AutoSLM and the Protection of Personal Information Act
AutoSLM seeks to comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and the following text sets out our policies and processes in compliance of this Act.
Contract between AutoSLM and its Clients (The Company).
The Operator (AutoSLM) is a service provider to the Company (The Dealership or Subscriber). In the course of rendering the services, the Operator processes Personal Information or as referred to in the POPI Act 4 of 2013, Subject Data; related to customers of the Company.
The Company and the Operator are committed to the protection and promotion of the privacy of Subject Data and to give effect to the constitutional right to privacy and to fulfil the Company’s obligations under POPIA.
To promote compliance in terms of POPIA, the parties hereto record and agree as follows:
The Company is obliged under POPIA to ensure that any third party appointed by it does not infringe on the requirements of the POPI Act 4 of 2013 and that a written agreement is in place between an Operator and the Company.
The Operator is committed to ensuring that it’s conduct is compliant with POPIA for and on behalf of the Company.
The Operator provides the following undertakings to the Company in relation to Subject Data collected during the course of the Operator’s appointment by the Company:
- The Operator is familiar with its obligations under POPIA and has implemented a POPIA Compliance Framework
- All Customer Subject Data will be stored securely
- Customer Subject Data will never be sold or disseminated to any third parties without the prior written consent of the Company.
- Customer Subject Data will only be retained for the duration of the contract terms between The Company and AutoSLM.
- The Operator’s systems that hold Customer Subject Data, whether it be in a data or physical format, have been reviewed to ensure compliance with POPIA. Such review was conducted so as to identify all foreseeable internal and external risks to and steps have been taken to guard against the identified risks.
- Should there be a breach of the confidentiality in relation to Customer Subject Data, the Operator will take all reasonable steps to ensure that the Company is immediately notified.
- The Operator will continuously review and update its POPIA Compliance Framework.
The parties hereto agree to cooperate with each other in good faith, as per their roles and responsibilities so as to ensure that they are compliant with POPIA.