IOKI Privacy Policy

1. INTRODUCTION

1.1 IOKI Privacy Policy has been drafted in recognition of the South Africa Promotion of Access to Information Act 2 of 2000, Data Protection Act 1998 (United Kingdom) Data Protection Directive (European Union), Electronic Communications Privacy Act (United States).

1.2 This document lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data.

1.3 Threats to individual privacy are greater now than ever envisioned, Worldwide technologies and convergence facilitate the dissemination of data but, at the same time, pose enormous threats to individual (and corporate) confidentiality Accessible technological advances place greater opportunities for surreptitious surveillance in the hands of ordinary persons who access personal information for their own use or are used by the state to access such information.

1.4 A comprehensive personal dossier can now take minutes to compile electronically, and a digital camera or mobile phone can record images in an infinite variety of ways and circumstances.

1.5 The regulations behind privacy policies protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. EU General Data Protection Regulation (GDPR)

1.6 In the Republic of South Africa, the Regulator is responsible for the promotion and protection of the right to privacy as it relates to the protection of personal information and the right of access to information. In this regard, it exercises its powers and performs its functions in accordance with POPIA and PAIA and contained in the Vision of the Information Regulator “Our vision is to be a world class institution in the protection of personal information and the promotion of access to information.” Accompanied with, Mission and Values which can be read together.

1.7 Where there shall be a less strict law and a stricter law operational in any jurisdiction at the same time, the strict law shall apply to take cognizance in respect to being lawful in the same jurisdiction accordingly.

2. PRIVACY POLICY OBJECTIVE

2.1 To give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at—

2.1.1 Balancing the right to privacy against other rights, particularly the right of access to information; and protecting important interests, including the free flow of information within the Republic and across international borders.

2.1.2 Primary objective is to promote the protection of personal information processed by any person by promoting an understanding and acceptance of the conditions for the lawful processing of personal information and of the objects of those conditions

2.1.3 Making public statements in relation to any matter affecting the protection of the personal information of a data subject or of any class of data subjects.

3. PERSONAL INFORMATION SHARING

PERSONAL DATA SHALL BE:

3.1 Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

3.2 Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance GDPR regulations in relevance to GDPR Article 89(1) safeguarding and derogations relating to processing for archiving purposes, not be considered to be incompatible with the initial purposes (‘purpose limitation’);

3.3 Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);

3.4 Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay (‘accuracy’);

3.5 Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

3.6 Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

4. PROCESSING AND SHARING OF INFORMATION

Provisions contained in Art. 6 GDPR for lawfulness of processing shall apply. Which provisions include and not limited to Processing shall be lawful only if and to the extent that at least one of the following applies:

4.1 The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

4.2 Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

4.3 Processing is necessary for compliance with a legal obligation to which the controller is subject.

4.4 Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

4.5 Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4.6 Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, where the data subject is a child.

4.7 Institute of Key Individuals (Pty) Ltd may send personal identifiable information about its users to other companies or third parties should there be a need to share the user’s information to provide the product or service the user has requested.

4.8 Transferring, controlling, and securing of personal information.

4.8.1 Personal data cross board transfers

You acknowledge and consent that IOKI may extend or provide your details to foreign entities which may be regarded as affiliates, associates, partners only in the ordinary operations or day to day business processes to provide a service or effect a request made by the data subject (yourself or Client) to IOKI accordingly.

4.8.2 Personal Data control and Access

The control of your personal data maybe accessed from IOKI by contacting IOKI. You are within rights to request certain restrictions in how IOKI may use your data for surveys, public interest, other service advertisements, Company interests, third party requirements or correspondences and legitimate purposes.

4.8.3 Security of personal information

IOKI ensures the protection of the data subjects’ personal information by ensuring that expedient technical and institutional measures in respect to unauthorised or unlawful processing and against any other loss which could be accidental, incidental, or intentional leading to damage, destruction, ruin vandalism of the same data.

IOKI is dedicated to protecting and ensuring security of your Personal data. IOKI follows practical precautions and follows competent practices ensuring your data is not inaptly lost, exploited, misused, retrieved, accessed, divulged, disclosed, altered, distorted, transformed, reworked, or destroyed. This is achieved through effective policy implementation, procedures which are designed to guard against loss and unauthorised third parties.

