List of active policies
| Name | Type | User consent |
|---|---|---|
| Cookie Statement | Site policy | All users |
| Privacy Policy | Privacy policy | All users |
| Personal Data Protection Policy | Privacy policy | All users |
Summary
Please read this policy in conjunction with our privacy notice, which sets out additional details on how we use personally identifiable information and your various rights.
Our site uses cookies to distinguish you from other visitors to provide you with a better experience and to help us improve our site. By continuing to browse our site, you are agreeing to our use of cookies as stated below.
Full policy
What are cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the site or a third-party to recognise you and make your next visit easier and the site more useful to you. Essentially, cookies are a user’s identification card for the Moodle servers. Web beacons are small graphic files linked to our servers that allow us to track your use of our site and related functionalities. Cookies and web beacons allow us to serve you better and more efficiently, and to personalise your experience on our site.
Cookies can be "persistent" or "session" cookies.
How Moodle uses cookies
When you use and access the site, we may place a number of cookie files in your web browser.
Moodle uses or may use cookies and/or web beacons to help us determine and identify repeat visitors, the type of content and sites to which a user of our site links, the length of time each user spends on any particular area of our site, and the specific functionalities that users choose to use. To the extent that cookie data constitutes personally identifiable information, we process such data on the basis of your consent.
We use both session and persistent cookies on the site and we use different types of cookies to run the site:
- Essential cookies. Necessary for the operation of the site. We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer site features.
- Analytical/performance cookies. Allow us to recognise and count the number of visitors and see how visitors move around the site when using it. This helps us improve the way the site works.
- Functionality cookies. Used to recognise you when you return to the site. This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
- Targeting cookies. Record your visit to the site, the pages you have visited, and the links you have followed. We will use this information to make the site more relevant to your interests. We may also share this information with third parties for this purpose.
What are your choices regarding cookies?
If you'd like to
delete cookies or instruct your web browser to delete or refuse cookies, please
visit the help pages of your web browser. Please note, however, that if you
delete cookies or refuse to accept them, you might not be able to use some or
all of the features we offer. You may not be able to log in, store your
preferences, and some of our pages might not display properly.
Cookies tables
The tables below list some of the internal and third-party cookies we use. As the names, numbers, and purposes of these cookies may change over time, this page may be updated to reflect those changes.
Moodle cookies
|
Cookie Name |
Purpose |
Expiration |
More Information |
|
MoodleSession |
You must allow this cookie into your browser to provide continuity and maintain your login from page to page. |
When you log out or close the browser this cookie is destroyed (in your browser and on the server). |
|
|
MOODLEID |
It remembers your username within the browser. This means when you return to this site the username field on the login page will be already filled out for you. |
It is safe to refuse this cookie - you will just have to retype your username every time you log in. |
Summary
The purpose of this policy is to describe the way that we collect, store, use, and protect information that can be
associated with you or another specific natural or juristic person and can be used to identify you or that person
(personal information).
Full policy
1. INTRODUCTION
1.1 Welcome to our privacy policy. We are Wits Health Consortium (Pty) Ltd (Registration number 1997/015443/07) (herein after WHC / we / us) and this is our plan of action when it comes to protecting your privacy. We respect your privacy and take the protection of personal information very seriously.
1.2 References to WHC will include each of WHC’s divisions and be applicable to personal information shared with WHC and its divisions as provided for herein.
1.3 The purpose of this policy is to describe the way that we collect, store, use, and protect information that can be associated with you or another specific natural or juristic person and can be used to identify you or that person (personal information).
2. AUDIENCE
2.1 This policy applies to you if you:
2.1.1 are a visitor to our website;
2.1.2 share any personal information with Wits Health Consortium (Pty) Ltd;
2.1.3 are an employee;
2.1.4 interact and / or communicate with us in any way; or
2.1.5 are our data subject.
3. PERSONAL INFORMATION
3.1 Personal information includes:
3.1.1 certain information that we collect automatically when you visit our website;
3.1.2 certain information collected on registration for training, services, or other purposes and in as far as may be applicable;
3.1.3 certain information collected on submission; and
3.1.4 optional information that you provide to us voluntarily (see below).
3.2 but excludes:
3.2.1 information that has been made anonymous so that it does not identify a specific person;
3.2.2 permanently de-identified information that does not relate or cannot be traced back to you specifically;
3.2.3 non-personal statistical information collected and compiled by us; and
3.2.4 information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy).
