1. INTRODUCTION

This document describes a set of principles governing the handling of personal information/data we process.

The Blue Bulls Company values privacy and we seek to implement responsible data privacy practices.

2. APPLICATION

This policy applies to all personal information processed in our organisation and to all persons employed or engaged by us who process personal information.

3. APPLICABLE LAWS

The relevant legislation which we will comply with are:

3.1 General Data Protection Regulation 2016/679 (European Union) (hereinafter referred to as the GDPR);
3.2 Protection of Personal Information Act 4 of 2013 (South Africa) (hereinafter referred to as the “Act”).

We undertake to act in accordance with the Act and the GDPR and to do what is reasonably necessary and practicable to comply with those aspects of data protection that apply to our organisation under the relevant legislation.

4. DATA PROTECTION REQUIREMENTS

4.1 The Company respects the privacy of our Data Subjects and will ensure that we process personal information:

4.1.1 Lawfully and in a reasonable manner that does not infringe the privacy of the Data Subject;
4.1.2 For a specific purpose;
4.1.3 Minimally and only as is necessary for the purpose indicated i.e. adequate, relevant and not excessive;
4.1.4 Accurately, complete and up-to-date;
4.1.5 Only for as long as is necessary to achieve the purpose indicated;
4.1.6 Securely, with integrity and confidentiality.

4.2 In respect of Data Subject rights, we will ensure that our Data Subjects can –

4.2.1 Know when we process their personal information and for what purpose;
4.2.2 Rectify any personal information that we process that may be incorrect or dated;
4.2.3 Delete or destroy their personal information from our systems where required, subject to data retention laws;
4.2.4 Restrict our processing of their personal information, where required;
4.2.5 Object/’opt-out’ of our processing of their personal information, where applicable;
4.2.6 Transfer their personal information from us to another Responsible Party/Controller in a structured and accessible format;
4.2.7 Be protected from us making automated decisions about them.

4.3 As a Responsible Party/Controller we will ensure that we:

4.3.1 Implement appropriate and reasonable technical and organisational measures to protect personal information processed by us;
4.3.2 Enter into written agreements with Operators/Processors who process personal information on our behalf;
4.3.3 Keep records of our processing activities;
4.3.4 Consult and cooperate with the relevant data protection authorities, where required.

4.4 Where we act as the Operator/Processor, we will ensure that we:

4.4.1 Enter into a written agreement with the Responsible Party/Controller regarding the processing of the personal information;
4.4.2 Process personal information only on the instructions of the Responsible Party/Controller;
4.4.3 Keep records of our processing activities;
4.4.4 Appoint sub-Operators/Processors only with the consent of the Responsible Party/Controller;
4.4.5 Inform the relevant data protection authorities of any data breaches.

5. GOVERNANCE

5.1 We will appoint and maintain an Information Officer and a Deputy Information Officer, who shall be responsible to:

5.1.1 Raise awareness and encourage compliance by the organisation with the relevant data protection legislation;
5.1.2 Deal with all the requests made to the organisation pursuant to the relevant legislation;
5.1.3 Work with the authorities in relation to investigations conducted pursuant to the relevant data protection legislation;
5.1.4 Develop, implement and maintain the privacy and/or protection of data policies and procedures for the organisation;
5.1.5 Ensure that procedures are implemented to allow Data Subjects to view and rectify their personal data files processed by the organisation and handle Data Subject access requests;
5.1.6 Ensure that any breach in the security of personal data in our organisation is dealt with correctly and appropriately.

5.2 The Information Officer will report to the Chief Executive Officer.

5.3 The contact information of the Information Officer and Deputy Information officer is:

NAME EMAIL TELEPHONE
Willemien Van der Merwe willemienv@bluebull.co.za
0822975407
Wessel Strydom wessel@bluebull.co.za
0824424882

5.4 This policy will be reviewed annually.