CTS Privacy Policy Statement

Mokoro Holding Company (Pty) Ltd, its subsidiaries – Including Chinese Taxi Suppliers – and its staff members are committed to compliance with, and adheres to, the protection of personal information act (POPI) South Africa, and confirm that we comply with this legislation, with immediate effect as from 1 July 2021

Scope

The POPI Act requires us to: 

  1. Sufficiently inform our employees and other stakeholders (data subjects), the purpose for which we will process their personal information; 
  2. Protect our Information assets from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities. 

This policy and compliance framework establishes measures and standards for the protection and lawful processing of personal information within our organisation and provides principles regarding the right of individuals to privacy and to reasonable safeguarding of their personal information. 

The Information Officer is responsible for: 

  • Conducting a preliminary assessment; 
  • The development, implementation and monitoring of this policy and compliance framework; 
  • Ensuring that this policy is supported by appropriate documentation; 
  • Ensuring that documentation is relevant and kept up to date; 
  • Ensuring this policy and subsequent updates are communicated to relevant managers, representatives, staff and associates, where applicable. 

All employees, subsidiaries, business units, departments and individuals directly associated with us are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer. 

Any service provider that provides information technology services, including data storage facilities, to our organisation must adhere the requirements of the POPI Act to ensure adequate protection of personal information held by them on our behalf. Written confirmation to this effect must be obtained from relevant service providers. 

Policy description & procedures

Policy Principles 

Principle 1: Accountability 

  • We must take reasonable steps to ensure that personal information obtained is stored safely and securely. 

Principle 2: Processing limitation 

  • We will collect personal information directly from relevant individuals. 
  • Once in our possession we will only process or release this information with their consent, except where we are required to do so by law. In the latter case we will always inform the individual. 

Principle 3: Specific purpose 

  • We collect personal information from individuals (taxi operators) to assist them in starting their taxi business/es. 
  • We update personal information from individuals (taxi operators) in order to ensure the success of their taxi business.
  • We also collect info from employees to ensure our systems are updated with the most up to date information.

Principle 4: Limitation on further processing 

  • Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially. We collect personal information for normal business procedures and it will only be used for that purpose. 

Principle 5: Information quality 

  • We are responsible for ensuring that information is complete, up to date and accurate before we use it. This means that it may be necessary to request individuals, from time to time, to update their information and confirm that it is still relevant. If we are unable to reach an individual for this purpose their information will no longer be used for business purposes. 

Principle 6: Transparency/openness 

  • Where personal information is collected from a source other than directly from an individual (EG Social media, portals) we are responsible for ensuring that the candidate is aware: 
  • That their information is being collected; 
  • Who is collecting their information by giving them our details; 
  • Of the specific reason that we are collecting their information. 

Principle 7: Security safeguards 

  • We will ensure technical and organisational measures to secure the integrity of personal information, and guard against the risk of loss, damage or destruction thereof. 
  • Personal information must also be protected against any unauthorised or unlawful access or processing. 
  • We are committed to ensuring that information is only used for legitimate purposes with individuals consent and only by authorised employees of our business. 

Principle 8: Participation of individuals 

  • Individuals are entitled to know particulars of their personal information held by us, as well as the identity of any authorised employees of our business that had access thereto. They are also entitled to correct any information held by us. 

Policy maintenance & review

Operational Considerations 

Monitoring 

The Board/Management and Information Officer are responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes. All employees, subsidiaries, business units, departments and individuals directly associated with us are to be trained, according to their functions, in the regulatory requirements, policies and guidelines that govern the protection of personal information. We will conduct periodic reviews and audits, where appropriate, to ensure compliance with this policy and guidelines.

Operating controls 

We shall establish appropriate standard operating procedures that are consistent with this policy and regulatory requirements. This will include: 

  • Allocation of information security responsibilities. 
  • Incident reporting and management. 
  • User ID addition or removal. 
  • Information security training and education. 
  • Data backup. 

Policy compliance 

Any breach/es of this policy may result in disciplinary action and possible termination of employment. 

For Individuals: 

By Submitting your information you hereby confirm: 

  1. That you have read and understood our POPI Policy; 
  2. That you have no objection to us retaining your personal information in our database for future use; 
  3. That the information you have provided to us is true, correct and up to date.