HILLS BUSINESS SOLUTIONS COMPANY SECRETARY PROCESSING NOTICE

1. PURPOSE OF THIS NOTICE AND TERMS USED

1.1 In order to do business, XXX (insert company registration number) and XXX (insert company registration number) (“we”, ”us”, “XXX” or “the company”) in our capacity as a Responsible Party, will have to process Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 4 of 2013 (hereinafter referred to as “POPIA”), which regulates and controls the processing of a legal entity’s and/or an individual’s Personal Information in South Africa, (hereinafter referred to as a “Data Subject”), which processing includes the collection, use, and transfer of a Data Subject’s Personal Information.

1.2 In terms of POPIA, where a Responsible Party processes a Data Subject’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.

1.2.1 In order to comply with POPIA, a Responsible Party processing a Data Subject’s Personal Information must:

1.2.2 provide the Data Subject with a number of details pertaining to the processing of the Data Subject’s Personal Information, before such information is processed; and

1.2.3 get permission or consent, explicitly or implied, from the Data Subject, to process his / her / its Personal Information, unless such processing:

1.2.4 is necessary to carry out actions for the conclusion or performance of a contract to which the Data Subject of the Personal Information is a party;

1.2.5 is required in order to comply with an obligation imposed by law; or

1.2.6 is for a legitimate purpose or is necessary to protect the legitimate interest (s) and/or for pursuing the legitimate interests of i) the Data Subject; ii) the Responsible Party; or iii) that of a third party to whom the Personal Information is supplied; or is necessary for the proper performance of a public law duty.

1.3 In accordance with the requirements of POPIA, and because your privacy and trust is important to all at XXX, we set out below how we, XXX and more importantly the XXX Company Secretary Department collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.

2. APPLICATION

2.1 This COMPANY SECRETARY PROCESSING NOTICE applies to the following persons:

2.1.1 Potential or actual employees directors, trustees, executives and/or committee members;

2.1.2 Potential or actual security holders or shareholders;

2.1.3 other persons or legal entities whose Personal Information is processed by the XXX Company Secretary Department, such as securities service providers, exchanges and stakeholders.

3. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION

3.1 Your Personal Information will be processed by XXX for the following purposes:

SUMMARY OF THE PURPOSE OF COLLECTION Lawfulness Consent required

Due diligence purposes – legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, such as your business details, your medical and health history and related records, education and employment history and qualifications, in the case of any directorship or executive position, as well as your credit and financial status and history, tax status, and B-BBEE status.

Lawfulness – YES Consent required – NO

Contract purposes – assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you, be it in relation to our securities or shares or in relation to an appointment as a XXX director, trustee or executive, and in order to manage such relationship.

Lawfulness – YES Consent required – NO

Attending to administration and financial matters – conclusion of a contract and legitimate interest: To manage and operate the activities of XXX, including providing director, trustee or executive and/or shareholder details to third parties, including banks, regulators and trading partners and service providers, to administer company secretarial records, books, records, accounts or profiles related to you as a director, trustee, executive or a securities holder or shareholder including registrations, subscriptions, issuing of share scripts, documenting and recording the purchase, sale and issuing of shares or securities, sending out meeting agendas and notices, recording meeting minutes and resolutions, attending to billing fees, costs and charges, carrying out calculations, quoting, invoicing, receiving payments or paying dividends or refunds, attending to tax payment, paying executive, trustee or director fees or expenses, and related taxes on their behalf, and performing reconciliations and financial management in general.

Lawfulness – YES

Consent required – NO

Communications – legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.

Lawfulness – YES Consent required – NO

Risk assessment and anti-bribery and corruption matters legitimate purpose: To carry out organizational and enterprise wide risk assessments, and due diligences, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to and to provide you with access to our goods and services or premises where applicable, and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving the XXX sites and operations or facilities and/or to exercise our rights and to protect our and others’ rights and/or property, including to take action against those that seek to violate or abuse our assets, systems, services, customers or employees and/or other third parties where applicable.

Lawfulness – YES Consent required – NO

Legal obligations, litigation, insurance and public duties: To comply with the law and legal obligations, including the requirement to register with regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to pay levies and fees due in respect thereof, by XXX or others, to submit legal or statutory reports or provide various regulatory or statutory notices or returns, to litigate and/or to pursue or defend legal claims or collections, to attend to insurance claims and related procedures, to respond to a request or order from a SAPSS official, investigator or court official, regulator, or public authority.

Lawfulness – YES Consent required – NO

Business and operational issues – compliance with law and manage the contract: To communicate, enforce and ensure that you comply with any applicable policies and procedure which pertain to and apply to directors. Trustees, executives or shareholders, conducting investigations and incident response activities, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.

Lawfulness – YES Consent required – NO

Occupational health compliance with laws: To manage in the case of directors, executives and trustees, occupational health and absence and fitness for roles and notifying family members in emergencies.

Lawfulness – YES Consent required – NO

Consent required – NO

Communications – legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.

Lawfulness – YES Consent required – NO

Risk assessment and anti-bribery and corruption matters legitimate purpose: To carry out organizational and enterprise wide risk assessments, and due diligences, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to and to provide you with access to our goods and services or premises where applicable, and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving the XXX sites and operations or facilities and/or to exercise our rights and to protect our and others’ rights and/or property, including to take action against those that seek to violate or abuse our assets, systems, services, customers or employees and/or other third parties where applicable.

Lawfulness – YES Consent required – NO

Legal obligations, litigation, insurance and public duties: To comply with the law and legal obligations, including the requirement to register with regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to pay levies and fees due in respect thereof, by XXX or others, to submit legal or statutory reports or provide various regulatory or statutory notices or returns, to litigate and/or to pursue or defend legal claims or collections, to attend to insurance claims and related procedures, to respond to a request or order from a SAPSS official, investigator or court official, regulator, or public authority.

Lawfulness – YES Consent required – NO

Business and operational issues – compliance with law and manage the contract: To communicate, enforce and ensure that you comply with any applicable policies and procedure which pertain to and apply to directors. Trustees, executives or shareholders, conducting investigations and incident response activities, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.

Lawfulness – YES Consent required – NO

Occupational health compliance with laws: To manage in the case of directors, executives and trustees, occupational health and absence and fitness for roles and notifying family members in emergencies.

Lawfulness – YES Consent required – NO

Travel – contractual: To facilitate business travel, travel-related support including conference attendance, bookings, and emergency support services.

Lawfulness – YES Consent required – YES

B-BBEE – compliance with laws: To comply with B-BBEE and monitor or report B-BBEE opportunities and related diversity issues, including but not limited to age, gender, ethnicity, nationality, religion, disability, sexual orientation, and marital or family status.

Lawfulness – YES Consent required – YES

Security purposes – legitimate purpose and to comply with laws: To permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.

Lawfulness – YES Consent required – YES

Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and or other notifications, programs, events, or updates that you may have registered or asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.

Lawfulness – YES Consent required – YES

Internal research and development purposes: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.

Lawfulness – YES Consent required – YES

Sale, merger, acquisition, or other disposition of our business – our Legitimate interest: To proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings).

Lawfulness – YES Consent required – YES

4. WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?

In order to engage and/or interact with you, for the purposes described above, we will have to process certain types of your Personal Information, as described below:

Contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, directorships, memberships or affiliations, your status with an organization, and similar data, which are required for various legitimate interest, contractual and/or lawful reasons.

Lawfulness – YES Consent required – YES

Specific identifiers, such as your fingerprints (access control or SAPS clearance purposes), race (B-BBEE), medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history (to protect our legitimate interests and to perform risk assessments), which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, and/or in order to accommodate you within the XXX facilities.

Lawfulness – YES Consent required – YES

Financial and account Information, such as billing address, billing contact details, and similar data, tax numbers and VAT numbers, banking details and similar data, which are required to perform contractual matters and to comply with laws.