3.3 Common examples
3.3.1 Common examples of the types of personal information which we may collect, and process include your:
3.3.1.1 identifying information – such as your name, date of birth, or identification number of any kind;
3.3.1.2 contact information – such as your phone number or email address;
3.3.1.3 address information – such as your physical or postal address; or
3.3.1.4 demographic information – such as your gender or marital status.
3.4 Sensitive personal information
3.4.1 Depending on the personal information submitted to us by yourself, we may also collect sensitive personal information including your:
3.4.1.1 financial information – such as your bank account details;
3.4.1.2 sensitive demographic information – such as your race or ethnicity;
3.4.1.3 medical information – such as information about your physical or mental health;
3.4.1.4 sexual information – such as information about your sex life or sexual orientation;
3.4.1.5 criminal information – such as information about your commission or alleged commission of any offence or about any related legal proceedings;
3.4.1.6 employment information – including your membership of a trade union; and
3.4.1.7 beliefs – including your political or religious beliefs.
3.5 Children’s information
3.5.1 We do collect personal information of children, but only with the consent of a competent person.
4. ACCEPTANCE
4.1 Acceptance required
4.1.1 You must accept all the terms of this policy when you use our services. If you do not agree with anything in this policy, then you may not request our services.
4.2 Legal capacity
4.2.1 You may not access our website or request our services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.
4.3 Deemed acceptance
4.3.1 By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all its terms.
4.4 Your obligations
4.4.1 You may only send us your own personal information or the information of another data subject where you have their permission to do so.
5. CHANGES
5.1 We may change the terms of this policy at any time by updating this web page.
5.2 We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated.
5.3 If you do not agree with the changes, then you must stop using the website and our services.
5.4 If you continue to use the website or our services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.
6. COLLECTION
6.1 On registration and / or submission
6.1.1 Once you interact with us and submit any personal information to us, you will no longer be anonymous to us. In these circumstances, you may provide us with certain personal information.
6.1.2 This personal information may include:
6.1.2.1 your name and surname;
6.1.2.2 your gender, marital status, national, ethnic or social origin, colour, age and / or disability;
6.1.2.3 information relating to the education, criminal and / or employment history;
6.1.2.4 your email address;
6.1.2.5 your telephone number;
6.1.2.6 your company name, company registration number, and VAT number;
6.1.2.7 financial information; and
6.1.2.8 your postal address or street address.
6.1.3 We will use this personal information for the purposes that it was provided for, and for any other purposes set out in this policy or as allowed in terms of legislation.
6.2 From browser
6.2.1 We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).
6.2.2 Please note that other websites visited before entering our website might place personal information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal information.
6.3 Web beacons
6.3.1 Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies.
6.3.2 Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon.
6.3.3 Our web beacons do not collect, gather, monitor, or share any of your personal information. We merely use them to compile anonymous information about our website.
6.4 Optional details
6.4.1 You may also provide additional information to us on a voluntary basis (optional information).
6.4.2 This includes content that you decide to upload or download from our website or respond to surveys, obtain certain services, or otherwise use the optional features and functionality of our website.
6.5 Recording calls
6.5.1 We may monitor and record any telephone calls that you make to us unless you specifically request us not to.
6.6 Purpose for collection
6.6.1 We may use or process any information that you provide to us for the purposes that you indicated when you agreed to provide it to us.
6.6.2 Processing includes gathering your personal information, disclosing it, and combining it with other personal information.
6.6.3 We generally collect and process your personal information for various purposes, including:
6.6.3.1 services purposes – for any services we may provide;
6.6.3.2 business purposes – such as internal audit, accounting, business planning, and joint ventures, disposals of business, or other proposed and actual transactions;
6.6.3.3 legal purposes – such as handling claims, complying with regulations, or pursuing good governance;
6.6.3.4 employment purposes – such as considering and contacting applicants for interviews, drafting employment agreements and keeping agreements on file;
6.6.3.5 administration and maintenance – such as records relating to our employees, Funders and Sponsors;
6.6.3.6 management planning, forecasting, research and statistical analysis;
6.6.3.7 audit and record keeping purposes;
6.6.3.8 research purposes in accordance with the Informed Consent Form of the Study Participant and ethics approval.
