1.1. This Privacy Notice describes how Statucor (Pty) Ltd. collects, processes, retains, and discloses your, our client’s, personal information in accordance with the requirements of the Protection of Personal Information Act (“POPIA”), the General Data Protection Regulation (‘GDPR’) and any other applicable laws or Regulations. This Notice will enable you to make an informed decision when signing the accompanying consent.
1.2. Statucor is committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
1.3. References herein that include “you”/ “your”/ “client” refers to the organisation that this correspondence was addressed to including the company, close corporation, Trust or such other entity that we are to engage with or already engaged with to render services to, together with its related group entities within its organization.
1.4. References herein to “Statucor”/ “us”/ “we” include Statucor (Pty) Ltd (registration number 1989/005394/07) together with its directly related group companies, BDO, which includes BDO South Africa Incorporated and its affiliated companies, all of whom form part of the South Africa BDO International Limited member firm. All local BDO companies are connected by common ownership and conform to BDO internal policies, ethic codes, procedures, and values.
2. PERSONAL INFORMATION THAT WE COLLECT
2.1. We may collect your personal information from a variety of sources which includes, but is not limited to, that which we obtain from you directly as well as personal information we collect from other sources, including commercially available sources, such as public databases (where permitted by law). Primarily, we endeavor to collect information directly from you.
2.2. The provision of your personal information is voluntary and may be withdrawn, with notice to us, at any time. Failure to provide this personal information may, however, prevent or delay services being provided and the fulfilment of our obligations in relation thereto.
2.3. Information that we collect directly from you:
2.3.1. The categories of personal information that we may collect directly from you (i.e., being the engaging company, close corporation or trust together with its related group entities within its organization where we render or may render services to) include the following:
18.104.22.168. Personal and contact details with related documents of your organization’s representatives including its prescribed officers, liaison representatives, directors, trustees, members and individual shareholders, beneficiaries or members. Personal information collected in this regard may include:
22.214.171.124.1. Names, age, date of birth, genders, identity/passport numbers and documents);
126.96.36.199.2. Phone numbers, email addresses, residential/business/postal address and mobile numbers;
188.8.131.52.3. Dates of appointments and resignations;
184.108.40.206.4. Shareholding, ownership or beneficiary information pertaining to the organisation; and
220.127.116.11.5. Declarations of Financial Interest, list of Directorships and Consent to Act or resignations as a Director, Trustee or Member of each current and historic governing body member as may be provided by such persons to the organisation from time to time.
2.3.2. Personal and contact details with related documents of your organization (including the engaging company, close corporation or trust together with its related group entities within its organization) include the following:
18.104.22.168. Current and historical information concerning registered and trading names, registration numbers and founding documents;
22.214.171.124. Phone numbers, email addresses, physical/business/postal addresses of the organisation and its contact representatives and related persons as described in 126.96.36.199 above together with their employment details such as job titles, employer/employee names, etc);
188.8.131.52. Economic or financial information and documents such as Annual Financial Statements, Management Accounts and details of Income, VAT, PAYE/UIF/SDL registration numbers and certificates;
184.108.40.206. Current, historical and prospective Organizational Structure information and documents pertaining to the ownership and governing body of the organisation and its structure as well as documents relating thereto such as Terms of References, Shareholder Agreements, Share Certificates, Transfer Deeds, etc;
220.127.116.11. Minutes and Resolutions of the organisation together with such information contained therein. Where we render minute taking services this information may extend to meeting recordings and meeting presentation documents and financial records (i.e. Board Packs, Management Accounts, etc);
18.104.22.168. Certificates and applications document as issued by or submitted to the companies and intellectual Properties Commission (“CIPC”) including the organisation’s constitutional and statutory amendment records together with such information contained therein;
22.214.171.124. Combined Company/Close Corporation or Trust Registers containing such information as contemplated in the Companies Act 71 of 2008 or the Trust Property Control Act 57 of 1988, inclusive of but not limited to sections 24, 26 and 50 of the Companies Act and Regulations 32 of the Companies Regulations of 2011 which prescribes various personal information to be recorded of the organisation’s current and historical structural, governing body and ownership information and transactions. This information further extends to the personal information pertaining to the organisation’s prescribed officers, authorised representatives, directors, trustees, members and individual shareholders, beneficiaries or members;
126.96.36.199. Generally, all or some of such statutory or financial records required to be held and information contained therein by the organisation for its companies, close corporations or Trusts as contemplated the Companies Act 71 of 2008, Trust Property Control Act 57 of 1988 or the Close Corporation Act 69 of 1984; and
188.8.131.52. Given the nature of our services and industry it is important to understand that we keep statutory related documentation and personal information pertaining to the organisation and its shareholders/owners/beneficiaries, subsidiaries, and group companies as well as its governing body members (i.e., Directors, Prescribed officers, Trustees, members or Committee Members). This information is stored for the benefit of and on behalf of the engaging party to assist it in complying with relevant statutory record and maintenance statutory laws as described above.
2.4. Information we collect from other sources
2.4.1. The following categories of personal information are collected from other sources such as the Companies and Intellectual Property Commission, the Master of the high Court, Financial Institutions such as your Bank; South African Revenue Services, South Africa Reserve Bank, your Auditors, etc.:
184.108.40.206. Personal and contact details with related documents of your organization’s representatives including its registered prescribed officers, directors or trustees. Personal information collected in this regard may include:
220.127.116.11.1. Names, age, date of birth, genders, identity/passport numbers and documents); and
18.104.22.168.2. Phone numbers, email addresses, residential/business/postal address and mobile numbers
22.214.171.124.3. List of Directorships with appointment and resignation dates in the organisation.
126.96.36.199.4. Generally other particulars so publicly accessible or disclosed by the institutes specified above.
2.4.2. Personal and contact details with related documents of your organization (including the engaging company, close corporation or trust together with its related group entities within its organization where we render services to such entities) include the following:
188.8.131.52. Current and historical information concerning registered names and registration numbers.
184.108.40.206. physical/business/postal addresses of the organisation and its governing body members.
220.127.116.11. Certificates and statutory amendment history information as well as the registered particulars of each company in the organisation’s group. Should the need arise then copies of any application or document lodged with CIPC or the Master of the high court in case of a Trust, including constitution or amendment applications and certificates, may be requested from such an institution.
18.104.22.168. CIPC Annual Return Lodgement historical information including the amount of Annual Prescribed Fees paid, Turnover declared and customer details that lodged such annual returns.
2.4.3. Registered particulars of the organisation so registered with and disclosed publicly by the applicable institution (CIPC / Master’s Office):