Lawfulness – YES Consent required – YES

General communications, such as requests, general or specific communications, opinions, suggestions, questions, comments, feedback, and other information you send to us, which processing is done in order to protect legitimate interests, comply with legal obligations or public legal duties.

Lawfulness – YES Consent required – YES

Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and/or in order to accommodate you within the XXX facilities.

Lawfulness – YES Consent required – YES

Career, Education, and Employment Related Information, in the case of directors, trustees and executives, such as work performance and history, nationality and immigration status, demographic data, disability-related information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual related matters or which are required to comply with laws and public duties.

Lawfulness – YES Consent required – YES

Health records, in the case of directors, trustees and executives, such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual related matters or which are required to comply with laws and public duties.

Lawfulness – YES Consent required – YES

5. SOURCES OF INFORMATION – HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM

5.1 Depending on your requirements, we will collect and obtain Personal Information about you either directly from you, from certain third parties, or from other sources which are described below:

Direct collection:

You provide Personal Information to us when you:

·         express an interest in us;

·         respond to our communication sent to you;

·         make contact with or interact with us;

·         become a XXX director, shareholder, trustee or executive;

·         enquire about, or search for us or our goods or services;

·         create or maintain a profile or account with us;

·         conclude a contract with us;

·         purchase or subscribe to our goods or services, including our shares or securities;

·         register for or attend one of our events or locations;

·         request or sign up for information, including marketing material.

·         communicate with us by phone, email, chat, in person, or otherwise.

Automatic collection:

We collect Personal Information automatically from you when you:

·         search for, visit, interact with, or use our websites or social media portals or platforms;

·         use our goods or services (including through a device);

·         access, use, or download content from us;

·         open emails or click on links in emails or advertisements from us;

·         otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).

Collection from third parties:

We collect Personal Information about you from third parties, such as:

·         those who have a relationship with you;

·         regulators, professional or industry organizations and certification / licensure agencies that provide or publish Personal Information related to you;

·         third parties and affiliates who deal with or interact with us or you;

·         service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services;

·         marketing, sales generation, and recruiting business partners;

·         SAPS, Home Affairs, Credit bureaus and other similar agencies;

·         other government agencies, regulators and others who release or publish public records;

·         other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.

6. HOW WE SHARE INFORMATION

We share your Personal Information for the purposes set out in this Company Secretary Processing Notice with the following categories of recipients:

Client employees, directors, trustees, executives and affiliates. We may share your Personal Information amongst our employees, directors, trustees, executives and affiliates and the companies within Client for business and operational purposes.

Lawfulness – YES Consent required – YES

Business Partners. We may share your Personal Information with our business partners.

Lawfulness – YES Consent required – YES

Third Party Service Providers. We may share your Personal Information with our third-party service providers to perform tasks on our behalf and which are related to our relationship with you.

Lawfulness – YES Consent required – YES

IT and Cyber Third-Party Service Providers. We may share your Personal Information with our cyber service providers to perform tasks on our behalf and which are related to our relationship with you.

Lawfulness – YES Consent required – YES

PR Agencies and Advertisers. We may share your Personal Information with advertisers, advertising exchanges, and marketing agencies that we engage for promotional, advertising and printing of brochure services.

Lawfulness – YES Consent required – YES

Regulators and law enforcement agencies. We may disclose your Personal Information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request.

Lawfulness – YES Consent required – YES

Other Disclosures. We may disclose your Personal Information to third parties as part of our commercial activities, or if we reasonably believe that disclosure of such information is necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of XXX, our employees, its directors, trustees, executives, shareholders or stakeholders, or the public.

Lawfulness – YES Consent required – YES

Merger, Sale, or Change of Control. We may share your Personal Information to a third-party entity as part of a merger, acquisition, sale, or other change of control activity.

Lawfulness – YES Consent required – YES

7. SECURITY OF INFORMATION

7.1 The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing Personal Information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of Personal Information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.

7.2 Your Personal Information will be stored electronically and in some cases in hard copy in files and records, which information, for operational reasons, will be accessible to and/or provided to persons employed or contracted by us on a need to know basis.