6.6.4 We may use your usage information for the purposes described above and to:
6.6.4.1 remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
6.6.4.2 monitor website usage metrics such as total number of visitors and pages accessed; and
6.6.4.3 track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
6.7 Consent to collection
6.7.1 We will obtain your consent to collect personal information:
6.7.1.1 in accordance with applicable law;
6.7.1.2 when you provide us with any information.
7. USE
7.1 Our obligations
7.1.1 We may use your personal information to fulfil our obligations to you and any obligations that we may have in law.
7.2 Messages and updates
7.2.1 We may send administrative messages and email updates to you about the website.
7.2.2 Furthermore, we may communicate with you via email, or other messaging forum, with regards to our services, training offered and any other information that may be relevant to you, and only in accordance with the consent that you have provided.
7.3 Targeted content
7.3.1 In as far as may be applicable, while you are logged into the website, we may display targeted adverts and other relevant information based on your personal information.
7.3.2 In a completely automated process, computers process the personal information and match it to adverts or related information. We never share personal information with any advertiser unless you specifically provide us with your consent to do so.
7.3.3 Advertisers receive a record of the total number of impressions and clicks for each advert. They do not receive any personal information. If you click on an advert, we may send a referring URL to the advertiser’s website identifying that a customer is visiting from the website.
7.3.4 We do not send personal information to advertisers with the referring URL.
7.3.5 Once you are on the advertiser’s website however, the advertiser is able to collect your personal information.
8. DISCLOSURE
8.1 Sharing
8.1.1 We may share your personal information with:
8.1.2 other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our services;
8.1.3 with our sole Shareholder (University of Witwatersrand) and / or any of its companies and / or affiliates;
8.1.4 an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
8.1.5 our services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit) and those to whom we may provide services;
8.1.6 as a Donor funded organisation we may also share personal information with Funders, Sponsors, and Donors;
8.1.7 credit bureaus to report account information, as permitted by law; and
8.1.8 other third parties, as well as third parties who provide us with relevant services where appropriate and vice versa.
8.2 Regulators
8.2.1 We may disclose your personal information as required by law or governmental audit.
8.3 Law enforcement
8.3.1 We may disclose personal information if required:
8.3.1.1 by a subpoena or court order;
8.3.1.2 to comply with any law;
8.3.1.3 to protect the safety of any individual or the general public; and
8.3.1.4 to prevent violation of our customer relationship terms.
8.4 No selling
8.4.1 We will not sell personal information. No personal information will be disclosed to anyone except as provided in this privacy policy. 8
8.5 Marketing purposes
8.5.1 We do not collect or process the Data Subject’s personal information for marketing purposes.
8.6 Employees
8.6.1 We may need to disclose personal information to our employees that require the personal information to do their jobs.
8.6.2 These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.
8.7 Change of ownership
8.7.1 If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity.
8.7.2 We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.
9. SECURITY
9.1 We take the security of personal information very seriously and always do our best to comply with applicable data protection laws.
9.2 Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders.
9.3 We authorize access to personal information only for those employees who require it to fulfil their job responsibilities. We implement disaster recover procedures where appropriate.
10. ACCURATE AND UP TO DATE
10.1We will try to keep the personal information we collect as accurate, complete, and up to date as is necessary for the purposes defined in this policy.
10.2From time to time we may request you to update your personal information on the website. You can review or update any personal information that we hold on you by accessing your account online, emailing us, or phoning us.
10.3Please note that to better protect you and safeguard your personal information, we take steps to verify your identity before granting you access to your account or making any corrections to your personal information.
11. RETENTION
11.1We will only retain your personal information for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:
11.1.1 retention of the record is required or authorised by law; or
11.1.2 you have consented to the retention of the record.
11.2During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information.
11.3We may retain your personal information in physical or electronic records at our discretion.
12. TRANSFER TO ANOTHER COUNTRY
12.1We may transmit or transfer personal information outside of the country in which it was collected to a foreign country and process it in that country.
12.2Personal information may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal information may not be as stringent as the laws in the country in which it was collected.
12.3You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be less stringent.
13. RECTIFICATION, UPDATING OR ERASURE OF PERSONAL INFORMATION
13.1You may choose to rectify, update or request that we erase the personal information you have submitted to us, by contacting us by phone or email.
14. LIMITATION
14.1We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.
