PRIVACY AND POPIA POLICY
INTRODUCTION:
The Institute of Professional Engineering Technologists is an ECSA recognised;
- Voluntary Association – VA A008 Valid from 09 October 2023 to 09 October 2028
- Licensed Body – LB_035/2023 Valid from 14 December 2023 to 14 December 2026
The Institute of Professional Engineering Technologists (IPET, we or us) is committed to the advancement of technologists of all engineering disciplines by representing them and promoting matters affecting them on a national and international basis.
IPET has provided exclusivity in its membership by allowing only Professional Engineering Technologists as full corporate members of the Institute.
IPET is a Voluntary Association, not for gain, using mainly volunteers to do the books, administration work and attendance at the Engineering Council of SA (ECSA). IPET Councillors may elect to be part of various portfolios.
1. WHAT IS POPIA AND IT’S PURPOSE
POPIA or the POPI Act of 2013 came into law on 1 July 2021. The Act is for the protection of personal information processed by public and private organisations or companies and includes Trusts and NGO’s. POPIA applies to all personal information processed in South Africa, irrespective of the location of the data subject.
POPIA is guided by Section 14 of the Constitution of the Republic of South Africa. Everyone has the right to privacy and protection against unauthorised collection, retention, dissemination and use of their personal information.
1.1 POPIA applies to all personal information regardless of what form or medium it is in including Paper, Audio Recordings, Video Recordings, Pictures and social media.
1.2 Any material derived from information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both or other device.
1.3 Capable of being reproduced – photograph, film, negative, tape or another device.
1.4 Processing covers all the different ways, both physical and electronic information.
2. THIS POLICY APPLIES TO
Processing your personal information in any form – whether written, electronic or oral. Processing of personal information includes that of service providers, consultants, members, reviewers, volunteers, council members or any other party/ties who are working on IPET behalf or in IPET name.
IPET is committed to handling personal information responsibly and processing of personal information on a lawful basis to the extent permitted. IPET respect the privacy rights of our current and prospective data subjects and of our relationship with you.
Please contact IPET using the contact details provided above, if you have any questions, complaints or comments about this Policy. Alternative you may reach the IPET Administrator by email on: admin@ipet.org.za
PUBLIC RECORDS AVAILABLE ON IPET WEBSITE: www.ipet.org.za
Website contents
- Home
- Contact details
- Mission statement
- Events & News
- History
- Downloads
- Membership application
- IPET Gala
- Rules and Standards
Link to ECSA’s CPD Rules and Standards
3. ABBREVIATIONS AND ACRONYMS/POPIA-RELATED DEFINITIONS
B-BBEE – Broad Based Black Economic Empowerment.
CPD – Continuing Professional Development.
CONSENT – Expression of will in terms of which permission is given for the processing of personal information voluntary, specific and informed expression.
CONSTITUTION – The Constitution of the Republic of South Africa 1996.
DATA-SUBJECT – The person to whom personal information relates.
DE-IDENTIFY – To delete any information that identifies the data subject, can be manipulated, used or linked to other information or any method to identify the data subject.
DIRECT MARKETING – To approach a data subject either in person, by mail, or electronic communication. Promoting or offering to supply in the ordinary course of business any goods or services to the data subject.
ECSA – Engineering Council of SA. ECSA is a statutory body established in terms of the Engineering Profession Act (EPA) 46 of 2000. ECSA’s primary role is the regulation of the engineering profession in terms of this act.
ELECTRONIC COMMUNICATION – Text, voice, sound, image message sent over a network which is stored or in recipient’s equipment until collected by recipient.
FILING SYSTEM – Any personal information which is accessible according to specific criteria.
IT – Information Technology
INFORMATION OFFICER –
Public body – An information officer or deputy information officer as contemplated in terms of section 1 or 17 of the PAIA Act.
Private body – The head of a private body as contemplated in section 1 of the PAIA Act.
INFORMATION REGULATOR – The Information Regulator (South Africa) is an independent body established in terms of section 39 of the Protection of Personal Information Act 4 of 2013.
PERSON – Natural or Juristic
PAIA – The Promotion of Access to Information Act. No. 2 of 2000.
