Platchro Mining Services Privacy Policy

  1. VALUE STATEMENT OF THE PROVEST GROUP

Professionalism.
Reliability.
Innovation.

  1. DEFINITIONS
Biometrics means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
Consent means any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information.
Conditions for Lawful Processing means the conditions for the lawful processing of Personal Information.
Constitution means the Constitution of the Republic of South Africa, 1996.
Customer / Client refers to any natural of juristic person that received or receives services from the Company.
Data Subject means the person to whom the Personal Information relates.
Employees means any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who  assists in carrying out or conducting the business of the Company , which includes, without limitation, directors, all permanent, temporary and part-time staff as well as contract workers.
Information Officer means the information officer who is registered with the South African Information Regulator established under POPIA prior to performing his or her duties.
Operator means a person who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party.
PAIA means the Promotion of Access to Information Act 2 of 2000.
POPIA means the Protection of Personal Information Act 4 of 2013.
Provest Group (Pty) Ltd means the Provest Group, registration number 2015/244566/07, with its registered address at 55 Brink Street, c/o Beyers Naudé and Brink Street, Rustenburg, 0299 (hereinafter referred to as the Company), including all the subsidiaries as listed below:
  • Provest Cementitious Products (Pty) Ltd – 2004/016915/07
  • Provest Specialized Support (Pty) Ltd – 2002/004032/07
  • Provest Services (Pty) Ltd – 2002/018772/07
  • Preman Mining (Pty) Ltd – 2010/016472/07
  • Quick Stone Crushers (Pty) Ltd – 2005/027070/07
  • Eastern Limb Mining Services Investments (RF) (Pty) Ltd – 2014/121100/07
  • Platchro Ubuntu (Pty) Ltd – 2017/410812/07
  • Precrete Bakwena (Pty) Ltd – 2012/205545/07
  • Precrete Bafokeng JV (Pty) Ltd – 2008/022020/07
  • Provest Management (Pty) Ltd – 2008/014955/07
  • Dube Mining Investments (Pty) Ltd – 2014/144194/07
  • Merensky Cement Solutions (Pty) Ltd – 2014/088709/07
  • Platchro Holdings (Pty) Ltd – 2009/024326/07
  • Platchro Mining Services (Pty) Ltd – 2010/007575/07
  • Platchro Rasimone (Pty) Ltd – 2008/017840/07
  • Platchro Services and Supplies (Pty) Ltd – 2009/024740/07
  • Mainsail Trading 136 (Pty) Ltd – 2008/012849/07
  • Platchro Mining Services Zambia Ltd – 120150129253
  • Platchro Zambia Limited – 120150129259
Personal Information means any information that can be used to reveal a person’s identity. Personal Information relates to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person (such as a company), including, but not limited to information concerning:
  • race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language and birth of a person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person;
  • the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;
but excludes:
  • information of a deceased person;
  • information that has been provided anonymously so that it does not identify a specific person;
  • permanently de-identified information that does not relate or cannot be traced back to the Data Subject specifically;
  • non-personal statistical information collected and compiled by the Company;
  • information that the Data Subject has provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute Personal Information subject to protection under this policy).
Process or Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
  • dissemination by means of transmission, distribution or making available in any other form; or
  • merging, linking, as well as restriction, degradation, erasure or destruction of information.
Record means any recorded information, regardless of form or medium, including:
  • writing on any material;
  • information produced, recorded, or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
  • label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
  • book, map, plan, graph or drawing;
  • photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced.
Responsible Party means the responsible party is the entity that needs the Personal Information for a particular reason and determines the purpose of and means for Processing the Personal Information. In this case, the Company is the responsible party.
The Regulator means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.
Special Personal Information means information relating to religious or philosophical beliefs, race and ethnic origin, trade union membership, political persuasion, health or sec life or the biometric information of a data subject, criminal behaviour of a Data Subject regarding the alleged commission of an offence or any proceedings in respect of any offence allegedly committed by a Data Subject or the disposal of such proceedings.
  1. INTRODUCTION
The Company recognises the constitutional rights of a person to privacy and acknowledges that it is of the utmost importance, as required by law, to protect the personal information pertaining to the relevant parties concerned. The danger of invading a person’s privacy and the abuse of personal information has been considered and acknowledged internationally and precautionary measures to protect this confidential information has been documented to be of assistance in the regulation hereof. For this specific reason, Parliament established legislation to address this matter. The Company undertakes to respect and protect the privacy of all persons who are associated with this company whether they are employees of this company or persons who are business partners or other entities, who for various reason of interest, are related to the Company.
