Respecting and protecting your privacy and Personal Information (refer to the definition of Personal Information at the end of this policy statement) is very important to PKF South Africa and its Member Firms. It is also a Constitutional right and good business practice requirement which we take very seriously.
This policy is applicable to, and followed by, all PKF Member Firms and their related entities. This policy governs the relationship between you and the specific PKF Member Firm(s) with which you have signed an engagement letter or have otherwise provided personal information to. They are:
- PKF South Africa Inc.
- PKF Cape Town, and its related entities
- PKF Constantia Valley, and its related entities
- PKF Durban, and its related entities
- PKF George, and its related entities
- PKF Port Elizabeth, and its related entities
- PKF Pretoria, and its related entities
- PKF Octagon, and its related entities
- PKF VGA, and its related entities
- PKF Welkom, and its related entities
For more detailed information with regards to the processing and protecting of your personal information please contact the respective entities with which you have signed an engagement letter or provided your personal information to (see section 10 below for contact details).
In the paragraphs which follow any reference made to “us”, “we” or “our” is a reference to ONLY the specific legal entity(ies) with which you have signed an engagement letter or have otherwise provided personal information to and not to all the entities listed above.
In line with the 8 Conditions for Lawful Procession of Personal Information as set out in the Protection of Personal Information Act no 4 of 2013 (the Act), we (the specific legal entity with which you have signed an engagement letter)-
- Accept joint responsibility and accountability with you to responsibly manage and protect your Personal Information when providing our services and solutions to you;
- Undertake to collect and process only such Personal Information which is necessary given the purpose for which it is processed and to assist you with your required solutions, conclude the necessarily related agreements and consider the legitimate legal interests of everyone concerned, as required by the Act. We will at all times respect your right to withdraw your consent for the processing of your Personal Information;
- Undertake to only use your Personal Information for the purpose for which the information is essential to enable us to assist you or provide solutions to you;
- Undertake not to share or further process your Personal Information with anyone or for any reason if not required for assisting you with your solutions or as required in terms of legislation or regulations;
- Undertake to take reasonably practicable steps to ensure that information is complete, accurate, not misleading and, where necessary, is updated;
- Undertake to be open and transparent on the nature, extent and reasons for processing Personal Information;
- Undertake to safeguard and protect your Personal Information in our possession;
- Undertake to freely confirm what Personal Information we hold of you, to update and rectify the Personal Information upon request and to keep it for no longer than required.
By providing us (the specific legal entity with which you have signed an engagement letter) with your Personal Information, you agree to this Policy and authorise us to process such information as set out herein and you authorise the specific legal entity with which you have signed an engagement letter and any associated entities or third parties (where applicable) for the purposes set out herein.
We will not use your Personal Information for any other purpose than that set out in this Policy, and we will take the necessary steps to secure the integrity and confidentiality of Personal Information in our possession and under our control by taking appropriate and reasonable measures to prevent loss of, damage to or unauthorised destruction of your Personal Information and to prevent the unlawful access to, or processing of Personal Information.
2. REASONS FOR PROCESSING PERSONAL INFORMATION
We, or the entities who provide or assist with the solutions you required (if any), need to collect, use and keep your Personal Information as prescribed by relevant legislation and regulations and for reasons such as:
- To provide all relevant services in accordance with your mandate to us as set out in the engagement letter and to maintain our relationship;
- To respond to your queries;
- To confirm and verify your identity or to verify that you are an authorised user for security purposes;
- To comply with all legislative or regulatory requirements related to services provided to you by us;
- To satisfy any requirement by a professional body or network to which we are a member;
- To fulfil our contractual obligations to you, for example to ensure that invoices are issued correctly, to communicate with you and to carry out instructions and requests, and for ensuring you are able to access our premises when required;
- For any other operational purposes required to assist you with the solutions you require;
- To comply with our legal obligations to you, for example health and safety obligations while you are on any of our premises, or to a third party;
- In connection with possible requirements by the Information Regulator or other Government agencies allowed by law, legal proceedings, or court rulings.
3. BUSINESS ACTIVITIES FOR WHICH PERSONAL INFORMATION IS PROCESSED
- Recruitment and Employment purposes
- Providing Professional Services as per client mandate;
- Administering, managing and developing our businesses and services;
- Security, quality and risk management activities;
- Complying with any requirement of law, regulation or a professional body of which we are a member.
4. SHARING OR TRANSFER OF PERSONAL INFORMATION
Our employees will have access to your Personal Information to administer and manage our services and internal business processes. In general, we do not share your Personal Information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.
- CROSS BORDER
- THIRD PARTY PROVIDERS/OPERATORS
We may need to share your Personal Information and/or utilise software or online platforms to enter and process your information for business management purposes. This will only be done in strict adherence to the requirements of the Act. We also have agreements in place to ensure that they comply with the privacy requirements as required by the Act.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of legislation, regulations or industry codes;
- Where we believe it is necessary to protect our rights;
- When explicitly requested by you;
- With professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal Information may be shared with these advisers as necessary in connection with the services they have been engaged to provide.
- To law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. We may also review and use your personal information to determine whether disclosure is required or permitted.
5. INFORMATION SECURITY
We are legally obliged to provide adequate protection for the Personal Information we hold and to stop unauthorised access and use thereof. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your Personal Information remains secure.
Generally accepted standards of technology and operational security have been implemented to protect information from loss, misuse, alteration, or destruction. All our employees are trained on information security and are required to keep Personal Information confidential and only authorised persons have access to such information.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
6. RETENTION OF PERSONAL INFORMATION
We shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.
7. YOUR RIGHTS: ACCESS TO INFORMATION
You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us via the numbers/addresses provided below or on our website and specify what information you require. We will need proof of authorisation or a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
8. AMENDMENTS TO YOUR INFORMATION
You have the right to ask us to update, correct or delete your personal information. We will require proof of identity and/or authority before making changes to personal information we may hold of you. We would appreciate it if you would keep your personal information accurate and up to date.
10. HOW TO CONTACT US
If you have any queries about this policy, or need further information about our privacy practices, wish to withdraw consent, exercise preferences or access or correct your personal information, please contact us at:
- PKF South Africa Inc – firstname.lastname@example.org
- PKF Cape Town - email@example.com
- PKF Constantia Valley - firstname.lastname@example.org
- PKF Durban - email@example.com
- PKF George - firstname.lastname@example.org
- PKF Octagon - email@example.com
- PKF Port Elizabeth - firstname.lastname@example.org
- PKF Pretoria - email@example.com
- PKF VGA - firstname.lastname@example.org
- PKF Welkom - email@example.com
Alternatively, you can contact us on the numbers/addresses listed under the contact us section of our website.
Any additional information or concerns can be found and raised with the Information Regulator, who can be contacted as shared below, but please feel free to contact your relevant PKF Member Firm’s Information Officer first to discuss any questions or concerns you may have:
Personal Information is defined by the Protection of Personal Information Act (the Act) as:
“information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person”.
- Respecting and protecting your Personal Information (please refer to the definition of Personal Information at the end of this policy statement) is very important to us. It is also a Constitutional right, legal, and good business practice requirement, which we take very seriously.