POPIA Privacy Statement
The Small Enterprise Foundation NPC (SEF, we, us, our) processes personal information of clients, employees and other stakeholders in the performance of its ordinary business, using various channels and platforms (website, email, mobile sites and applications, physical forms and management information systems). We treat the personal information collected as private and confidential and are committed to doing this in keeping with our responsibilities under the applicable data protection and privacy laws.
Respecting and protecting the privacy and personal information of our clients, employees and stakeholders is a constitutional right SEF takes seriously. We therefore adhere to good business practice and implement organisational and technical procedures to keep your personal information safe from loss, unauthorised destruction, damage or access to your personal information by unauthorised third parties.
This Privacy Statement and our Cookie Notice (in section J below) applies when you use our authorised channels, platforms and management information systems.
A. Lawful processing of personal information
We process personal information in a manner that upholds the following eight (8) Privacy of Personal Information Act (POPIA) principles:
- Accountability – making sure that personal information is processed in a lawful and responsible manner.
- Processing limitation – collecting personal information for a defined purpose and where applicable, with the consent of clients and third parties.
- Purpose specification – using personal information for the purposes that our clients, third parties and employees expect us to use it for.
- Further processing limitation – where a new purpose for processing personal information is inconsistent with the original purpose/reason we collected personal information, we will make sure that our processing activities meet the requirements of the applicable data protection laws.
- Information quality – reasonable steps taken to ensure accuracy, completeness, up to date and not misleading personal information
- Openness – being open, clear and honest with clients, third parties and employees on how and why we use their personal information and how we protect their personal information
- Security safeguards – applying and following appropriate and reasonable technical and organisational measures to ensure that confidentiality, integrity and availability of personal information are secured; and it is protected against loss, damage, unauthorised destruction or unlawful access.
- Data subject participation – having processes in place for our clients, third parties and employees to access, correct and delete personal information and exercise their rights in terms of applicable data protection laws.
B. Lawful grounds for processing personal information
SEF may process your personal information for a specific and explicitly defined purpose where you, or a competent person in the case of personal information relating to a minor, provide us with your express consent for such processing or where law requires.
In providing employment, obtaining funding, the running of its operations or the provision of our products or services, SEF may enter into a contract with you and may process personal information in the performance of our obligations under that contract.
Compliance with an obligation imposed by law
SEF may be required by laws, regulations, code of professional conduct or order of the courts to collect and process certain personal information about our clients, employees, service provider and stakeholders.
Legitimate interests of SEF
SEF may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms (e.g. for marketing and trend insights, statistical records or analyses, site maintenance, etc.).
C. Consent and authorisation
It is your constitutional right to give express consent for SEF to process your personal information.
By providing us with your Personal Information, you agree to this Statement and authorise SEF to process such information as set out herein. This includes any associated entities or third parties acting on our behalf for the purposes set out in this statement.
You also undertake to only share your personal information over channels and platforms authorised by SEF, and with officials authorised by SEF to receive your personal information and in the prescribed manner.
SEF collects and processes personal information and special personal information as defined in the POPIA from employees, clients, service providers and other stakeholders. This may include, but is not limited to, a person’s name, age, I.D or passport details, biometric data, personal interests, contact details, information on next of kin, personal profile related to business, services or product and current or historic transactional details.
SEF collects personal information using lawful and reasonable means either:
- directly from you, and/or
- from third parties and public sources, only where necessary for the fulfilment of its contractual obligations (e.g. employment references) or where required to by law or regulations impose by government agencies.
The personal information of minors will be collected only where necessary, strictly through their legal guardian or parent. SEF will not intentionally or knowingly collect personal information directly from anyone under the 18 years of age.
E. Business activities for which personal information is processed
- Recruitment and Employment purposes;
- Providing Financial Services and products as per the SEF mission and strategic objectives and client mandates;
- Transacting, administering, managing and developing our businesses and services;
- Security, quality analysis and risk management activities;
- Complying with any requirement of law, regulation or a professional body of which we are a member.
F. Reasons for processing personal information
SEF will use your personal information to:
- Meet our responsibilities to you and to comply with our legal obligations to you (e.g. health and safety requirements while you are on our premises);
- Respond to your queries or complaints;
- Carry out ordinary business operations (e.g. open/ maintain accounts, execute transactions and process invoices, administer claims, manage our risks, to communicate and maintain our overall relationship with you, and for ensuring you are able to access our premises when required);
- Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business, including improving existing and developing new products and services). Consent will not be obtained if we anonymise/de-identify the personal information.
- Tell you about similar services and products available within SEF. If you wish, you may opt out from receiving such information at any time by choosing to “Unsubscribe” electronically on communication that we send to you, or in writing to firstname.lastname@example.org.
- Comply with applicable laws and regulatory requirements related to your relationship with SEF (e.g. labour law, NCA);
- Fulfil requirements by the Information Regulator or other Government agencies, or any legal proceedings or court rulings.
G. Sharing or transfer of personal information
SEF employees will have access to your Personal Information to administer and manage our services and internal business processes. In general, we do not share your Personal Information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.
We may need to share your Personal Information and/or utilise software or online platforms to enter and process your information for business management purposes. This will only be done in strict adherence to the requirements of the Act and in terms of our agreements to ensure that they comply with the privacy requirements of the Act.
Personal information shared outside South African borders or jurisdiction with our stakeholder will be anonymised/de-identified.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of legislation, regulations or industry codes;
- Where we believe it is necessary to protect our rights;
- When explicitly requested/consented by you;
- With professional advisers SEF engages in connection with the running of our business. E.g. law firms, auditors, independent contractors; and/or
- To any court of justice, law enforcement, taxation authorities, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. We may also review and use your personal information to determine whether disclosure is required or permitted.
H. Storing personal information
SEF will store and keep your personal information according to the retention (holding) periods defined by law for legitimate business purposes and will take reasonably practicable steps to make sure that it is kept up to date and deleted and archived according to our defined retention schedules.
I. Your rights
Access to information
You have the right to request a copy of the Personal Information we hold about you. To do this, contact us via the details provided below or on our website and specify what information you require. We will need proof of authorisation or a copy of your ID document to confirm your identity before providing details of your personal information. N.B. access requests may be subject to a payment of a legally allowable fee.
Amendments to your information
You have the right to ask SEF to update, correct or delete your personal information and your preferences for how we contact you. We will require proof of identity and/or authority before making changes to personal information we may hold of you. Please assist in keeping your personal information accurate and up to date.
J. Cookie notice
K. SEF’s right to change this privacy statement
SEF may change this privacy statement from time to time. We will publish all changes on our website. The latest version of our privacy statement will replace all earlier versions, unless it says differently.
L. Get in touch
SEF Information Officers
The SEF Information Officers are responsible for addressing all questions and concerns in relation to your personal information and SEF’s POPIA and PAIA compliance. Please contact us at: email@example.com to:
- report breaches, concerns or complements,
- send queries about privacy and protection of personal information policies and procedures,
- obtain further information about our privacy practices,
- withdraw or modify your consent,
- exercise preferences or
- access or correct your personal information.
Alternatively, call our head office number 015 307 5837 or customer care hotline 087 820 0809.
Our website is https://www.sef.co.za/
The Information Regulator can be contacted as shared below: