Signed in as:
filler@godaddy.com
Signed in as:
filler@godaddy.com
1. PREAMBLE
1.1 Lemonaide is committed to protecting all persons’ privacy and recognizes that it needs to comply with statutory requirements whenever it collects, processes and distributes personal information. The Constitution of the Republic of South Africa provides that everyone has the right to privacy and the Protection of Personal Information Act 4 of 2013 enforces the right to protection against unlawful collection, retention, dissemination and use of personal information.
1.2 Lemonaide is established as an Information Technology entity offering specialist solutions to institutions registered with regulatory bodies. To this end, Lemonaide finds itself satisfying the definition of Regulatory Technology (RegTech), offering related services to its client base. In order to perform its functions, Lemonaide needs to process personal information about all persons, both natural and juristic, who are subject to a CDD by its clients, and on persons, both natural and juristic, with which it deals and interacts with from time to time. There are various reasons why Lemonaide may need to process such information, the primary reason being the need to supply reliable, accurate, trustworthy public data referenced to source, in terms of AML and TF legislation – both local and international. The secondary need is for monitoring of performance, health and safety of employees, contractors and other stakeholders. Lemonaide may also be obligated by Law, suppliers, clients or regulatory bodies to process such information for reporting, audit trail or other purposes on an ongoing basis.
1.3 Lemonaide strives to offer comprehensive veracity information to its market for prescribed purposes, balancing the right to privacy with other competing rights, such as the right to access to information and the free flow of information.
2.1 The purpose of this policy is to formalize Lemonaide’s commitment to safeguarding personal information it carries of all persons, including juristic persons. Lemonaide further commits to safeguarding personal information of all persons, including juristic persons with whom it interacts and to ensure that Lemonaide and its employees comply with the requirements imposed by the Protection of Personal Information Act 4 of 2013.
2.2 Without limiting the generality of the aforementioned purpose, the further purposes are to:
2.2.1 establish a policy that will provide direction with respect to the manner of compliance with the Protection of Personal Information Act 4 of 2013;
2.2.2 give effect to the right to privacy and at the same time balance the right to privacy against other rights such as the right to access to information, and to protect important interests such as the free flow of information;
2.2.3 regulate the manner in which personal information may be processed
2.2.4 Establish measures to ensure respect for and to promote, enforce and fulfil the rights protected.
3.1 This policy has stakeholder-wide application.
3.2 This policy applies to personal information collected by Lemonaide in connection with the services it offers. This includes information collected online through websites, offline through research conducted by our data researchers, journals and periodicals, branded pages on third party platforms and applications accessed or used through such websites or third-party platforms which are operated by or on behalf of Lemonaide. This policy is hereby incorporated into and forms part of the terms and conditions of use of Lemonaide sites.
3.3 This policy applies to personal information collected from vendors of publicly-sourced data such as conduits of company registration information, home affairs data and similar packets of data,
3.4 This policy applies to personal information collected from vendors of datasets contained within consumer profiles, such as addresses, familial relations, judgments, adverse media and other data required to corroborate personal information during the conduct of a CDD.
3.5 This policy does not apply to:
3.5.1 information collected by third party websites, platforms and/or applications (“Third Party Sites”) which we do not control;
3.5.2 information collected by Third Party Sites which you access via links Lemonaide sites; or
3.5.3 banners, sweepstakes and other advertisements or promotions on Third Party Sites that we may sponsor or participate in.
4.1 “Act” means the Protection of Personal Information Act 4 of 2014.
4.2 “AI” means Accountable Institution/s as defined in Schedule 1 of the FIC Act
4.3 “CDD” means Customer Due Diligence as defined in Guidance Note 7 issued by the FIC
4.4 “Consent” means any voluntary, specific and informed expression agreeing to the processing of personal information.
4.5 “Data Subject” means the person to whom the personal information relates and in relation to Lemonaide, data subject would include digital footprint profiles, employees, clients and their customers, vendors and their customers, resellers and their customers, visitors and any other individual with whom Lemonaide may interact from time to time, whether or not such person is a natural person or a juristic person.