15. RESPONSE TO PERSONAL INFORMATION BREACH
15.1If we suspects or becomes aware of any unauthorized access to any personal information held by us by any unauthorised person or third party, or if we becomes aware of any other security breach relating to personal information held or stored by WHC as envisaged in this Policy, WHC shall immediately notify you in writing.
15.2In the event of a Personal Information Breach, WHC shall fully and immediately comply with applicable laws, and shall take the appropriate steps to remedy such Personal Information Breach.
16. ENQUIRIES
16.1If you have any questions or concerns arising from this privacy policy or the way in which we handle personal information, please contact us.
17. IMPLEMENTATION AND EFFECT
17.1 This policy will come into effect on the date of signature of the CEO and shall remain in effect until it is reviewed by the Company.
17.2 The Company shall be entitled to amend or change the policy at its sole discretion.
Summary
The purpose of this policy is to set out Wits Health Consortium (Pty) Ltd (“WHC”) plan of action for the
processing of personal information. This policy describes the principles governing our processing of personal data and records our
compliance strategy regarding personal data.
Full policy
1. PURPOSE
1.1. The purpose of this policy is to set out Wits Health Consortium (Pty) Ltd (“WHC”) plan of action for the processing of personal information.
1.2. This policy describes the principles governing our processing of personal data and records our compliance strategy regarding personal data.
2. SCOPE
2.1. References to WHC will include each of WHC’s divisions and be applicable to personal information processed by WHC and its divisions as provided for herein.
2.2. This policy applies to all personal data processed during our business and to all persons employed or engaged by us who process personal data, including all employees past and present, prospective employees and job applicants, temporary employees, directors, consultants, contractors and trainees.
2.3. This policy must be read in conjunction with any of our other compliance policies and adds specific elements regarding our data protection compliance strategy.
3. DEFINITIONS
3.1. “Data subject” means the person to whom personal information relates.
3.2. “Direct marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:
3.2.1.promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
3.2.2.requesting the data subject to make a donation of any kind for any reason.
3.3. “Personal information or data” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
3.3.1.information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
3.3.2.information relating to the education or the medical, financial, criminal or employment history of the person;
3.3.3.any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
3.3.4.the biometric information of the person;
3.3.5.the personal opinions, views or preferences of the person;
3.3.6.correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
3.3.7.the views or opinions of another individual about the person; and
3.3.8.the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
3.4. “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
3.4.1.the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
3.4.2.dissemination by means of transmission, distribution or making available in any other form; or
3.4.3.merging, linking, as well as restriction, degradation, erasure or destruction of information;
3.5. “Record” means any recorded information
3.5.1.regardless of form or medium, including any of the following:
3.5.1.1. Writing on any material;
3.5.1.2. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
3.5.1.3. label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
3.5.1.4. book, map, plan, graph or drawing;
3.5.1.5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
3.5.2.in the possession or under the control of a responsible party;
3.5.3.whether or not it was created by a responsible party; and
3.5.4.regardless of when it came into existence
4. DATA PROTECTION LAWS
4.1. We are committed to protecting and respecting the privacy of our data subjects in accordance with:
4.1.1.The Protection of Personal Information Act, 4 of 2013 (POPIA), its amendments and Regulations.
4.2. The data protection laws that may be applicable to our Funders, Sponsors and relevant third parties whom we may contract with, for example:
4.2.1.1. General Data Protection Regulation 2016/679 (European Union);
4.2.1.2. Health Insurance Portability and Accountability Act of 1996 (United States);
4.2.1.3. The Data Protection Act 2018 (United Kingdom).
4.3. Where we are also required to comply with any other foreign or local data protection laws, we will ensure that due compliance is exercised.
5. DATA PROTECTION REQUIREMENTS
5.1. In applying the relevant data protection laws, we will ensure that we:
5.1.1.enable data subject rights;
5.1.2.adhere to our data protection obligations as controller or processor; and
5.1.3.apply the data protection principles.
5.2. In terms of data subject rights, we will ensure that our data subjects can:
5.2.1.know when and why we process their personal data;
5.2.2.request access to their personal data that we process;
5.2.3.object to our processing of their personal data in accordance with Form 1 of the POPIA Regulations attached hereto as Annexure A;
5.2.4.rectify any personal data of theirs that is incorrect in accordance with Form 2 of the POPIA Regulations attached hereto as Annexure B;
5.2.5.erase their personal data from our systems, where required in accordance with Form 2 of the POPIA Regulations attached hereto as Annexure B;
5.2.6.restrict our processing of their personal data, where required;
5.2.7.transfer their personal data from us to another controller in a structured and accessible format;
5.2.8.be protected from us making automated decisions about them.