POPI – The Protection of Personal Information Act no. 4 of 2013.
PRIVATE BODY – A natural person who carries out or who has carried on any trade, business or profession -but only in such profession, OR
A Partnership which carries or who has carried on any trade, business or profession OR
Any former or existing juristic person – excludes a public body.
PROCESSING – Any set of operations, any operation or activity concerning personal information including – Any recorded information. Collections, use, recording, disclosure, receipt, storage, distribution, retrieval, alteration, making available in any other form or merge, link, restrict, degradation, erasure or destruction of information.
PUBLIC BODY – Department of state or administration. National, provincial and local sphere of government. Any functionary or institution who exercise a power or duty in terms of the constitution or provincial constitution. Anyone who performs a public function.
PUBLIC RECORD – An accessible record that is in public domain and which is in the possession of or under the control of a public body whether or not it was created by that public body.
RE-IDENTIFY – To resurrect any information that has been de-identified. Personal information of a data subject that identifies the data subject, can be used or manipulated to identify the data subject or can be linked to other information or any method to identify a data subject.
RESPONSIBLE PARTY – A public or private body or any other person which determine the purpose of and means for processing personal information alone or in conjunction with others.
RECORD/S – Any recorded information regardless of form or medium in the possession or under the control of a responsible party, whether or not it was created by a responsible party and regardless of when it came into existence.
VA – Voluntary Association.
VAT – Value Added Tax – IPET is not a registered VAT Vendor.
4. TYPES OF PERSONAL INFORMATION PER POPIA ACT SECTION 1 DEFINITIONS
4.1 Personal Information – means information relating to an identifiable, living, natural person, and where it is applicable an identifiable, existing juristic person including but not limited to –
4.1.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
4.1.2 Information relating to the education or the medical, financial, criminal or employment history of the person.
4.1.3 Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment of the person.
4.1.4 The biometric information of the person.
4.1.5 The personal opinions, views or preferences of the person.
4.1.6 Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
4.1.7 The views or opinions of another individual about the person.
4.1.8 The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
4.2 Special Personal Information means personal information as referred to in section 26
Subcategory of all Personal Information that is considered SENSITIVE Information – B-BBEE Voluntary disclosure may be needed to comply with requirements.
4.3 Rights and Duties of a Data subject
4.3.1 Right to withdraw consent – Personal information is processed with your consent. Consent may be withdrawn upon request.
4.3.2 Right to restrict – Under certain circumstances.
4.3.3 Right to erasure- under certain circumstances.
Personal information is retained for certain periods as required by law. (Five up to 10 years)
4.3.4 Right to access – You have a right to access your personal information IPET holds about you, to check that personal information is lawfully processed.
4.3.5 Right to Data subject Participation. You have an opportunity to correct or update inaccurate personal information.
4.3.6 Right to access – Right to complain to Data Protection Regulator in your jurisdiction.
FORMS are available at Information Regulator Address Woodmead North Office Park, 54 Maxwell Drive, Woodmead Johannesburg 2191. Telephone 010-0235200 Toll Free 0800017160
General Enquiries enquiries@inforegulator.org.za Alternative contact IPET Administrator for assistance: admin@ipet.org.za Forms are found under the Heading POPIA and PAIA section “forms”
4.4 Duties of a Data subject
4.4.1 Duty to inform IPET of changes to your personal information during your relationship with us.
It is important we hold current and accurate personal information about you.
4.4.2 Duty to adhere to data privacy laws – during our relationship with you.
IPET expect you to at all times adhere to these terms and abide by applicable law.
5. TYPE OF PERSONAL INFORMATION PROCESSED BY IPET, PURPOSE FOR WHICH PERSONAL INFORMATION IS COLLECTED AND WITH WHOM PERSONAL INFORMATION IS SHARED
5.1 Most of the personal information IPET process is information collected from and directly provided by you.
5.2 Other information IPET is able to infer based on information provided to us through interaction with you and supporting documents received.