4.6 “De-identify” in relation to personal information of a data subject means to delete information that –
(a) identifies the data subject;
(b) can be used or manipulated by a reasonably foreseeable method to identify the data subject; or
(c) can be linked by a reasonable foreseeable method or other information that identifies a data subject,
and “de-identified” has a corresponding meaning”.
4.7 “Digital Footprint” means Lemonaide’s accumulation, collation, compilation, aggregation and researched electronic data/information footprint on a Data Subject, Private Body and Public Body sourced as Public Data. Data is sourced from multiple sources, across time, referenced as to source and relates to depth, breadth and quality of electronic information.
4.8 “FIC” means Financial Intelligence Centre
4.9 “GN7” means Guidance Note 7 issued by the FIC in collaboration with the National Treasury, South African Reserve Bank and Financial Services Board. Applicable to all registered AI’s and RI’s on the implementation of various aspects of the Financial Intelligence Centre Act, 2001 (Act 38 of 2001)
4.10 “Lemonaide” means Lemonaide, which includes its operations, subsidiaries, affiliates, sub-contractors and employees.
4.11 “Open Data” means any piece of data or content that is free to access, use, reuse and redistribute and includes information that has been published on government-sanctioned portals. Open data in the government-sanctioned context can be accessed on a free or paid-for basis.
4.12 “PAIA” means the Promotion of Access to Information Act.
4.13 “Personal Information” means any information that could be used to identify a data subject and includes -
(a) Race, gender, sex, pregnancy, marital status, national or ethnic origin, color, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language, birth.
(b) Education, medical history, financial history, criminal history, employment history.
(c) Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to a person (such as postal address).
(d) Biometric information, including physical, psychological or behavioral characterization including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
(e) Opinions, views, preferences of the dada subject and opinions or views of another person about the data subject.
(f) Correspondence.
(g) Name.
4.14 “Person” means a natural or juristic person
4.15 “Policy” means this Privacy and Protection of Personal Information Policy.
4.16 “POPI” means the Protection of Personal Information Act.
4.17 “Private Body” means
(a) a natural person who carries or has carried on any trade, business or
profession, but only in such capacity,
(b) a partnership which carries or has carried on any trade, business or profession, or
(c) any former or existing juristic person, but excludes a public body
4.18 “Processing” as it relates to processing of personal information means any operation or activity, whether or not by automatic means, including:
(a) collecting, receipt, recording, organising, collation, storage, updating, modification, retrieval,alteration, consultation or use;
(b) dissemination by means of transmission, distribution, or making available in any form;
(c) merging, linking, degrading, erasure or destruction.
4.19 “Public Body” means
(a) any department of state or administration in the national or provincial sphere of government, or
(b) any other functionary or institution, when:
• exercising a power or performing duty in terms of the Constitution: or
• exercising a public power or performing a public function in terms of any legislation
4.20 “Public Data” means information that is freely available on the web and includes Open Data.
4.21 “Public Record” means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body
4.22 “Record” means any recorded personal information, regardless of its form or medium, including any
(a) Writing on any material
(b) Information produced, recorded or stored by means of any recording device, computer equipment, whether hardware or software or both, and any material subsequently derived from information so produced, recorded or stored;
(c) label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
(d) book, map, graph, plan or drawing;
(e) photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced
(f) in the possession or under the control of a responsible party,
(g) irrespective of whether it has been created by the responsible party or not, and
(h) regardless of when it came into existence.
4.23 “RegTech” means Regulatory Technology; the application of new technologies to help banks and other financial/reporting institutions meet regulatory monitoring, reporting, compliance and risk management challenges. RegTech helps firms effectively manage regulatory compliance and cut compliance- related costs.
4.24 “Responsible party” means, Lemonaide, who engages in the act of processing personal information.
4.25 “RI” means Reporting Institution/s as defined in Schedule 3 of the FIC Act
4.23 “Special Personal Information” means any information that could be used to identify a data subject and includes -
(a) Religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, DNA, sexual life and criminal behavior.
(b) The criminal behavior of a data subject to the extent that such information relates to:
• The alleged commission by a data subject of any offence; or
• Any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings
(c) Personal information concerning a child.
