Confidentiality and Privacy Agreement Policy
J. Erasmus, PMO Manager, 22 June 2021
H. J. Buhr, General Manager, 22 June 2021
The purpose of this policy is to outline the pertinence of safeguarding the data of the company, partners and clients and how we expect our employees to treat confidential information. Employees will unavoidably receive and process personal and private information and we want to ensure that this information is well-protected.
1.3. Related Documents
ProjectLink Holdings Business Strategy
Information and Systems Security Policy
Data Governance Policy
ProjectLink Holdings (Pty); Ltd ProjectLink Consulting (Pty) Ltd; ProjectLink Synergy (Pty) Ltd
A process, document, action, or practice that must be adhered to at all times.
A person appointed by ProjectLink in a managerial position to oversee and manage project delivery services. A principal consultant can work independently or may have one or more reports.
A process, document, or action that is a preferred practice but that can be implemented at the discretion of the responsible person.
A mandatory practice in ProjectLink.
A recommended or discretionary practice, but not mandatory.
The keeping private of another person or entity’s information. It applies to the information given to a person or organization under an obligation not to disclose that information to others unless there is a statutory requirement or obligation to do so. Also applies to organizational information which is not to be used or disclosed by board members, permanent or temporary staff, contractors or students without authorisation.
Refers to keeping certain personal information free from public knowledge and to having control over disclosure and use.
Chief Information Officer
The General Manager shall serve as the Chief Information Officer.
Any person that engages with ProjectLink through our website, social media channels, email, phone call or as a current client.
This means all data, system records, information, reports, images and videos that may be held, transmitted, stored or received in ProjectLink’s systems, applications, or in hard copy format.
This means all equipment and devices that connect to the ProjectLink network. Equipment and devices include, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically - stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.
Personal data is any information that relates to an identified or identifiable living individual.
Is information that is entrusted to be kept secret and to not disclosed to any other parties.
2.3. Target Audience
Adherence to this policy is mandatory for all ProjectLink employees.
The following procedures support this policy: None
3. Policy Description
4. Guiding Principles
All personal data shall be dealt with sensitively and within the strictest confidence internally and externally. All personal paper-based and electronic data must be stored per the Protection of Personal Information Act (POPI Act) and must be secured against unauthorised access, accidental disclosure, loss or destruction.
All personal paper-based and electronic data must only be accessible to those individuals authorised to have access.
4.1. Current/Potential Client Confidential and Personal Information
This policy pertains to any current/potential client confidential information and personal data that may be entrusted or disclosed to ProjectLink during the use or potential use of our services. Examples of such information are information that might relate to the client’s business operations or employees. The use of current/potential client confidential and personal information will only be used as needed to perform legitimate duties as a ProjectLink employee and access to this information will only be allowed if it is pertinent to the ProjectLink employee’s duties. In no way shall the information be divulged, implied, copied, released, sold, loaned, reviewed, altered, misused, or destroyed except as properly authorized by ProjectLink.
Any activities by any individual or entity deemed unauthorized, or which may compromise the confidentiality of ProjectLink and ProjectLink’s current/potential clients, shall be reported to management. No ProjectLink employee shall have any legal right or ownership interest in any confidential or personal current/potential client information referred to in this agreement. ProjectLink may at any time revoke any person’s authorisation or access to any current/potential client’s confidential or personal information. This shall apply to all personal, social, medical, operational information or any other confidential and personal information gathered by ProjectLink employees during the execution of their role at ProjectLink. Any current/potential client’s information obtained by ProjectLink employees shall not be shared with any of the employee’s family members, friends, members of the ProjectLink, or personal friends and family unless specified by the client or ProjectLink.
4.2. Current/Potential Employee Confidential and Personal Information
The following information may be collected from current or potential employees of ProjectLink:
- name, birth date, race, gender, disability status, citizenship;
- home address, home telephone number(s), relatives’ names, addresses, and telephone numbers; o employee files;
- Employee information
- o Recruitment documents
- Employment contracts
- Loan agreements
- an employee’s employment status, including leave of absence information, appointment begin and end dates, termination date, termination reason;
- an employee’s payroll information, including salary rates, tax information, withholdings, direct deposit information;
Employee information collected will only be used for the purpose it was collected for.