Encryption software or encryption technology is implemented by IOKI to ensure that any information which is decoded or encoded through the internet is secure. This entails data pertaining to debit cards, account information, credit cards, passwords and related is always protected.

IOKI strives to ensure that all personal informational is always protected, though it cannot guarantee that information transmitted through internet or 3rd parties, systems, or websites which are not ours will always be protected. We ensure that we implement measures that all information is protected as far as is reasonably in our control.

5. PERSONAL DATA COLLECTED

5.1 IOKI will collect data to enable you to make use IOKI services, and for IOKI to provide services as you may request or require from IOKI. This information

RECORD SUBJECT TYPES OF RECORDS REASON
I. NAME AND CONTACT DATA
  • Full Name as per government issued ID
  • Identity Number.
  • Contact Number
  • Email address.
  • Apostilled or Certified proof of address.
  • Proof of address.
  • Registration number and/or
  • Passport Number,
  • Employment Status;
  • Perform fiduciary duties
  • Render services to
  • Client or User
ii. DATA OF CLIENT
  • Files of record.
  • Transaction files,
  • Articles and documents,
  • Digital works,
  • Information,
  • Data (involving the originating and destination numbers and IP addresses,
  • Time period of data or voice transmissions,
  • Any authorised persons to represent the Client or of a client upload or store on the IOKI System,
  • Material obtained from others on their behalf,
  • Data delivered to or acquired by IOKI) in connection with the IOKI Client relationship.
  • Billing or maintenance of the transmission),
  • Company details,
  • Data containing Personal Information and/or private information of the Client,
  • Related and relevant bodies in respect to the data acquired,
  • Authorised persons and its respective agents,
  • Employees,
  • The customers of the Client,
  • Client data includes KYC Information referred below.
  • Other data necessary for the establishment,
  • Perform fiduciary duties.
  • Understand patterns or data behaviour.
  • Render services to Client or User.
iii. CLIENT IDENTIFICATION DOCUMENTS
  • This data exclusively involving Client (Natural or Juristic) in addition other related organisations or persons to enable the functioning of verification and assessments required in terms of any law.
  • Continuity of Care: As well as being useful for effective communication, good documentation.
IV. STRATEGIC DOCUMENTS (LONGAND SHORT-TERM ORGANISATIONS PLANS AND REPORT)
  • Flow processes.
  • Management statements.
  • Organisational Policies
  • Organizational Profile (Vision, overview, Objectives, mission,Functions,)
  • Strategic Plan.
  • Annual Performance Plan.
  • Strategic and Performance related data.
  • Business Plans
  • Organogram
  • Annual Reports;
  • Financial statements
  • Company overhauling.
  • Enable IOKI to perform business modelling in respect of business Type.
  • Root cause analysis.
  • Governance implementation.
  • Service delivery.
V. PAYMENT DATA
  • This is data used to process payments.
  • Data includes payment facilitation through various instruments which include, debit card, credit card details, personal names.
  • Associated security codes with the above.
  • Facilitation of electronic payment processing to provide convenient payment options for rendering of services to Client.
VI. DEVICE AND USAGE DATA
  • This data includes payment history,
  • Data in respect to your connectivity and device,
  • Data for Configuration,
  • Help and assisting data.
  • Error reports and performance data,
  • Troubleshooting.
  • Enable client to access services through their device from IOKI.
VII. FEEDBACK AND RATINGS
  • Relates to surveys.
  • Customer service ratings.
  • Customer service feedback or research.
  • Information that you provide as feedback,
  • Survey data.
  • System and services
  • Reviews
  • Improve service delivery.
VIII. CONTENT
  • Relates to the content or any related content as follows.
  • Specific to files and communications that are classified as input, upload, download, receive, create, and control.
  • Additional content that we may collect includes communications which may be video, audio, email, call, video, text contained in a message, meeting request or chat, photos.
  • Images and software.
  • Or other media or documents that you store, retrieve or otherwise process using our System.
  • Data required to provide services to Client.
  • Company overhauling.
IX. DEMOGRAPHIC INFORMATION
  • This is data which pertains to age,
  • Gender,
  • Country or jurisdiction,
  • Preferred language data.
  • Observe age restriction pertaining to product availability.
  • Observe respective Country laws when rendering services.
X. TYPING DATA,TEXT,INKING
  • This is data collected, for example to assist us in autofill fields or make suggestions.
  • Provide convenience to Clients through understanding Client pattern and behaviour.
  • Provide convenience to Client through automation and understanding the Client behaviour.
XI. IMAGES
  • Comprises material like picture metadata.
  • Record incorporated into any picture related content including meta.
  • For Client library Catalog.
  • Provide services to Client.
XII. INTERACTIONS DATA
  • This pertains to information and data about the data subject interactions with IOKI.
  • Your use of IOKI website, System, and services.
  • Comprises data which you provide such as search queries, and data IOKI provide, an example is an error report.
  • Facilitate IOKI services.
  • Deliverables on automation of processing of information in observance of controls.
XIII. CONTACTS AND RELATIONSHIPS
  • Refers to how the system is integrated in respect to data for contacts and relationships while using the IOKI website.
  • Systems in place or services which enable sharing of information with others or any form of transmission or communication with others.
  • Develop value exchange between various IOKI user data subjects to facilitate IOKI deliverables.
  • System integration in transmission of communication.
XIV. FILMS VIDEO RECORDINGS
  • This pertains to recordings of meetings.
  • Events, ceremonies.
  • Security footage on premises or on site.
  • Footage from 3rd parties or Companies providing specialised video recording services and production (Green TV)
  • Maintain governance on security as relates to video recordings.
  • Provide reference in rendering services effectively with records of meeting
XV. LOCATION DATA
  • Pertains to data on your device’s location.
  • This maybe exact position or location relatively close.
  • Security reasons.
  • Provide location specific jurisdictional regulatory consulting.
XVI. OTHER INPUTS
  • Any other data acquired by data subject in the provision of services.
  • Website and related company devices,
  • System or services.
  • Tailormade requests requiring specific data to perform services.
  • Identifies issues, risks problems, or opportunities and determines appropriate activity or required action.
  • Identifies trends in data.
  • Understanding and analysing information to render effective services.
  • Gathers, compiles, collects, and interprets pertinent data using various data collection techniques.
  • Clearly documents sources and validates the precision of data/information to determine irregularities.
  • Assesses and investigates up-to- date information from various sources and in various formats.
  • Seeks additional resources when gaps and inconsistencies or variances in data are found.
XVII. THIRD PARTY DATA
      As relates to the following:

 

  • Specific Market data providers.
  • Official trends.
  • Legitimate and publicly available sources.
  • Developers involved in the process of design, creation, upgrade or maintain our website and System.
  • Social networks or connections including and no limited to social media where applicable.
  • Business reviews.
  • IOKI service providers.
  • Data extended or provided by data subject.
  • Representative of a person who has Consent and permission to provide information to IOKI,
  • For IOKI to provide access to the use of our website and requests,
  • System and services.
  • Other subscribed sources used in the fulfilment of the services required by you.
  • IOKI acquires data from third parties for rendering of services.
  • Data is protected that is obtained from third parties in accord with IOKI privacy statement and any necessities occurring from the source of the third- party data.
XVIII. COMPLAINTS
  • Receiving of complaints
  • Resolving a Complaint
  • Investigation of complaints
  • Conducting compliance or regulatory assessment.
  • Enforcement procedures and mechanism
  • Provide services to Clients and complaints resolution to assist and take care of Client needs.
xix. IOKI INTERNAL EXAMANITATIONS
  • This pertains to outsourced or internal systems and processes in place to perform behavioural psychometric tests.
  • Assessments.
  • Measure various attributes which maybe required in terms of skill, qualification, and experience by an Institution.
XX. QUALIFICATIONS.
  • Pertains to academic qualifications a data subject has.
    Relates to Continuous professional development as maybe required by the relevant industry practise.
  • Provide User Ideal Candidate for qualification criteria.
XXI. EXPERIENCE
  • Pertains to record of experience.
  • Confirmation letter, reference letter, referral letter as may relate.
  • Render services to user provide Candidate with adequate experience.