4.24 “Unique Identifiers” means any identifier that is assigned to a data subject and is used by the responsible party and that uniquely identifies that data subject in relation to the responsible party.
5.1 Lemonaide respects a data subject’s right to have his, her or its personal information
processed lawfully.
5.2 Data subjects have the right to:
5.2.1 Be notified that personal information about him, her or it is being collected or that his, her or its personal information has been accessed or acquired by an unauthorized person
5.2.2 to establish whether Lemonaide holds personal information of that data subject and to request access thereto;
5.2.3 to request, where necessary, the correction, destruction or deletion of his, her or its personal information;
5.2.4 to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information;
5.2.5 to object to the processing of his, her or its personal information at any time for purposes of direct marketing;
5.2.6 not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of his, her or its personal information intended to provide a profile of such person;
5.2.7 to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information;
5.2.8 to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information.
6.1 Lemonaide processes personal information lawfully and in a reasonable manner that does not infringe the privacy of the data subject.
7.1 Only information which is necessary for the specific purpose for which it is collected, is processed.
7.2 Information which is collected is adequate, relevant and not excessive.
7.3 Information is collected in a manner which does not infringe the rights of the data subject.
8.1 Lemonaide processes personal information with the implied consent of the data
subject or a competent person where the data subject is a child.
8.2 Lemonaide processes personal information without express written consent, if:
8.2.1 processing is necessary to carry out actions for the conclusion or performance of a contract/relationship to which the data subject is party;
8.2.2 processing complies with an obligation imposed by law;
8.2.3 processing protects a legitimate interest of the data subject;
8.2.4 processing is necessary for the proper performance of a public law duty; or
8.2.5 processing is necessary for pursuing the legitimate interests of Lemonaide or of a third party to whom the information is supplied.
8.3 The data subject or competent person may withdraw his, her or its consent, at any time: Provided that the lawfulness of the processing of personal information before such withdrawal or the processing of personal information will not be affected.
8.4 A data subject may object, at any time, to the processing of personal information in the prescribed manner, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
8.5 If a data subject has objected to the processing of personal information Lemonaide no longer processes the personal information subject to clause 8.2
9.1 Lemonaide does not collect personal information from the data subject directly, except as otherwise provided for below.
9.2 Lemonaide collects personal information from other sources other than the data subject directly if:
9.2.1 the information is contained in or derived from a public record or has deliberately been made public by the data subject;
9.2.2 the data subject or a competent person where the data subject is a child has consented to the collection of the information from another source;
9.2.3 collection of the information from another source would not prejudice a legitimate interest of the data subject;
9.3 collection of the information from another source is necessary:
9.3.1.1 to avoid prejudice to the maintenance of the law by Lemonaide, including the prevention, detection, investigation, prosecution and
punishment of offences;
9.3.1.2 to comply with an obligation imposed by law or to enforce legislation;
9.3.1.3 for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated;
9.3.1.4 in the interests of national security; or
9.3.1.5 to maintain the legitimate interests of Lemonaide or of a third party to whom the information is supplied;
9.4 compliance would prejudice a lawful purpose of the collection; or
9.5 compliance isn’t reasonably practicable in the circumstances of the particular case
10.1 Lemonaide collects personal information for a specific, explicitly defined and lawful purpose related to a function or activity of Lemonaide.
10.2 Lemonaide takes steps to ensure that the users of the data subject information are aware of the purpose of the collection of the information.
11.1 Lemonaide does not retain records of personal information any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless:
11.1.1 retention of the record is required or authorised by law;
11.1.2 Lemonaide reasonably requires the record for lawful purposes related to its functions or activities;
11.1.3 retention of the record is required by a contract between the parties thereto; or
11.1.4 the data subject or a competent person where the data subject is a child has consented to the retention of the record.
11.2 Records of personal information may be retained for periods in excess of those contemplated 11.1 for historical, statistical or research purposes and Lemonaide ensures appropriate safeguards against the records being used for any other purposes.
11.3 Whenever Lemonaide uses a record of personal information of a data subject to make
a decision about the data subject, Lemonaide:
11.3.1 retains the record for such period as may be required or prescribed by law or retains the record for a period which affords the data subject a reasonable opportunity, taking all considerations relating to the use of the personal information into account, to request access to the record.
