Lorem ipsum dolor sit amet, adipisc ing elit, consectetur adipiscing elit. Duis ut ligula leo adipiscing elit.

PHONE:           0035 244 58 265

E-MAIL:           info@example.com

ADDRESS:      Rohr PL 989, NY

Instagram

Privacy Policy

ARTICLE 1.  PREAMBLE 

1.1   With the introduction of the Protection of Personal Information Act No 4 of 2013, all organisations processing personal information by automated means need to have an explicit policy to govern the process. As the Kleinmond Cycling Club (KCC) has implemented an online registration process inclusive of membership and event management which includes processing and holding personal information, POPIA is applicable for our work. 

1.2.   Therefore, in line with the POPI Act, KCC commits to: 

     1.2.1. give effect to the constitutional right to privacy, by safeguarding personal information processed by KCC, subject to justifiable limitations that are aimed at: 

             1.2.1.1. balancing the right to privacy against other rights, particularly the right of access to information; and 

             1.2.1.2. protecting important interests, including the free flow of information within SA and across international borders; 

     1.2.2. regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information; 

     1.2.3. provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and 

     1.2.4. establish voluntary and compulsory measures, in line with the Act, to ensure respect for and to promote, enforce and fulfil the rights protected by this Act. 

1.3. Some of the obligations under POPIA are to: 

     1.3.1. collect only information required for a specific purpose; 

     1.3.2. apply reasonable security measures to protect it; 

     1.3.3. ensure it is relevant and up to date; 

     1.3.4. only hold as much information as required, and only for as long as required; 

     1.3.5. allow the subject of the information to see it upon request and to correct it. 

ARTICLE 2. PURPOSE 

KCC holds personal information in relation to the registration of members and on specific officials including club members, riders and officials.

ARTICLE 3. SCOPE 

3.1. This policy applies to any person who is, or has been, any of the following with respect to KCC: 

     3.1.1. Employee or former employee; 

     3.1.2. Member; 

     3.1.3. Committee member; 

     3.1.4. Volunteer forming part of any panel, communication group, commission, committee, or forum of KCC.

ARTICLE 4. DEFINITIONS 

4.1. Personal information is any information relating to an identifiable, living natural person or juristic person (e.g. companies, closed corporations etc.) and includes, but is not limited to: 

     4.1.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; 

     4.1.2. information relating to the education or the medical, financial, criminal or employment history of the person; 

     4.1.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignments to the person; 

     4.1.4. the biometric information of the person; 

     4.1.5. the personal opinions, views or preferences of the person; 

     4.1.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; 

     4.1.7. the views or opinions of another individual about the person; and 

     4.1.8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. 

4.2. Processing is any operation or activity or any set of operations whether or not by automatic means, concerning personal information, including: 

     4.2.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; 

     4.2.2. dissemination by means of transmission, distribution or making available in any other form; or 

     4.2.3. merging, linking, as well as restriction, degradation, erasure or destruction of information.

ARTICLE 5. RIGHTS OF INDIVIDUALS WHOSE DATA KCC REQUESTS OR HOLDS 

5.1. As part of the process, all such individuals registering have been notified that information is being collected by virtue of the individual inputting their data which is protected by the individual accessing the database using a password they select. It is that individual’s responsibility to: 

     5.1.1. understand that by submitting their data, they consent to their data being held by KCC, such consent may be withdrawn at any time with consequences including not being able to enter certain events 

     5.1.2. keep the password confidential 

     5.1.3. change the password if they become aware of a possibility that it has been compromised 

     5.1.4. ensure that they are 18 years or older or if not, for the data to be inputted by a person legally entitled/competent to do so (e.g. guardian, parent) 

     5.1.5. give permission for KCC to hold and process information related to a minor for whom they have a legal responsibility by entering the minor’s information 

     5.1.6. ensure that the data inputted are correct at all times 

     5.1.7. upon retirement or resignation from cycling, to request KCC to delete the data 

     5.1.8. contact the KCC committee via the website about questions or concerns at any time and if not satisfied, submit a complaint to the Regulator as set out in the POPI Act.

ARTICLE 6. ACCESS 6.1. Procedure for access to personal information will be handled in compliance with the Promotion of Access to Information Act 2 of 2000 (PAIA Act). 

6.2. A limited number of KCC officials and other persons authorised by KCC and the service provider, if any, providing the database may have access to this information. 

6.3. All such persons are required to sign a confidentiality agreement before being given access to data.

ARTICLE 7 USE OF INFORMATION (INCLUDING PHOTOGRAPHS) 

7.1. The information provided will only be used in KCC’s normal business and may include: 

     7.1.1. providing information to the Department of Sports, Arts and Culture of South Africa, and prospective sponsors for statistical purposes (mainly demographic information submitted without names). 

     7.1.2. providing information to the Union Cycliste Internationale (UCI), Confederation of African Cycling (CAC) and the SA Sports Confederation and Olympic Committee (SASCOC) for the purposes of event entries provided that they are subject to privacy requirements at least as stringent as the POPI Act. 

     7.1.3. sending out email correspondence and newsletters 

     7.1.4. issuing information to the media related to the individual’s performance in events

     7.1.5. providing information for the purpose of research (submitted without names) 

7.2. Information may be released to the SA authorities if so, required by law or subpoena. 

7.3. Information shall not be released for direct marketing purposes unless the individual concerned grants specific permission. 

7.4. The individual may wish to release information from their data for the purposes of company incentives.

ARTICLE 8. SECURITY 

8.1. KCC is responsible to ensure that the appointed service provider keeps all data secure and private. 

8.2. KCC will work with the service provider to inform the individual by email if there is a suspicion of unauthorised access to the individual’s data and take immediate steps to reinforce security and privacy. 

8.3. The service provider is responsible to provide KCC with the results of regular vulnerability and penetration tests and that it has adequate insurance to cover its cyber-security obligations.

ARTICLE 9. RETENTION OF INFORMATION

9.1. After being notified of an individual’s resignation, KCC may keep the demographic and performance-related information, unless otherwise agreed, for statistical purposes.

9.2. Where KCC cancels its contract with a service provider holding private information, KCC is responsible to ensure that the service provider deletes all KCC information from all its servers once it has transferred all relevant information to KCC in the format required.

ARTICLE 10. REGISTRATION 

10.1. At the appropriate time, KCC shall: 

     10.1.1. register with the appointed Regulator that it holds and processes private information; 

     10.1.2. appoint an information officer and deputy information officer/s with the responsibilities set out in sections 55 and 56 of the POPI Act.

ARTICLE 11. CONTRAVENTION OF POLICY AND REPORTING 

11.1. Reporting 

     11.1.1. Any breach of this policy or accompanying regulations either through a cyber-security breach of any sort or by an individual with access to restricted data should be reported immediately to the KCC committee who shall notify the Regulator with all available information to support an investigation. 

     11.1.2. In the case of an individual/s with access to private data allegedly breaching the policy or regulations: 

     11.1.3. an internal investigation will be conducted; 

     11.1.4. if found in breach, the individual may be subject to legal action; and 

     11.1.5. the matter will be reported to the Regulator simultaneously for further investigation.

ARTICLE 12. AMENDMENT OF THIS POLICY 

This policy shall be reviewed in January 2023 or sooner if changes to legislation require a review.

ARTICLE 13. EFFECTIVE DATE 

The policy is effective from 1 February 2022.