NTE (Pty) Ltd Protection of Personal Information Act (POPIA) Policy

Effective Date:
15 Jan 2025

Version: 1.2

1. Introduction and Purpose

NTE (Pty) Ltd (“NTE,” “the Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal information of all individuals with whom we interact. This policy outlines how NTE collects, processes, stores, and protects personal information in compliance with the South African Protection of Personal Information Act, No. 4 of 2013 (POPIA).

The purpose of this policy is to ensure that personal information is processed lawfully, fairly, and transparently, respecting the rights and privacy of data subjects.

2. Scope

This policy applies to:

• All directors, employees, contractors, and temporary staff of NTE.
• All personal information processed by NTE, regardless of how it is collected, stored, or accessed.
• All data subjects whose personal information is processed by NTE, including employees, job applicants, customers, suppliers, service providers, visitors, and any other third parties.
• All systems, networks, and applications used in the processing of personal information by NTE.

3. Key Definitions (as per POPIA)

• Data Subject: The person to whom personal information relates.
• Information Officer: An individual designated by the Company to ensure compliance with POPIA.
• Personal Information: Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. This includes, but is not limited to: name, contact details, ID number, financial information, employment history, physical address, race, gender, health, biometric information, and private correspondence.
• Processing: Any operation or activity concerning personal information, including collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure, or destruction.
• Responsible Party: The public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. (NTE is the Responsible Party).
• Operator: A person who processes personal information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party.

4. The Eight Conditions for Lawful Processing of Personal Information

NTE adheres strictly to the eight conditions for lawful processing as set out in POPIA:

4.1. Condition 1: Accountability NTE, as the Responsible Party, will ensure that the conditions for lawful processing are complied with when determining the purpose and means of processing personal information. We have designated an Information Officer who is responsible for overall POPIA compliance.

4.2. Condition 2: Processing Limitation

• Lawful Basis: Personal information will only be processed if it is adequate, relevant, and not excessive for the purpose for which it is processed. Processing will be based on a lawful ground (e.g., consent, contract, legal obligation, legitimate interest).
• Collection Purpose: Personal information will be collected directly from the data subject, unless circumstances permit otherwise (e.g., public records, consent, legal obligation).

 

4.3. Condition 3: Purpose Specification

• Personal information will be collected for specific, explicitly defined, and legitimate reasons related to NTE’s functions or activities (e.g., employee management, customer service, supplier relations, manufacturing processes).
• Data subjects will be informed of the purpose of collection at the point of collection.

 

4.4. Condition 4: Further Processing Limitation

• Personal information will not be processed further in a manner that is incompatible with the initial purpose for which it was collected.
• Any further processing will be compatible with the original purpose or based on the data subject’s consent, legal obligation, or other POPIA exceptions.

 

4.5. Condition 5: Information Quality

• NTE will take reasonably practicable steps to ensure that the personal information collected is complete, accurate, not misleading, and updated where necessary.
• Data subjects are encouraged to notify NTE of any changes to their personal information.

 

4.6. Condition 6: Openness

• NTE will maintain documentation of all personal information processing activities.
• Data subjects will be notified when their personal information is collected, and they will be informed of NTE’s identity, the purpose of collection, and their rights.
• This policy, and other relevant privacy notices, will be readily accessible.

 

4.7. Condition 7: Security Safeguards

• NTE will implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised destruction, and unlawful access or processing.
• Security measures include physical safeguards (e.g., secure offices), technical safeguards (e.g., encryption, access controls, firewalls), and administrative safeguards (e.g., policies, training).
• Where an Operator processes personal information on NTE’s behalf, a written contract will be in place requiring the Operator to implement similar security safeguards.

 

4.8. Condition 8: Data Subject Participation

• Data subjects have the right to request access to their personal information held by NTE.
• Data subjects have the right to request the correction, deletion, or destruction of inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or unlawfully obtained personal information.
• Requests must be submitted in writing to the Information Officer.

 

5. Roles and Responsibilities

• Information Officer: Contact at info@nte.co.za
  
  • Develop, implement, and monitor POPIA compliance.
  • Handle requests from data subjects.
  • Liaise with the Information Regulator.
  • Ensure staff training and awareness.
• Management:
  
  • Ensure compliance with this policy within their respective departments.
  • Support the Information Officer in their duties.
• All Employees/Contractors:
  
  • Understand and comply with this policy.
  • Report any suspected or actual data breaches immediately to the Information Officer.
  • Handle personal information with care and respect.

 

6. Data Subject Rights

Data subjects have the right to:

• Access: Request confirmation whether NTE holds personal information about them, and to request a copy.
• Correction/Deletion: Request correction, deletion, or destruction of their personal information.
• Object: Object to the processing of their personal information in certain circumstances (e.g., for direct marketing).
• Complain: Lodge a complaint with the Information Regulator if they believe their rights have been infringed.

 

7. Data Breach Management

In the event of a suspected or actual data breach (unauthorised access to or acquisition of personal information), NTE will:

• Immediately assess the scope and impact of the breach.
• Take all reasonable steps to contain and remediate the breach.
• Notify the Information Regulator and affected data subjects as soon as reasonably possible, where required by POPIA.

 

8. Training and Awareness

NTE will provide regular training and awareness programs to all employees and contractors who process personal information to ensure they understand their obligations under POPIA and this policy.

9. Monitoring and Review

This policy will be reviewed at least annually, or more frequently if there are significant changes to POPIA, industry regulations, or NTE’s processing activities.

10. Contact Information

For any queries or requests related to this POPIA Policy or the processing of personal information by NTE, please contact:

Telephone: +27 33 392 4800

Email: info@nte.co.za

Physical Address:

NTE House
1 George McFarlane LN
Town Hill 
Pietermaritzburg
3201