6. MARKETING

IOKI wishes to transmit to your additional information about its system, functional services, solutions that could potentially create value to your organisation.

By continuing to use this site, you consent to receive marketing information, notifications, messaging from IOKI.

You are hereby informed that you have a right to opt out or inform IOKI that you do not desire to be contacted or receive information at any time.

7. HOW WE COLLECT PERSONAL DATA

Data is collected through rendering of services and our interactions with the data subject through our platforms, social media, website and where related. Once you provide us data directly, collection of data in respect to interactions with our systems, software where relevant is obtained. We may also collect the data from third parties which include, government agencies and credit bureaus which constitute part of publicly available sources in the normal course and operations of a business.

The following classify as some of the data acquisition methods:

  • Request services on our website cookies or systems or to our company operating emails.
  • When you fill out an electronic form or any physical form in the request of services you require to be rendered to you by IOKI.
  • Through interactions on social media and any related forums, including Company events attended.
  • Communications with IOKI through your devices, which may include laptops, cell phone, tablet as where it relates.

8. COOKIES

The continued use of IOKI services or website is consent for the use of our cookies and that you agree to the terms and conditions, rules, cookies rules.

Cookies are required to provide you with the satisfactory experience in the use of our website and provision of services. Hereto, you agree and consent to the use of the purposes of cookies contained in the following text and privacy policy.

We use cookies to give you a great experience when engaging with our website and System. If you continue to use our website and/or System, you are agreeing to the use of cookies for the purposes outlined in this document.

9. COOKIE USAGE OUTLINES

The continued use of IOKI services or website is consent for the use of our cookies and that you agree to the terms and conditions, rules, cookies rules.

Cookies are required to provide you with the satisfactory experience in the use of our website and provision of services. Hereto, you agree and consent to the use of the purposes of cookies contained in the following text and privacy policy.

We use cookies to give you a great experience when engaging with our website and System. If you continue to use our website and/or System, you are agreeing to the use of cookies for the purposes outlined in this document.

Cookie Questionnaire and Outlines Description, Definition Or Purpose
I. DEFINE COOKIES
  • Cookies contribute to the user friendliness of the website.
  • Website cookies, also known as HTTP cookies, internet cookies or browser cookies, are small text files, which are stored on the user’s device while the user is browsing or using a website. Cookies on websites have a unique, randomly generated ID which is used to identify and remember the browser or device.
  • Cookies are used to extend provision of tailormade or bespoke services, by ensuring services, systems and website are functioning better for you.
  • The IOKI cookies vary and serve various purposes, for example which may be used for remembering, restoring a session, identifying preferences for the best experience with IOKI.
II. COOKIE CATEGORIES WHICH MAYBE USED. a. Functionality Cookies

  • Applied in the enhancement of performance of websites. Enabling certain functions to be available.
  • Information may include login data, region, language, and enhanced content which enable you to remember choices you make.
  • Functional cookies enable remembering services you have asked for before.
  • This data can be formatted to anonymised in the objective of prohibiting browser tracking.

b. Session cookies

  • Sessions are regarded as server-side files, these are used to store the user information, while Cookies are regarded as client-side files which have user data on a computer.
  • Sessions are cookies dependent, whereas Cookies are not dependent on Session.
  • The session upon the user closing the browser or when they log out from the application, whereas for Cookies these expire at the set time.
  • Thereto, upon closing your browser, the cookies are taken. These cookies maybe considered to permit the website and/or System to connect during the period of your browser session.

c. Strictly necessary cookies

These cookies permit the operation ability of the website, they permit IOKI to render the services they are providing to you.