22.214.171.124.1. Company Names and past Names
126.96.36.199.2. Registration Number
188.8.131.52.3. Incorporation Dates
184.108.40.206.4. Entity Type information
220.127.116.11.5. Compliance Status
18.104.22.168.6. Income Tax Registration Numbers
22.214.171.124.7. Financial Year End Dates
126.96.36.199.8. Current and Past Auditor Names and Appointment or Resignation Dates
188.8.131.52.9. Registered Office Particulars
184.108.40.206.10. Location of Statutory Records Particulars
220.127.116.11.11. Personal details of current and past Directors and registered Prescribed Officers.
18.104.22.168.12. Historical Change/Amendment Summary
22.214.171.124.13. CIPC Annual Return Lodgements
126.96.36.199. Masters Office:
188.8.131.52.1. Registered Trust Name
184.108.40.206.2. Trust Registration number
220.127.116.11.3. Trustee Names and ID/Passport numbers
3. PERSONAL INFORMATION, PROCESSING OF PERSONAL INFORMATION
3.1. Personal Information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
3.1.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
3.1.2. information relating to the education or the medical, financial, criminal or employment history of the person;
3.1.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
3.1.4. the biometric information of the person;
3.1.5. the personal opinions, views or preferences of the person;
3.1.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
3.1.7. the views or opinions of another individual about the person; and
3.1.8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
3.2. Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
3.2.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
3.2.2. dissemination by means of transmission, distribution or making available in any other form; or
3.2.3. merging, linking, as well as restriction, degradation, erasure or destruction of information;
3.3. Personal information may only be processed if—
3.3.1. the data subject or a competent person where the data subject is a child consents to the processing;
3.3.2. processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
3.3.3. processing complies with an obligation imposed by law on the responsible party;
3.3.4. processing protects a legitimate interest of the data subject;
3.3.5. processing is necessary for the proper performance of a public law duty by a public body; or
3.3.6. processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
4. PURPOSE OF STATUCOR PROCESSING YOUR PERSONAL INFORMATION
4.1. As a professional services company your personal information may be collected and processed by us for the following purposes:
4.1.1. to perform the services and comply with the obligations set out in the relevant services contract or engagement letter concluded with you;
4.1.2. to conduct due diligences including, but not limited to, relevant conflict and risk assessments prior to accepting you as a client (which may include any criminal checks);
4.1.3. to correspond and communicate with you;
4.1.4. to ensure that our records are current and accurate;
4.1.5. to ensure we issue accurate invoices, statements or fee notes for our services;
4.1.6. to send you information about products and services which we think will be of interest to you;
4.1.7. to comply with legal and regulatory obligations to which we are subject to;
4.1.8. for insurance purposes;
4.1.9. for the detection and prevention of fraud, crime, money laundering or other malpractice;
4.1.10. in connection with legal proceedings;
4.1.11. for reference purposes in tenders, proposals, resume’s, marketing material and other similar submissions that Statucor may make to prospective clients for the purpose of demonstrating Statucor’s experience and expertise;
4.1.12. to comply with applicable legislation. A list of the applicable legislation in terms of which records are held by us can be found in our PAIA Manual;
4.1.13. to submit such information and documents as may be reasonably required or expected in terms of relevant laws and regulations to the relevant Regulators or Institutions such as CIPC in case of a Company, Close Corporation or Cooperative or to the Master of the High Court in the case of a Trust in order for us to carry out instructions received by you such as registering or updating the organisation’s governing body members, lodgement of annual returns and Annual Financial Statements or effecting such other statutory amendments as may be requested from you from time to time. It is noted that any information or documents submitted to CIPC could become publicly accessible from CIPC; and
4.1.14. to, where our service provides for such, keep and maintain your statutory records and all information pertaining thereto on your behalf and for your benefit as may be required by you in accordance with relevant legislations and regulations applicable to the entity concerned. This may include records and information such as the Combined Company/Close Corporation or Trust Registers as contemplated in the Companies Act 71 of 2008 or the Trust Property Control Act 57 of 1988, inclusive of but not limited to sections 24, 26 and 50 of the Companies Act and Regulations 32 of the Companies Regulations of 2011 and generally all such statutory or financial records required to be held and information contained therein by the organisation for its companies, close corporations or Trusts as contemplated in the Companies Act 71 of 2008, Trust Property Control Act 57 of 1988 or the Close Corporation Act 69 of 1984.
5. YOUR RIGHTS
5.1. Please let us know if any of the personal information that we hold about you changes so that we can correct and update the personal information on our systems.
5.2. Right of access to information:
5.2.1. You have the right to request confirmation as to whether we hold personal information related to you. You also have the right to request a copy of the personal information or a description of the personal information we hold about you. Submission of access request forms together with the details of the access request procedure can be found in our PAIA Manual.
5.3. Right to request correction or deletion of personal information:
5.3.1. You have the right to request, subject to any applicable law and where appropriate, the correction, updating or deletion of your personal information held by us. Submission of a request for correction or deletion forms together with the details of the request for correction and deletion procedure can be found in our PAIA Manual.
5.4. Right to object to the processing of personal information
5.4.1. In certain circumstances, such as when we process your information for our or your legitimate interests, you may object to the processing of your personal information, unless we are required to process the information on another bases, such as a legal basis. Submission of objection forms together with the details of the objection procedure can be found in our PAIA Manual.
5.5. Right to ask us to share your personal information in a usable format with another entity
5.5.1. We can provide the personal information in commonly used and machine-readable format.
5.6. Right to object to automated decision-making and profiling
5.6.1. Where we use automated decision-making or profiling to make decisions, you may object to this profiling. Alternatively, you may ask that a person review a decision made, or that you be provided with the logic around such a decision, so that you can make a representation in respect of the decision.