11.4 Lemonaide destroys or deletes a record of personal information or de-identify it as soon as reasonably practicable after Lemonaide is no longer authorised to retain the record.
11.5 The destruction or deletion of a record of personal information is done in a manner that prevents its reconstruction in an intelligible form.
11.6 Lemonaide restricts processing of personal information if:
11.6.1 its accuracy is contested by the data subject, for a period enabling the responsible party to verify the accuracy of the information;
11.6.2 Lemonaide no longer needs the personal information for achieving the purpose for which the information was collected or subsequently processed, but it has to be maintained for purposes of proof;
11.6.3 the processing is unlawful and the data subject opposes its destruction or deletion and requests the restriction of its use instead; or
11.6.4 the data subject requests to transmit the personal data into another automated processing system.
12.1 Further processing of personal information is done in accordance or compatible with the purpose for which it was collected initially.
12.2 To assess whether further processing is compatible with the purpose of collection, Lemonaide takes account of:
12.2.1 the relationship between the purpose of the intended further processing and the purpose for which the information has been collected;
12.2.2 the nature of the information concerned;
12.2.3 the consequences of the intended further processing for the data subject;
12.2.4 the manner in which the information has been collected; and
12.2.5 any contractual rights and obligations between Lemonaide and the data
subject.
12.3 The further processing of personal information is not incompatible with the purpose of collection if:
12.3.1 the data subject or a competent person where the data subject is a child has consented to the further processing of the information;
12.3.2 the information is available in or derived from a public record or has deliberately been made public by the data subject;
12.3.3 further processing is necessary:
12.3.3.1 to avoid prejudice to the maintenance of the law by any public body including the prevention, detection, investigation, prosecution and punishment of offences;
12.3.3.2 to comply with an obligation imposed by law;
12.3.3.3 for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated; or
12.3.3.4 in the interests of national security;
12.3.4 the further processing of the information is necessary to prevent or mitigate a serious and imminent threat to:
12.3.4.1 abuse of the country’s financial systems
12.3.4.2 abuse of the global financial systems
12.3.4.3 legitimizing proceeds of crime
12.3.4.4 public health or public safety; or
12.3.4.5 the life or health of the data subject or another individual;
12.3.4.6 the information is used for historical, statistical or research purposes and Lemonaide ensures that the further processing is carried out solely for such purposes and will not be published in an identifiable form; or
12.3.4.7 the processing is exempted by the Protection of Personal Information Act 4 of 2013.
13.1 Lemonaide takes reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary, having regard to the purpose for which personal information is collected or further processed.
14.1 Whenever Lemonaide collects personal information it takes reasonably practicable steps to ensure that the data subject is aware of:
14.1.1 the information being collected and where the information is not collected from the data subject, the source from which it is collected;
14.1.2 the name and address of Lemonaide’s Information Officer;
14.1.3 the purpose for which the information is being collected;
14.1.4 whether or not the supply of the information by that data subject is voluntary or mandatory;
14.1.5 the consequences of failure to provide the information;
14.1.6 any particular law authorising or requiring the collection of the information;
14.1.7 the fact that, where applicable, Lemonaide intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;
14.1.8 any further information such as the:
14.1.8.1 recipient or category of recipients of the information;
14.1.8.2 nature or category of the information;
14.1.8.3 existence of the right of access to and the right to rectify the information collected;
14.1.8.4 the existence of the right to object to the processing of personal information; and
14.1.8.5 right to lodge a complaint to the Information Regulator and the contact details of the Information Regulator.
14.2 The steps referred to in 14.1 is taken:
14.2.1 if the personal information is collected directly from the data subject, before the information is collected, unless the data subject is already aware of the information referred to in that subsection; or
14.2.2 in any other case, before the information is collected or as soon as reasonably practicable after it has been collected.