  1. SCOPE
The contents of this policy is applicable to all employees of the Company, and has been introduced in order to encourage the protection and confidentiality of all personal information that has been made available to the Company by employees or any consumer/client or any party who has disclosed any information of a private or business nature, for the sole intention of employment, business transactions, contracts or communication and will be deemed to be necessary for the records pertaining to the Company. The information officer is the custodian of this policy, as it is the responsibility of the information officer to ensure that this policy is incorporated and implemented in the various divisions of the Company, and that workshops and training is provided to all parties concerned regarding the contents of the Protection of Personal Information Act (POPIA). This policy applies to all permanent and temporary positions held by persons within the Company and is applicable to all temporary and permanent employees. The Company will make employees aware of this procedure by discussing it during induction sessions, and by distributing it to the workforce via email and awareness campaigns. However, it remains the duty and responsibility of all employees to make themselves aware of, and to familiarise themselves with, the content and application of this document.
  1. PURPOSE
  • The purpose of this policy is to incorporate the requirements of the Protection of Personal Information Act (4/2013) (hereafter referred to as ‘POPIA’) into the daily operations of the Company and to ensure that these requirements are documented and implemented in the business processes.
  • The objective of this policy is to ensure the constitutional right to privacy, with regards to:
    • the safeguarding of personal information;
    • the regulation and processing of personal information;
    • the execution of the prescribed requirements for the legal processing of personal information;
    • and the protection of free flow of personal information.
  • The Company and its employees shall adhere to this policy concerning the management of all personal information received from, but not limited to natural persons, employees, clients, suppliers, agents, representatives, and partners of the Company, to ensure compliance is applied to this Act and the applicable regulations and rules relating to the protection of personal information is adhered to.
  1. PROVISION
  • The Company acknowledges that it is mandatory to comply with the provisions of the Protection of Personal Information Act.
  • There are eight (8) conditions that shall apply, and which are relevant for the lawful processing of personal information:
    • Accountability;
    • Processing limitation;
    • Purpose specification;
    • Further processing limitation;
    • Information quality;
    • Transparency (honesty and integrity);
    • Security safeguards;
    • Data subject participation.
  1. CONSIDERATIONS
  • Processing of Personal Information:
    • The procedure of processing the personal information, refers to the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, including inaccessibility, erasure or destruction of personal information.
    • Personal information collected by the Company and/or any of its representatives or subsidiaries, will not be collected directly from the data subject, unless:
      • The information is contained or derived from a public record or has deliberately been made public by the data subject.
      • The data subject or a competent person where the data subject is a minor, has consented, to the collection of the information from another source.
      • Collection of the information from another source would not prejudice a legitimate interest of the data subject.
      • Collection of the information from another source is necessary to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences; to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue; for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated; in the interest of national security; or to maintain the legitimate interests of the Company or of a third party to whom the information is supplied.
      • Compliance would prejudice a lawful purpose of the collection.
      • Compliance is not reasonably practicable in the circumstances of that instance.
    • Personal information must only be collected for a specific, explicitly, defined, and lawful purpose, related to the function or activity of the Company.
    • Ensure that the data subject is aware of what information is collected prior to the collection thereof.
    • Ensure the data subject, or should the individual be a minor, a competent person in this instance then consents to the collection of personal information.
    • Inform the data subject what the purpose is for the collection of this information and inform the data subject regarding:
      • whether the information to be collected is a voluntary or mandatory function to be performed;
      • the consequences of the matter for the data subject should they fail to provide the information;
      • whether it is ascertained that a legal authority requires the collection of the information for their records;
      • whether this information needs to be transferred to another source;
      • whether the Company intends to transfer the information to any other country outside the borders of the Republic of South Africa or international organisation and disclose the level of protection regarding the personal information which can be expected from this country or international organisation.
    • Ensure that the personal information is complete, accurate, not misleading and is updated from time to time;
    • Ensure that the information which is collected is not excessive. To collect solely the information, which is necessary for the company, which it requires to execute its functions or in the interests of a third party, where the information will be provided to them;
    • To undertake to regard personal information as strictly private and confidential and not to disclose it to any other party, unless required by law to take this course of action, or the consideration of the correct performance of the company’s duties and tasks;
    • The Company will take responsibility to keep on record all the appropriate documentation of all processing operations.
  1. ADDITIONAL PROCESSING PROCEDURES REGARDING PERSONAL INFORMATION:
  • The Company undertakes to ensure that any additional processing of personal information will be in accordance with the purpose for which it was collected;
  • To assess whether any additional processing is in accordance with the purpose of collection, the following detail should be considered:
    • The relationship between the purpose of the intended additional processing and the purpose or intention for which the information was collected;
    • The nature of the information concerned;
    • The consequences of this action for the data subject regarding the intention of processing additional information;
    • The manner/method in which this information was collected; and
    • Any contractual rights and obligations between the parties.