5.7. Right to unsubscribe from direct marketing
5.7.1. Where you do not wish to receive marketing communication from Statucor, you can unsubscribe from marketing emails by clicking on the unsubscribe link provided in each email.
5.7.2. We will still be able to contact you when there is important communication required to be sent.
5.8. Right to withdraw consent
5.8.1. Where you have given your consent to a particular type of processing, you may withdraw that consent at any time by contacting us using the contact details set out below.
5.9. Right to lodge a complaint with the information regulator
5.9.1. You have the right to lodge a complaint with the Information Regulator, in the prescribed manner and form, if you believe that we are interfering with the protection of your personal information. You can contact the Information Regulator on 010 023 5207 (telephone number) and can lodge a complaint via email on firstname.lastname@example.org.
6. INFORMATION SHARING
6.1. In general, we do not disclose or share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis or legitimate purpose for doing so.
6.2. We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment processing, data analytics and research. This may mean that we must share your personal information with these third parties in order process your information for the purposes set out above. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.
6.3. Other situations in which we may disclose your personal information to a third party, are:
6.3.1. to service providers who may need to perform part of the Services, which may include BDO South Africa Incorporated and its’ network firms;
6.3.2. to third parties who provide IT services, data processing or IT functionality services, for example cloud-based software providers, web hosting services, data analysis providers and data storage or backup providers;
6.3.3. to other Statucor regional offices for purposes of sending you information about products and services which we think will be of interest to you;
6.3.4. to fulfil our contractual obligations to you;
6.3.5. to insurers;
6.3.6. to our Regulators;
6.3.7. to Companies and Intellectual Property Commission, the Master of the high Court, Financial Institutions such as your Bank; South African Revenue Services and the South Africa Reserve Bank where we are required to do so to fulfil our services to you;
6.3.8. where permitted by law, to protect and defend our rights and property; and
6.3.9. when required by law, and/or public authorities.
6.4. We may also share aggregated personal information that cannot identify you for general business analysis, e.g. we may disclose the number of visitors to our websites or services.
6.5. We have agreements and security measures in place to ensure that all third parties to whom your personal information is disclosed comply with the terms and provisions of POPIA and any other applicable laws. We ensure that third parties fully understand the duties and obligations they become encumbered with in retaining the privacy and integrity of your personal information.
7. INFORMATION SECURITY
7.1. We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. You may request a copy of our Information Security and Privacy Overview Policy from us using the contact details set out below.
7.2. We require all staff, (Partners and/or Directors and employees) to keep personal information confidential and only authorised staff have access to this personal information.
7.3. We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.
8. INFORMATION TRANSFER
8.1. Where it is necessary, for the purposes of processing, your personal information may be transferred outside of South Africa in accordance with the appropriate data protection laws.
8.2. We anticipate that personal information may need to be transferred outside of South Africa for purposes of Annual Financial Statement XBRL Conversions and information or document cloud storage, and where we do so, we will ensure that the necessary safeguards are in place to protect personal information.
8.3. When your personal information is transferred to a country whose data protection laws do not provide an adequate level of protection for your personal information, we use the European Commission’s approved Standard Contractual Clauses to ensure that the appropriate mechanisms and safeguards are in place. If you wish to see a copy of the relevant mechanism that we use to transfer your personal information, please contact us using the contact details set out below.
9. CONTACT US
9.1. If you have questions or concerns regarding the way in which your personal information has been used, or should you have any questions about this Privacy Notice, please use the contact details set out below and provide the details relating to your query.
10. CHANGES TO THE PRIVACY NOTICE
10.1. Should we be required to collect additional personal information from you, we will send you an updated Privacy Notice.
11. DECLARATION AND INFORMED CONSENT
11.1. By continuing to make use of our services you consent to the processing of your information by us to render the service agreed upon or to be agreed upon as the case may be.
12.1. Should you at any point wish to revoke this consent, please contact us and we will assist you accordingly.
13. CONTACT DETAILS
13.1. You can contact our privacy champion at email@example.com.