Data Protection information

Effective Date: 2021

1. Introduction

TNM Solutions (“we,” “us,” or “our”) is committed to protecting the privacy and personal information of all individuals whose data we process. This Data Protection Policy (“Policy”) outlines our commitment to complying with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection laws in South Africa. This policy applies to all employees, contractors, service providers, and any other third party acting on our behalf who have access to personal information.

2. Scope and Purpose

This Policy applies to all personal information processed by TNM Solutions, regardless of the format in which it is stored. “Personal information” means any information relating to an identifiable, living natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:  

  • Name, contact details (address, phone number, email address)
  • Identity number, passport number, driver’s license details
  • Demographic information (age, gender, nationality)
  • Financial information (bank account details, credit card information)
  • Employment history and qualifications
  • Health information
  • Biometric information
  • Location data
  • Online identifiers (IP address, cookies)
  • Any other information that can be linked to an individual.

The purpose of this Policy is to:

  • Inform individuals about how we collect, use, process, and protect their personal information.
  • Ensure compliance with POPIA and other relevant data protection legislation.
  • Establish clear roles and responsibilities for data protection within TNM Solutions.
  • Provide a framework for handling data breaches and complaints.
  • Promote a culture of data privacy and security within TNM Solutions.

3. Principles of Data Processing

TNM Solutions adheres to the following principles when processing personal information:

  • Lawfulness, Fairness, and Transparency: We process personal information lawfully, fairly, and in a transparent manner. We will inform individuals about the purpose of processing their data and obtain their consent where required.  
  • Purpose Limitation: We collect personal information only for specified, explicit, and legitimate purposes. We will not use the data for any other purpose without obtaining further consent.
  • Minimization: We collect only the personal information that is necessary for the intended purpose.
  • Accuracy: We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date.
  • Storage Limitation: We retain personal information only for as long as necessary for the intended purpose or as required by law.
  • Integrity and Confidentiality: We process personal information in a manner that ensures its integrity and confidentiality, including protection against unauthorized access, use, or disclosure.
  • Accountability: We are accountable for complying with this Policy and POPIA.

4. Collection of Personal Information

We collect personal information in various ways, including:

  • Directly from individuals (e.g., through application forms, online registrations, surveys).
  • Indirectly from third parties (e.g., credit bureaus, public databases, social media).
  • Automatically through our website or other systems (e.g., cookies, IP addresses).

We will only collect personal information that is necessary for the intended purpose and will inform individuals about the reason for collection.

5. Use and Disclosure of Personal Information

We use personal information for the purposes for which it was collected, including:

  • Providing products and services.
  • Managing customer relationships.
  • Processing payments.
  • Conducting marketing activities (with consent).
  • Complying with legal obligations.

We may disclose personal information to third parties, such as:

  • Service providers (e.g., IT support, data storage).
  • Business partners.
  • Law enforcement agencies (when required by law).

We will ensure that any third party we share data with has appropriate data protection measures in place. We will never sell your personal information.

6. Data Security

TNM Solutions implements appropriate technical and organizational measures to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:  

  • Access controls (e.g., passwords, multi-factor authentication).
  • Encryption.
  • Data backup and recovery.
  • Regular security assessments and audits.
  • Staff training on data protection.

7. Data Retention

We retain personal information only for as long as necessary for the intended purpose or as required by law. We have established data retention policies that define the appropriate retention periods for different types of personal information.

8. Individual Rights

Individuals have the following rights regarding their personal information:

  • Access: To request access to their personal information.
  • Correction: To request correction of inaccurate or incomplete personal information.
  • Deletion: To request deletion of their personal information (subject to legal limitations).
  • Objection: To object to the processing of their personal information (subject to legal limitations).
  • Restriction: To request restriction of the processing of their personal information (subject to legal limitations).
  • Data Portability: To request to receive their personal information in a structured, commonly used, and machine-readable format.
  • Complaint: To lodge a complaint with the Information Regulator.

9. Data Breach Management

In the event of a data breach, we will take prompt action to contain the breach, assess the impact, and notify affected individuals and the Information Regulator as required by POPIA.

10. Policy Updates

This Policy will be reviewed and updated periodically to reflect changes in legislation, best practices, or our business operations. Any changes will be communicated to relevant stakeholders.

11. Contact Information

For any questions or concerns regarding this Policy or the processing of personal information, please contact our Information Officer at: Nkomo +27 87 700 1144

12. Information Regulator

The Information Regulator (South Africa) can be contacted at: www.inforegulator.org.za

13. Processing of Special Personal Information

POPIA defines certain categories of personal information as “special personal information,” which requires additional protection due to its sensitive nature. This includes information about:

  • Race or ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Health or medical information
  • Sex life or sexual orientation
  • Criminal behavior

TNM Solutions will only process special personal information with the explicit consent of the individual or where permitted by law. We will implement appropriate safeguards to protect this sensitive information.

14. Processing of Children’s Personal Information

TNM Solutions is committed to protecting the privacy of children. We will only process children’s personal information with the consent of a parent or guardian, and only for specific and legitimate purposes. We will provide clear and accessible information about how we process children’s data.

15. Cross-Border Transfer of Personal Information

If we transfer personal information to a country outside of South Africa, we will ensure that the recipient country provides an adequate level of data protection or that appropriate safeguards are in place, such as contractual clauses or binding corporate rules. We will comply with the requirements of POPIA regarding cross-border transfers.

16. Employee Responsibilities

All employees of TNM Solutions are responsible for complying with this Policy and all applicable data protection laws. Employees who have access to personal information must:

  • Handle personal information with care and confidentiality.
  • Use personal information only for authorized purposes.
  • Report any suspected data breaches or security incidents.
  • Complete data protection training as required.

17. Third-Party Service Providers

When we engage third-party service providers to process personal information on our behalf, we will:

  • Enter into a written contract with the service provider that includes appropriate data protection obligations.
  • Ensure that the service provider has implemented adequate security measures.
  • Monitor the service provider’s compliance with data protection requirements.

18. Monitoring and Review

TNM Solutions will regularly monitor and review its data protection practices to ensure compliance with this Policy and POPIA. We will conduct internal audits and assessments to identify areas for improvement.

19. Training and Awareness

TNM Solutions will provide regular data protection training to all employees and other relevant personnel. The training will cover the requirements of this Policy, POPIA, and best practices for data protection. We will also promote awareness of data privacy and security throughout the organization.

20. Disciplinary Action

Failure to comply with this Policy may result in disciplinary action, up to and including termination of employment.

21. Policy Availability

This Policy is available to all employees, customers, and other stakeholders. It is published on our [Website/Intranet] and can be obtained by contacting our Information Officer.

22. Definitions

  • Data Controller: The entity that determines the purpose and means of processing personal information. In this case, TNM Solutions is the data controller.
  • Data Processor: The entity that processes personal information on behalf of the data controller.
  • Information Officer: The designated individual within TNM Solutions who is responsible for overseeing data protection compliance.
Scroll to Top