14.3 Lemonaide does need not comply with 14.1 if:
14.3.1 the data subject or a competent person where the data subject is a child has
provided consent for the non-compliance;
14.3.2 non-compliance would not prejudice the legitimate interests of the data subject;
14.3.3 non-compliance is necessary:
14.3.3.1 to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
14.3.3.2 to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997 (Act No. 34 of 1997);
14.3.3.4 for the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or
14.3.3.5 in the interests of national security;
14.3.4 compliance would prejudice a lawful purpose of the collection;
14.3.5 compliance is not reasonably practicable in the circumstances of the particular case; or
14.3.6 the information will:
14.3.6.1 not be used in a form in which the data subject may be identified; or
14.3.6.2 be used for historical, statistical or research purposes.
15.1 Lemonaide aims and strives to secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent:
15.1.1 loss of, damage to or unauthorised destruction of personal information; and
15.1.2 unlawful access to or processing of personal information.
15.2 It is the objective of Lemonaide to take reasonable measures to:
15.2.1 identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
15.2.2 establish and maintain appropriate safeguards against the risks identified;
15.2.3 regularly verify that the safeguards are effectively implemented; and
15.2.4 ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
16. Anyone processing personal information on behalf of Lemonaide:
16.1 processes such information only with the knowledge or authorisation of Lemonaide; and
16.2 treat personal information which comes to their knowledge as confidential and must not disclose it, unless required by law or in the course of the proper performance of their duties.
17. Lemonaide ensures, by way of written contracts between Lemonaide and an operator, that the operator which processes personal information for Lemonaide establishes and maintains the sufficient and proper security measures as required by the Act.
18.1 Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, Lemonaide notifies the Regulator and the data subject - unless the identity of such data subject cannot be established - as soon as reasonably possible after the discovery of the compromise, taking into account the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of the responsible party’s information system.
18.2 Lemonaide only delays notification of the data subject if a public body responsible for the prevention, detection or investigation of offences or the Regulator determines that notification will impede a criminal investigation by the public body concerned.
18.3 Lemonaide notifies the data subject by way of written notification:
18.3.1 Mailed to the data subject’s last known physical or postal address;
18.3.2 sent by e-mail to the data subject’s last known e-mail address;
18.3.3 placed in a prominent position on the website of the responsible party;
18.3.4 published in the news media; or
18.3.5 as may be directed by the Regulator.
18.4 The notification provides sufficient information to allow the data subject to take protective measures against the potential consequences of the compromise,
including:
18.4.1 a description of the possible consequences of the security compromise;
18.4.2 a description of the measures that the responsible party intends to take or has taken to address the security compromise;
18.4.3 a recommendation with regard to the measures to be taken by the data subject to mitigate the possible adverse effects of the security compromise; and
18.4.4 if known to Lemonaide, the identity of the unauthorised person who may have accessed or acquired the personal information.
19.1 A data subject, having provided adequate proof of identity, has the right to:
19.1.1 request Lemonaide to confirm, free of charge, whether or not Lemonaide holds personal information about the data subject; and
19.1.2 request from Lemonaide the record or a description of the personal information about the data subject held by Lemonaide, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information;
19.2 Lemonaide issues the record to the data subject:
19.2.1 within a reasonable time;
19.2.2 at a prescribed fee, if any, together with the written estimate of the fee before providing the services;
19.2.3 in a reasonable manner and format; and
19.2.4 in a form that is generally understandable.
20.1 A data subject may, in the prescribed manner, request Lemonaide to:
20.1.1 correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
20.1.2 destroy or delete a record of personal information about the data subject that Lemonaide is no longer authorised to retain.
20.2 On receipt of a request Lemonaide, as soon as reasonably practicable:
20.2.1 corrects the information;
20.2.2 destroys or deletes the information;
20.2.3 provide the data subject, with credible evidence in support of the information; or
20.2.4 where agreement cannot be reached between Lemonaide and the data subject, and if the data subject so requests, take such steps as are reasonable in the circumstances, to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.
21.1 Lemonaide, subject to 22.1 to 22.5, does not process special personal information concerning:
21.1.1 the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
21.1.2 the criminal behaviour of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence; or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
22. Lemonaide, processes special personal information if/when:
22.1 processing is carried out with the consent of a data subject;
22.2 processing is necessary for the establishment, exercise or defence of a right or obligation in law;
22.3 processing is necessaryto comply with an obligation of international public law;
22.4 processing is for historical, statistical or research purposes to the extent that the purpose serves a public interest and the processing is necessary for the purpose concerned; or it appears to be impossible or would involve a disproportionate effort to ask for consent, and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the data subject to a disproportionate extent;
22.5 information has deliberately been made public by the data subject.
