
Personal information is stored on the SAIMAS computers located onsite and, in the cloud, (which in this case may be hosted outside of South Africa, see Clause 10 below) which is accessed by SAIMAS internal employees only. Personal information will only be retained for so long as necessary to carry out the function, Services required and/or for historical and statistical use by the SAIMAS.
Personal Information no longer required for the purposes of rendering services to you or after completion of services, will be destroyed. The SAIMAS undertakes to ensure that personal information shall not be stored for longer than 5 years, unless required to do so by law or other regulatory obligations and/or for historical record purposes. The SAIMAS however may maintain de-identified information for statistical purposes.
10. TRANS-BORDER FLOW OF PERSONAL INFORMATION
Your personal information may be stored on servers located outside of South Africa due to the SAIMAS’ requirements. The SAIMAS however undertakes to ensure that service providers used for such cloud servers and/or services are obliged to comply with the highest standards of data protection to ensure the security of your personal information.
11. LINKS ON SAIMAS WEBSITE OR EMAIL COMMUNICATIONS
12. PERSONAL INFORMATION HELD BY OR DISCLOSED BY YOU TO THIRD PARTIES
13. CORRECTION OF PERSONAL INFORMATION
14. ACCESS TO PERSONAL INFORMATION HELD BY THE SAIMAS
See the SAIMAS PAIA Manual for detailed information around your rights to access information held by the SAIMAS and applicable steps to follow.
15. CHANGES TO THIS POLICY
The SAIMAS may change this Policy at any time. The most current version of this Policy will be displayed on the SAIMAS website. If you use this website or any of the services or facilities offered by the SAIMAS after the SAIMAS has displayed a change to this Policy, you will be deemed to have read and agreed to the change.
16. APPLICABLE LAWS
This Policy will be governed by the laws of the Republic of South Africa. Specifically, the SAIMAS undertakes to comply with the provisions of POPIA and the Promotion of Access to Information Act No.2 of 2000 (“PAIA”). In so far as the SAIMAS collects and uses personal information relating to European Citizens (who may elect to be SAIMAS Members), the SAIMAS undertakes to uphold and comply with the data protection obligations in terms of the General Data Protection Regulation (GDPR) (EU) 2016/679 so far as it applies to the SAIMAS and in a proportionally manner based on the type and amount of information held. For more information on the GDPR see The European Commission website