A strictly necessary cookie is one that must be present for a website or app to provide its basic functions or remain secure. The GDPR permits organizations to liberally process data found in strictly necessary cookies, because if they were not able to, their service would cease to operate or be insecure.

d. First party cookies

  • This is a cookie which the website provider creates and stores.
  • The first party cookie is regarded as the website providers own cookie.
  • They are regarded as enabling one to move from one page to another on the same website.

e. Web beacons

  • Beacon cookies enable a company to track online behaviour of web users.
  • This entails the use of the client-side references embedded which are regarded as invisible references to the managed beacon objects contained within the content server.
  • The web beacons maybe used with accompanying Software to count visitors to the website.
  • These web beacons maybe disabled by the User by setting heir browser or restrict or block cookies.

f. Performance cookies (Statistics cookies)

  • The cookies collect information on how you use the website.
  • We collect this information to assess how visitors use our website only.
  • The data is collected as anonymous and is only intended to improve service deliver, integration of services, improve internal systemisation and related.

g. Third party cookies

  • This data entails Personal data in relation to age, gender, and location (if readable)
  • Website visited via the related cookie which was generated.
  • Visited website on Subpages and time spent on the subpages.
  • These cookies maybe outsourced and installed on our page and necessarily disclosures regarding these cookies will be performed.

h. Targeting or advertising cookies

  • Targeting cookies are called advertising cookies since they are mainly used for advertising.
  • This enables advertising closer to one’s interests.
  • This will enable to measure effectiveness of campaigns, provider better service delivery.
  • Cookie based targeting is also often referred to as cookie marketing.
  • Users see adds for products that appeal to them.

i. Traffic information & IP Address.

  • This entails the internet protocol of the packets origin, and the destination IP records where the packet is going.
  • This information pertains to device or gadget information that we keep.
  • Due to formatting and configuration to anonymous, no identifying of individual traffic data or site statistics occurs.

9. RIGHTS OF DATA SUBJECT:

Transparent information, communication, and modalities for the exercise of the rights of the data subject.

The Information Officer shall take appropriate measures to provide any information referred to in Articles 13 of GDPR“ Information to be provided where personal data are collected from the data subject” and 14 “Information to be provided where personal data have not been obtained from the data subject” and any communication under GDPR Articles 15 “Right of access by the data subject” relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means.

When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

The controller shall facilitate the exercise of data subject rights under GDPR Articles 15 to 22. In the cases referred to in GDPR Article 11, the controller shall not refuse to act on the request of the data subject for exercising his or her rights under Articles 15 to 22, unless the controller demonstrates that it is not in a position to identify the data subject.

The controller shall provide information on action taken on a request under GDPR Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. 2That period may be extended by two further months where necessary, considering the complexity and number of the requests. 3The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the controller does not act on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

These rights are not absolute: they do not always apply, and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

We hope that our Team can resolve any query or concern you raise about our use of your information. If not, you have a right to complain to the data protection regulator where you live or work, or where you think a breach of your personal information has taken place.

To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at admin@ioki.co.za.

PROTECTION RIGHTS OF DATA SUBJECT

The relevant data protection rights you would like to exercise can be performed through the following forms:

EXPRESSION OF RIGHTS FORM TYPE
Right to access: A small fee maybe charged if permitted by relevant law. FORM C
The right to rectification (Note. A representative from IOKI will contact you regarding the information which needs to be rectified). FORM B
The right to erase (Note. This request will be processed under certain conditions and only where permissible by applicable law and other legal restrictions). FORM B
The right to restrict processing (Note. This request will be processed under certain conditions where the restriction does not affect the provision of services or is not prohibited by applicable law). FORM D
The right to object to processing: I would like to object to the processing of my Personal Information (This objection will be processed under certain conditions and on reasonable grounds). FORM A
The right to portability, pertains to transfer of information collected from the data subject to another entity or organization. FORM E

PERIOD WE KEEP YOUR PERSONAL DATA ON RECORD

We will keep your Personal Information for a five (5) year period following the date of termination of the business relationship according to our Personal Information Retention Policy. After this period, your Personal Information will be irreversibly destroyed.

CHANGES TO OUR PRIVACY STATEMENT

We keep our Privacy Statement under regular review and place any updates on our website www.ioki.co.za . The version on the website will be the most recent unless otherwise stated.

CONTACT INFORMATION

Any questions on our privacy statement, information pertaining to data subjects we hold or if you wish to exercise your rights regarding your data, please refer to the accompanying form and submit it to our admin team @IOKI and it will be provided the information officer in less than 24 hours.

Should you not be satisfied with the information or should any information be found to be untrue or incorrect, please notify Institute of Key Individuals (Pty) Ltd on the following email address: admin@ioki.co.za

Trusted, Authentic, Professional