5.3 Information from third parties.
5.4 Personal information is collected inter alia in the following instances –
5.4.1 In the course of executing IPET statutory functions and to comply with our statutory obligations. Certain information that is mandatory. IPET has to comply and is subject to ECSA Audits.
5.4.2 To enter into written contracts with third party service providers.
5.4.3 Processes related to transactions and services.
5.4.4 Requesting access to information on IPET record and/or where IPET is legally obliged to as part of a contractual agreement and/or to comply with a court order or request from governmental entity.
5.4.5 To identify a data subject.
5.4.6 To send communication about press releases, newsletters, event invitations, workshops, conferences, update social media (Facebook, WhatsApp, LinkedIn), to send electronic messages (SMSs and emails).
5.4.7 Banking details -To process all transactions, payments and refunds.
5.4.8 To respond to inquiries, questions or complaints.
5.4.9 To determine categories, membership levels and fees.
5.4.10 To provide support where needed.
5.5 With whom is personal information shared
IPET will only share personal information to comply with any mandatory, statutory and legal obligation.
6. SCHEDULE OF RECORDS HELD BY IPET
6.1 Administration/ Management/ General
6.1.1 Annual AGM
6.1.2 Meetings and other matters/Minutes
6.1.3 Resolutions/Reports
6.1.4 Newsletters/Communique
6.1.5 Social function photos
6.1.6 Third party service providers
6.1.7 Communication between societies with Engineering Technologists amongst their members and the institute through liaison, consultation and other suitable means.
6.1.8 BEE Certificate
6.1.9 Contracts entered into
6.2 Continuing Professional Development
6.2.1 Reviewers Database – Names, title, ID number, ECSA and IPET registration number if applicable. Physical, postal address, Cell phone number, discipline, alternate contact details.
6.2.2 Service providers and course material submitted for CPD validation.
6.2.3 CV’s and ID of course presenter/s information as provided by service provider.
6.2.4 All correspondence and outcomes.
6.2.5 Mandatory forms and documentation to ECSA.
6.2.6 Course material for CPD Validation is shared with reviewer appointed by IPET.
6.3 Financial
6.3.1 Bank statements
6.3.2 32 Days’ notice deposit statements
6.3.3 Annual audited financial statements
6.3.4 Correspondence with IPET Auditor
6.4 Membership and membership fees
6.4.1 Database Membership – Individual member’s accounts are entered into a separate database. Membership payments are received by EFT or direct deposit into IPET bank account.
6.4.2 Members are asked to email a copy of the deposit slip along with their details to establish whose account has been paid to enable IPET to update the records. Certificates are issued to members whose membership fee have been paid.
6.5 IPET Conferences and Gala Function
6.5.1 IPET annually or date to be determined, awards members at a gala function for their work and contribution to the industry.
6.5.2 IPET presented conferences and workshops – Payments from members and non-members are recorded. Attendance registers are signed and CPD certificates issued to attendees.
7. HOW IS PERSONAL INFORMATION STORED
7.1 Personal information is collected, used and stored on site by IPET volunteers. Membership records are kept on a separate database with physical and electronic access only by Administrator. IPET keeps copies of documents and transactions in electronic and printed format. IPET at all time take necessary precautions to ensure protection of personal information against breakdowns, external access, theft and disaster recovery which could lead to identity theft.
7.2 IPET has a retainer agreement with an IT professional for maintenance of IPET Website.
7.3 CLOUD based service provider (CSP). IPET as a responsible party need to adhere to requirements of POPIA and enter into end user agreements with prospective CSP. CSP must meet their obligations in terms of POPIA act.
7.4 PAYFAST- to comply with the provisions of the Protection of Personal Information Act (POPIA) in its processing and storing of User data in that it obtains permission from data subjects to use their personal information.
8. POTENTIAL LOSS OF PERSONAL INFORMATION
Security measures, method of transmission and electronic storage cannot prevent loss, misuse, or alteration of personal information.
IPET is not responsible for any damages or liabilities to the extent permitted by law. IPET will notify you of any loss, misuse or alteration of personal information that may affect you, in order for you to take the necessary action and steps to protect your rights.
THIS POLICY MAY BE UPDATED FROM TIME TO TIME.