4.3. Other External Users Confidential and Personal Information
ProjectLink collects external user data through our website, social media platforms, google analytics, google ads, and other social media paid for advertising channels. Only authorized personnel have access to this information. This information is strictly prohibited from being sold or loaned to any third parties.
ProjectLink collects personal information through the following channels:
- Requests that are submitted to ProjectLink by users via forms or email (e.g., contact us forms, research forms, enquiry forms, social media forms).
- User activity on the ProjectLink website.
- Engagement with our paid advertising campaigns.
- Content that users download from the ProjectLink website.
- Direct messaging through ProjectLink or ProjectLink employee social media platforms.
- • User participation in ProjectLink events, competitions, or research.
- User communications and dealings with ProjectLink services.
- User phone calls regarding ProjectLink services.
The following information is collected from the channels above and securely stored on ProjectLink’s systems:
- Job Title
- Email Address
- Phone Number
- Service / products that the user is interested in
- Website activity and engagement
The above-mentioned personal information is collected and used to communicate with the user in regards to the services/products that the user has shown interest in, for future communication regarding other related services/products that the user may be interested in,
for service/product research and development, for ProjectLink related news, and internal sales reporting purposes. We collect user information to optimise our website and communication with users to enhance their experience when dealing with ProjectLink.
If at any time a user wishes for ProjectLink to no longer contact them and for their information to be removed from our Client Relationship Management system, an opt-out email should be sent to email@example.com requesting their information to be removed.
The use of confidential information will only be as and when needed to perform legitimate duties as a ProjectLink employee and access to this information will be pertinent to your duties. In no way shall the information be divulged, implied, copied, released, sold, loaned, reviewed, altered, misused or destroyed except as properly authorized.
Any activities by any individual or entity deemed unauthorized, or which may compromise the confidentiality of the company, partners, and clients, shall be reported to management.
All employees shall have no legal right or ownership interest in any confidential information referred to in this policy. ProjectLink may at any time revoke authorization or access to any information or system.
This requirement shall apply to all personal or any information gathered in the course of the execution of your role as an employee of ProjectLink. Any client information obtained by employees shall not be shared with any of the company’s partners, or client’s family members, friends, members, or personal friends and family unless specified by the company, partner or client.
The company and company employees shall ensure that:
- Every individual’s right to privacy is to be honoured and respected. The information is not to be disclosed to any other individual without the formal consent of the individual.
- Any list with any identifiable data is to be kept in a secure place out of public view.
- Any physical copies are destroyed as per the Data Governance Policy
- Contact information shall not be used for any purpose other than company-related contact and private solicitation of any form is strictly prohibited.
- Any complaint received from an individual concerning privacy is to be notified to direct line managers immediately to avoid further aggravation.
6. Use and disclosure of personal information
The company and employees shall not disclose any information unless one of the following applies:
- The individual has consented
- It is required by law or authorised by law
- It is reasonably necessary for the company to take appropriate action to suspected unlawful activity, or misconduct of a serious nature
- It is reasonably necessary for a confidential dispute resolution process
- It is necessary to provide a health service
7. Security of information
ProjectLink takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorized access, modification and disclosure. These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions. Only authorized personnel are permitted to access these details. Refer to the Information and Systems Security Policy for further information.
When personal information that was collected is no longer required, it will be destroyed, deleted or de-identified in a secure manner, per the Data Governance Policy.
8. Access to and correction of personal information
If an individual requests access to the personal information we hold about them or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the POPI Act or other relevant law to withhold the information, or not make the changes.
Refer to the Update of Personal Information Procedure for further information.
A privacy complaint relates to any concern that you may have regarding ProjectLink privacy practices or our handling of your personal and sensitive information. This could include matters such as how your information is collected or stored, how your information is used or disclosed or how access is provided to your personal and sensitive information.
The goal of this policy is to achieve an effective resolution of your complaint within a reasonable timeframe, usually 30 days or as soon as practicable. However, in some cases, particularly if the matter is complex, the resolution may take longer.
Refer to the Whistleblowing Procedure for further information.
Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.
11. Reservation of Rights
ProjectLink reserves the right to propose changes to the policy to comply with any statutory changes and/or as and when it deems necessary.