  1. RETENTION AND RESTRICTION OF RECORDS
  • Records of personal information should not be retained for longer periods than is necessary for achieving the purpose for which the information was collected, unless:
    • the retention of a record is required or authorised by law;
    • the Company, reasonably requires a record for legal purposes related to its functions or activities;
    • retention of a record is required by a contract between the parties thereto;
    • the data subject or a competent person where the data subject is a minor and has consented to the retention of a record.
  • The Company will restrict the processing of personal information if:
    • its accuracy is contested by the data subject, for a period enabling the Company to verify the accuracy of the information;
    • the Company no longer requires the personal information for achieving the purpose for which it was collected or subsequently processed, but is required to maintain/retain it for purposes of proof or record keeping purposes;
    • the processing is unlawful, and the data subject opposes its destruction or deletion and alternatively requests the restriction of its use; or
    • the data subject requests that the personal data be transmitted or transferred to another automated processing system.
  • Personal information that has been restricted may only be processed for purposes of proof, or processed with the data subject’s consent, or with the consent of a competent person where the data subject is a minor, or for the protection of the rights of any other natural or legal person, or if such processing is in the public interest.
  • Where personal information is restricted, the Company will inform the data subject prior to the termination of the restriction.
  1. SECURITY SAFEGUARDS
  • The Company will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable, technical and organisational measures to prevent loss of, damage to, or unauthorised destruction of personal information; and unlawful access to or processing of personal information;
  • The Company will take responsible measures to:
    • identify all reasonable predictable internal and external risks to personal information in its possession or under its management;
    • establish and maintain appropriate safeguards against the risks identified;
    • regularly verify that the safeguards are effectively implemented; and
    • ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguarding methods.
  • The Company will have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.
  1. SECURITY COMPROMISES
  • Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the information officer should be contacted immediately.
  • The information officer is required to notify the information regulator and the data subject.
  • The notification of a breach of confidentiality should be declared as soon as is reasonably possible upon the discovery of the compromise.
  • The information officer needs to provide sufficient information to the data subject which will enable the data subject to take protective measures against the potential consequences of the compromise.
  1. RIGHTS OF THE DATA SUBJECT
  • The data subject, or competent person where the data subject is a minor, may withdraw his, her or its consent to procure and process his/her or its personal information, at any time, providing that the processing of the personal information was performed legally, prior to the request for the withdrawal.
  • A data subject, having provided adequate proof of identity, has the right to:
    • request the Company to confirm, free of charge, whether it holds personal information regarding the data subject; and
    • request from the Company a record or a description of the personal information relevant to the data subject held by the Company, including information regarding the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
  • This must be processed within a reasonable period, at a fee prescribed as determined by the Information Officer, in a reasonable manner and format and in a form that is generally understandable.
  • A data subject may request the Company, to correct or delete personal information in its possession or under its management which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained illegally.
  • A data subject may request the Company to destroy or delete their record of personal information.
  • This must be processed only if it is permissible and has been approved by the Information Officer.
  • A data subject, having provided adequate proof of identity, has the right to:
    • request the Company to confirm, free of charge, whether it holds personal information regarding the data subject; and
    • request from the Company a record or a description of the personal information relevant to the data subject held by the Company, including information regarding the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
  • This must be processed within a reasonable period, at a fee prescribed as determined by the Information Officer, in a reasonable manner and format and in a form that is generally understandable.
  • A data subject may request the Company, to correct or delete personal information in its possession or under its management which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained illegally.
  • A data subject may request the Company to destroy or delete their record of personal information. This must be processed only if it is permissible and has been approved by the Information Officer.
  1. MONITORING AND ENFORCEMENT
  • All employees will be responsible for administering and overseeing the implementation of this policy including the supporting of guidelines, standard operating procedure, notices, consents and appropriate related documents and processes.
  • Employees who violate the guidelines and standard operating procedures of this policy may be subjected to disciplinary action, being taken against him/her.
  • The point of contact for requests, disclosures, questions, complaints and any other inquiries relating to the processing, collection, or re-identifying of personal information shall be directed to the information officer or deputy information officer(s).
  1. POLICY SPECIFIC INFORMATION
  • The Company must ensure that the disciplinary procedures are amended accordingly to include any violation of this policy.
  • The Company must appoint an information officer and a deputy officer/s who will be responsible for the management of this division.
  • The Company will ensure that the information officer and the deputy information officer/s receive the appropriate training with regard to the execution of their duties and responsibilities, in terms of the provisions of POPIA.
  1. VALIDITY AND DOCUMENT MANAGEMENT
This document is valid as of date of signing.

The owner / custodian of this document is the Provest Group Information Officer, who must validate and if necessary, update the document at least once a year.