7.3 Once your Personal Information is no longer required, such Personal Information will be retained in accordance with our Hills Business Solutions records retention schedule, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Processing Notice, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

7.4 Notwithstanding clause 7 and 8, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect Personal Information, we cannot guarantee its absolute security.

8.ACCESS BY OTHERS AND CROSS BORDER TRANSFER

8.1 Client may from time to time have to disclose your Personal Information to other parties, including Client subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and/or national governmental, provincial, or local government municipal officials, or overseas Client subsidiaries or trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.

8.2 Where your Personal Information is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which conditions in particular will be to a no lesser set of standards than those imposed by POPIA.

9.YOUR RIGHTS

9.1 You as a Data Subject have certain rights, which are detailed below:

The right of access – You may ask XXX (free of charge) to confirm that we hold your Personal Information, or ask us to provide you with details, (at a fee) on how we have processed your Personal Information, which request must be done by following the process set out under the XXX PAIA Manual.

The right to rectification – You have the right to ask us to update or rectify any inaccurate Personal Information which we hold of yours, which can be done by accessing the update / rectification request.

The right to object to and restrict further processing – Where we do not need your consent to process your Personal Information, but you are not in agreement with such processing, you may lodge an objection to such processing by accessing the objection request.

The right to withdraw consent – Where you have provided us with consent to process your Personal Information, you have to right to subsequently withdraw your consent, which can be done by accessing the withdrawal of consent request.

9.2 These rights may be exercised by using the relevant forms housed on the XXX website at : https://*****.com/legal-notices.

10.CHANGES TO THIS PRIVACY STATEMENT

  • 10.1 As XXX changes over time, this Processing Notice is expected to change as
  • 10.2 XXX reserves the right to amend the Processing Notice at any time, for any reason, and without notice to you other than the posting of the updated Processing Notice on the XXX Website.
  • 10.3 We therefore request that you to visit our Website frequently in order to keep abreast with any changes.

11.PROCESSING OTHER PERSONS PERSONAL INFORMATION

  • 11.1 If you process another’s Personal Information on XXX’s behalf, or which we provide to you in order to perform your contractual or legal obligations or to protect any legitimate interest, you will
  • 11.2 if you are processing such Personal Information as our Operator as defined under POPIA, process all and any such Personal Information in compliance with the obligations set out under our standard “Operator Agreement” housed on our website; or
  • 11.3 where not acting as an Operator, nonetheless keep such information confidential and secure as per POPIA and you will not, unless authorized to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and granted to you, and related to the duties assigned to you.

12.COMPLAINTS OR QUERIES – CONTACT US

  • 12.1 Any comments, questions or suggestions about this Processing Notice or our handling of your Personal Information should be emailed to our Information or Deputy Information officers at the details below:

(Hills Business Solutions insert company registration number)

1999/042371/23)

Information Officer Deputy Information Officer(s)
Insert both physical and Insert name of person Insert name of person
postal addresses e-mail address e-mail address
phone numbers – both phone numbers – both
direct and switchboard. direct and switchboard.

12.2 Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

12.3 Our offices are open 9:00 am – 00 pm GMT, Monday to Friday.

12.4 Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the  South  African,  Information  Regulator  who  can  be  contacted  at

https://inforegulator.org.za/

13.ACCEPTANCE AND BINDING NATURE OF THIS DOCUMENT

13.1 By providing Hills Business Solutions with the Personal Information which we require from you as listed under this Processing Notice:

you acknowledge that you understand why your Personal Information needs to be processed;

you accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross border;

13.2 where consent is required for any processing as reflected in this Processing notice, you agree that we may process this particular Personal Information.

13.3 Where you provide us with another person’s Personal Information for processing, you confirm that that you have obtained the required permission from such person(s) to provide us with their Personal Information for processing.

13.4 The rights and obligations of the parties under this Processing Notice will be binding on, and will be of benefit to, each of the parties’ successors in title and/or assigns where applicable. Should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf