FlameBlock POPI Act Privacy Policy

  1. Introduction
FlameBlock is a proudly South African company that engineers, manufactures and supplies fire intumescent and retardant products to the fire engineering, mining, construction, commercial and industrial market sectors.
Apart from developing and manufacturing fire retardant coatings, FlameBlock also supplies penetration blocks, panels, mineral wool products and surface coatings.
Contact Details
Contact Details
Managing Director Ferdi van Zyl
Information Officer Ferdi van Zyl
Physical Address 15 Prinsloo street, Alberton North, 1449
Postal Address
P.O Box 145899 Bracken Gardens, 1452
Telephone Number
011 869 2142
Cellphone Number 062 985 9976
Email Address ferdi@flameblock.co.za
Web Site www.flameblock.co.za
Table 1- Contact Details
This Policy sets out how FlameBlock data subjects’ (hereafter clients) personal information (PI) is collected, processed, used, disclosed or destroyed. This Policy can be requested from FlameBlock directly.
This policy also states FlameBlock’ commitment to protect their clients’ privacy and to implement reasonable measures to ensure that their Personal Information (PI) is used appropriately, transparently, securely and in accordance with applicable laws.

 

  1. Amendments to this policy

Amendments to, or a review of this Policy, takes place on an ad hoc basis or at least once a year.

  1. Policy Purpose
This policy demonstrates FlameBlock’s commitment to protecting the privacy rights of the Data Subject in the following manner:
  • through stating desired behaviour and directing compliance with the provisions of the POPI ACT;
  • by cultivating an organisational culture that recognises privacy as a valuable human right;
  • by developing and implementing internal controls for the purpose of managing the compliance risk associated with the protection of Personal Information;
  • by creating business practices that will provide reasonable assurance that the rights of the Data Subject are protected and balanced with the legitimate business needs of FlameBlock;
  • by assigning specific duties and responsibilities to control owners, including the appointment of an Information Officer and where necessary Deputy Information Officers;
  • by raising awareness through training and providing guidance to individuals who process Personal Information (PI) so that they can act confidently and consistently.

  1. Policy Function
The Information Officer at FlameBlock, is responsible for:
  • developing and upkeeping this policy;
  • ensuring this policy is supported by appropriate documentation;
  • ensuring that documentation is relevant and kept up to date;
  • ensuring this policy and subsequent updates are communicated to relevant role players.
Any service provider or third-party operator responsible for providing and managing personal information on FlameBlock’s behalf must adhere to the privacy principles provided by this policy to ensure the lawful processing of personal information (PI).

4.1. Key Risks

FlameBlock identifies the following potential key risks, which this policy is designed to address:
  • breach of confidentiality (information being given out inappropriately);
  • insufficient clarity about the range of uses to which information will be put — leading to the Data Subject being insufficiently informed;
  • failure to offer choice about information use when appropriate;
  • breach of security by allowing unauthorised access;
  • harm to individuals if Personal Information is not up to date;
  • management of Personal Information (PI) by Third Party Operators.
  1. Compliance to POPI ACT conditions
FlameBlock acknowledges the conditions for lawful processing of Personal Information (PI) as stipulated in the POPI Act, Chapter 3, Part A and Part B, and its responsibility to comply with each of the conditions.
FlameBlock undertakes to implement and maintain reasonable measures to ensure that all employees and persons acting on behalf of the FlameBlock will always be subject to, and act in accordance with the specific conditions and other requirements as stipulated by the POPI Act.
The following conditions are provided for in the Act:
Condition
Description
Accountability FlameBlock management acknowledges that as the responsible party they are accountable for the implementation of reasonable measures to ensure the lawful processing of personal information (PI).
Processing Limitation FlameBlock clients’ personal information (PI) will be processed in accordance with the law. It will be managed in a proper and reasonable manner so as not to intrude on the privacy of the client whose information is being processed.
Purpose Specific FlameBlock clients’ personal information (PI) will be collected for a specific purpose, which is properly defined and for legitimate reasons. The PI collected will not be kept for longer than is necessary (i.e., must suit the purpose).
Further Process Limitation 
FlameBlock clients’ personal information (PI) will not be processed beyond the initial purpose i.e., which makes it incompatible with the original purpose.
Information Quality
The person responsible for collecting the information will take proper steps to ensure that the information is complete, accurate, current, and not misleading in any way.
Openness
FlameBlock undertakes to document and maintain documentation of all the processing procedures where personal information (PI) is collected and processed. FlameBlock also undertakes to always, within reason, keep clients informed regarding the processing of their Personal Information (PI).
Security Safeguards 
At FlameBlock appropriate technical and organisational measures will be taken to ensure integrity of the personal information (PI) as well as safeguarding it from unauthorised access.
Individual (Data Subject) participation
FlameBlock acknowledges their clients right to be informed with regards to the details of personal information (PI) collected, why it is being collected and that they also have the right to request, within reason, that it gets discarded after its initial purpose.

Table 2- POPI Act Conditions

  1. Compliance to POPI ACT privacy Requirements

FlameBlock undertakes to implement and maintain reasonable measures to ensure that all employees, contractors and third parties acting on behalf of FlameBlock will always be subject to, and act in accordance with privacy requirements as stipulated by the POPI Act.

The reasonable measures to be implemented will be instrumental to ensure that security and privacy of Personal Information (PI) are addressed with regards to the following categories:

  • Collection of Personal Information (PI);
  • Processing of Personal information (PI);
  • Use of Personal Information (PI);
  • Safeguarding Personal Information (PI);
  • Access to Personal Information (PI);
  • Correction of Personal Information (PI);
  • Disclosure of Personal Information (PI).
  1. Collection of Personal Information (PI)
FlameBlock collects Personal Information (PI) of our clients to be able to provide […] services.

FlameBlock collects the Personal Information (PI) of our clients during the following relevant business scenarios:

  • via direct communication for example face-to-face or telephone conversations,
  • via email or mobile messaging communication channels

Examples of Personal Information (PI) collected by FlameBlock include:

  • clients: name, surname, telephone number, address, postal code, company name; etc.
  • suppliers: company name, contact person name and surname, telephone number, company registration and vat number etc.
  1. Highly Sensitive Personal Information (PI)

FlameBlock collects highly sensitive personal information (PI) relating to our clients only when necessary for a specific business or regulatory process e.g., for requirements to comply to Covid 19 regulations.

    1. Condition of Openness
In support of the condition of openness FlameBlock adheres to the concept of Informed Consent and will therefore always aim to provide the purpose for which the personal information is collected. If the personal information (PI) has not been collected directly from our client, due to a specific business process, the source of collection will be provided within reason.

  1. Processing of Personal Information (PI)
FlameBlock acknowledges that personal information (PI) may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
FlameBlock therefore undertakes that personal information (PI) of clients will only be processed when processing is necessary to carry out actions for a relevant business process such as the provisioning of relevant […] services.
FlameBlock also realises that their clients may withdraw his, her or its consent at any time or object to processing of personal information (PI). FlameBlock will in this instance act accordingly without jeopardizing a legal requirement or process.
FlameBlock not only processes personal information (PI) for a specific purpose, but also undertakes to secure the personal information (PI) processed during its lifetime.

FlameBlock undertakes to destroy or delete a record of personal information (PI) collected as soon as reasonably practicable based on applicable legislation, regulations and or current business practices.

  1. Use of Personal Information (PI)
FlameBlock acknowledges, as the Responsible Party, that they are accountable for the lawful use of their clients’ personal information (PI) and therefore undertakes to use it only for the purpose for which it was originally collected.

In the instance where FlameBlock seeks to process and use personal information (PI) it holds for a purpose other than the original purpose for which it was collected, and where this secondary purpose is not compatible with the original purpose, FlameBlock will first obtain additional consent from their clients.

  1. Safeguarding Personal Information (PI)
FlameBlock realises that, as responsible party, it is legally obliged to provide adequate protection for the personal information (PI) collected and processed and to prevent unauthorised access to and use of such personal information (PI).
To prevent unauthorised access or disclosure, FlameBlock has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information FlameBlock collects and processes.  
In further support of the condition of Security Safeguards FlameBlock has also put reasonable measures in place to ensure that the personal information (PI) collected is complete, accurate, current and not misleading in any way.
Clients’ personal information (PI) processed and managed via third parties on FlameBlock behalf are also to be managed based on FlameBlock privacy processes as stipulated in this policy

  1. Access to Personal Information (PI)
FlameBlock acknowledges clients’ rights to request a copy of the personal information (PI) FlameBlock holds about them.

FlameBlock clients can contact our designated Information Officer for assistance at the contact details provided.

  1. Correction and De-identification of Personal Information (PI)
FlameBlock acknowledges clients’ rights to request that the personal information (PI) collected are to be updated, corrected or deleted.

FlameBlock undertakes to adhere to these requests as soon as reasonably practicable based on applicable legislation, regulations and or current business practices.

  1. Disclosure Personal Information (PI)
In the instance that it is required to disclose or disseminate personal information (PI) of our clients to third parties, who are involved in the delivery of products or services to our clients, it will be on a basis of informed consent.
FlameBlock will disclose the personal information (PI) collected and processed only to:
    • FlameBlock employees, business Partners or consultants that require the information to fulfil their work duties;
    • FlameBlock suppliers and/or vendors that require the information to assist with the service provided;
    • FlameBlock courier partners to perform their courier tasks;
    • FlameBlock financial service providers and/or banking partners as required by banking and credit card association rules;
    • to law enforcement (if required to do so to protect FlameBlock’ rights);
    • other third parties from whom our clients have chosen to receive marketing information;
    • other companies’ entities in FlameBlock’ industry, that will enhance the services and products FlameBlock can offer to clients. This only applies where our clients have not objected to such sharing.