5.3. In terms of our obligations as controller, we will ensure that we:
5.3.1.implement appropriate and reasonable technical and organisational measures to protect personal data, which is also addressed in our Information Security Management Policy;
5.3.2.control our processors through a written contract, which is also addressed in our Supplier Security Management Policy;
5.3.3.keep records of our processing activities;
5.3.4.co-operate with the relevant data protection authorities;
5.3.5.conduct data protection impact assessments, where required;
5.3.6.consult with the relevant data protection authorities, where required.
5.4. In terms of our obligations as processor, we will ensure that we:
5.4.1.enter into a contract with the relevant controller;
5.4.2.appoint sub-processors only with the controller’s written authorisation;
5.4.3.process personal data only on the instructions of the controller;
5.4.4.keep records of our processing activities done on behalf of the controller;
5.4.5.inform the relevant data protection authorities of irregularities, where required.
5.5. In terms of the data protection principles, we will ensure that we process personal data:
5.5.1.lawfully, fairly and transparently;
5.5.2.only for a specific purpose that is explicit and legitimate;
5.5.3.only as necessary for that purpose;
5.5.4.accurately, and is kept up to date;
5.5.5.for no longer than necessary to achieve the purpose; and
5.5.6.securely.
6. CODES AND STANDARDS
6.1. We take guidance from the following codes and standards:
6.1.1.King IV (corporate governance)
6.1.2.Good Clinical Practice
6.1.3.ISO 27000 Series
7. COMPLIANCE STRATEGY
7.1. This policy sets out our compliance strategy for data protection specifically.
7.2. Our compliance strategy is to do what is reasonably practicable to comply with those aspects of data protection that apply to our business, under the applicable data protection law.
7.3. We have identified the following areas as being key priorities in our compliance efforts:
7.3.1.monitoring and applying our data protection activities consistently across our divisions and projects;
7.3.2.adopting compliance management software at a group level;
7.3.3.adopting privacy by design and by default at a group and project level;
7.3.4.managing our data processor relationships efficiently; and
7.3.5.digitising our data processing activities where possible.
8. GOVERNANCE OF DATA PROTECTION
8.1. We will appoint an Information Officer.
8.2. We will appoint and maintain an Information Officer for the Consortium, and if necessary, colleagues from the different departments and divisions will assist the Information Officer with its responsibilities. The Data Protection Officer / Information Officer is responsible for:
8.2.1.promoting compliance with data protection law within the entity;
8.2.2.ensuring awareness of data protection law within the entity;
8.2.3.managing and responding to data subject access requests;
8.2.4.managing and responding to data breaches or incidents;
8.2.5.assisting the relevant data protection authorities with their investigations;
8.2.6.developing, implementing and monitoring the compliance framework within the entity.
8.3. The Data Protection Officer / Information Officer will report to Alfred Farrell.
9. POLICY RESPONSIBILITY AND ADMINISTRATION
9.1. The Information Officer is responsible for overseeing data protection at Wits Health Consortium. They are responsible for ensuring that the policy is effective and relevant. Their contact information is:
|
Name |
|
Phone |
|
Alfred Farrell |
ceo@witshealth.co.za |
011 274 9200 |
|
Adel Venter |
popia@witshealth.co.za |
011 274 9200 |
10. ACCEPTANCE AND CHANGES
10.1. You may not apply for a job or continue to work for us if you do not accept this policy or any changes to it.
10.2. We may change this policy and will notify you of the changes on our website, in a letter of appointment, personnel handbook or by email. The changed policy applies to you if you continue to work for us following the notification.
11. CONSENT
11.1. You consent to WHC collecting, using, disclosing and storing your personal information for this policy and any other purposes set out or implied when you provide the relevant personal information unless you inform otherwise. Where your consent is needed to collect, use, disclose, or store your personal information, you may withdraw it at any time, subject to legal or contractual restrictions and reasonable notice.
11.2. Your consent is not always required to collect, use, disclose, or store your personal information. In some instances, the law allows for this if there is a legitimate and lawful basis for processing.
12. COLLECTION
12.1. Direct and indirect. Personal information is generally collected directly from you where possible. However, it may sometimes be collected indirectly through third parties. WHC will comply with the relevant laws for indirect collection where necessary. Practically speaking, your permission may not be required before doing so. In those circumstance, information may be collected without your knowledge and consent. However, we will ensure that third parties have the right to provide your personal information when requested.
12.2. Automatically. Some of your personal information is collected automatically when you use WHC’s:
12.2.1. personnel portal – any website where interaction with current or prospective personnel may collect your IP address, browser details, and usage information to correctly display the portal, track your activities on it, or other necessary purposes;
12.2.2. IT equipment – including computers, printers, and any other hardware necessary to do your work; and
12.2.3. IT infrastructure – the entire organised system of IT structures, facilities, and components needed for the operation of our organisation, including data, computer networks, intranets and software.
12.3. On submission. You may be asked to provide your identifying information when you submit other information to the organisation, such as through paper forms or online user interfaces.
12.4. Voluntarily. You may be asked to provide certain optional information voluntarily.
12.5. Consent to collection. Your consent to collect your personal information will be obtained as required under applicable law when you provide it.
12.6. Purpose for collection. The information you provide may be processed for the purposes that indicated when you agreed to provide it. Processing includes gathering your personal information, disclosing it, and combining it with other personal information. Please note your personal information is not used to profile you.
13. USE
13.1. Processing. WHC may process your personal information to fulfil our obligations to you as your employer or prospective employer, client (where you are a contractor) and third parties, including to:
13.1.1. start, maintain, and end your personnel relationship with us;
13.1.2. decide whether you are eligible for another role or position;
13.1.3. verify your references and qualifications;
13.1.4. pay your remuneration;
13.1.5. administer your benefits or incentives;
13.1.6. process work-related claims, such as workmen’s compensation or insurance claims;
13.1.7. provide personnel training or wellness initiatives;
13.1.8. review your performance;
13.1.9. work out whether you are qualified for a particular job or task;
13.1.10. gather evidence for disciplinary actions or dismissal;
13.1.11. compile next-of-kin contact information in the case of emergencies
13.1.12. personnel communication platforms (e.g., WhatsApp groups);
13.1.13. comply with labour law;
13.1.14. reporting requirements imposed on us by law;
13.1.15. compile a directory of personnel;
13.1.16. authenticate personnel and for security purposes;
13.1.17. audit either internally or externally;
13.1.18. ensure that the entity generally keeps personal information secure; and
13.1.19. achieve anything else that is reasonably required.
13.2. Messages. Your identifying information may be used to send you administrative and update notices about the personnel portal or our personnel relationship with you.
14. DISCLOSURE
14.1. Sharing. Your personal information may be shared with third parties to fulfil our obligations to you as your employer or prospective employer, the government, and other third parties, including with:
14.1.1. other companies or divisions within our field;
14.1.2. our contractors who help administer our personnel relationship with you; or
14.1.3. third parties as required by applicable law
14.2. Analytical purposes. Aggregate statistical information derived from your and other personnel’s personal information for analytical purposes may be disclosed.
14.3. Personnel. Your personal information may be disclosed to our personnel so that they can perform their jobs. But will not do so unnecessarily. Personnel will be required to treat your personal information as confidential and to conform to the standards set out in this policy.
14.4. Change of ownership. Rights to the personal information we process may be assigned to the new owners if ownership changes for any reason.
15. STORAGE
15.1. Accuracy. The personal information that is collected is as accurate, complete, and up to date as is necessary for the purposes defined in or implied from this policy.
15.2. Participation. You may be required to update your personal information with the relevant department or give you a way to review it, such as through the personnel portal or by emailing or phoning the appropriate department. When doing so, the necessary steps will be taken to verify your identity to prevent unauthorised access
15.3. Retention. Your personal information will be kept for as long as it is necessary to fulfil our obligations to you unless you have given permission to keep it longer or it is otherwise legally allowed to do so. Information (including documents and emails) generated by you will be retained on our systems. Only authorised personnel can access your retained information, which may contain personal information.
16. IMPLEMENTATION AND EFFECT
16.1. This policy will come into effect on the date of signature of the CEO and shall remain in effect until it is reviewed by the Company.
16.2. The Company shall be entitled to amend or change the policy at its sole discretion.