22.6 Information is part of public data
23.1 Lemonaide processes personal information of children:
23.1.1 with the prior consent of a competent person;
23.1.2 where it is necessary for the establishment, exercise or defence of a right or obligation in law;
23.1.3 where it is necessary to comply with an obligation of international public law;
23.1.4 where it is necessary for historical, statistical or research purposes to the extent that the purpose serves a public interest and the processing is necessary for the purpose concerned; or it appears to be impossible or would involve a disproportionate effort to ask for consent, and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the child to a disproportionate extent; or
23.1.5 which has deliberately been made public by the child with the consent of a competent person.
23.1.6 Information is part of a network which poses an AML/TF or similar legislation threat to the global financial system
24.1 Lemonaide does not transfer personal information about a data subject to a third party who is in a foreign country unless:
24.1.1 the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person; and includes provisions, that are substantially similar to this section, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country;
24.1.2 the data subject consents to the transfer;
24.1.3 the transfer is necessary for the performance of a contract between the data subject and Lemonaide, or for the implementation of pre-contractual measures taken in response to the data subject’s request;
24.1.4 the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between Lemonaide and a third party; or
24.1.5 the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject to that transfer; and if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
CONSENT TO ACCESS PERSONAL INFORMATION
in respect of
…
A. USE OF PERSONAL INFORMATION
1. Lemonaide is committed to protecting the data subject’s privacy and recognises that it needs to comply with statutory requirements in collecting, processing and distributing of personal information. The Constitution of the Republic of South Africa provides that everyone has the right to privacy and the Act includes the right to protection against unlawful collection, retention, dissemination and use of personal information. In terms of section 18 of the Act, if personal information is collected, Lemonaide, as responsible party, must take reasonably practical steps to ensure that the data subject is made aware of the information being collected. Lemonaide acts as a reliable and independent third-party source with access to the original source of information. It is therefore the responsibility of the AI/RI to obtain the necessary consents to process personal information where applicable by the respective legislation.
2. In accordance with the Act, Lemonaide hereby provides the following information:
2.1
Type of Information:
Digital Footprint, in whole or in part
2.2
Nature/category of Information:
Public data – based on a data subject’s electronic footprint
2.3
Purpose:
Corroboration of personal information as required to support the Financial Intelligence Centre Act, 2001 (Act No. 38 of
2001)
2.4
Source:
Open data, public data and source data
2.5
Lemonaide details (Responsible party):
The Information Officer Mr. Luis Casaleiro
42 Cheyne Road Aldara Park Randburg
Email: luis@lemonaide.co.za
2.6
Voluntary/Mandatory:
Mandatory
2.7
Legal Requirement:
The FIC Act
2.8
Contractual Requirement:
:
2.10
Cross border transfer:
2.11
Recipients of personal information:
2.12
Access and right to amend:
The data subject has the right to access and amend his/her personal information at any reasonable time.
2.13
Right to object:
The data subject is entitled to object to the use of information. However, such objection may lead to
2.14
Complaints:
All complaints regarding the use of personal information may be directed to the Information Regulator.
B. CONSENT
3. The data subject, or a competent person as the case may be, hereby consents to the use of the data subject’s personal information contained herein and confirms that:
3.1 the information is supplied voluntarily, without undue influence from any party and not under any duress;
3.2 the information which is supplied herewith is mandatory for the purposes specified.
4. The data subject acknowledges that he/she is aware thereof that he/she has the following rights with regard to such personal information which is hereby collected, namely the right to:
4.1 access the information at any reasonable time for purposes of rectification thereof.
4.2 object to the processing of the information in which case this agreement will terminate in accordance with the provisions contained herein.
4.3 lodge a complaint to the Information Regulator.
Copyright © 2022 Lemonaide Risk Bureau - All Rights Reserved.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.