Guide To Navigating POPI

Similar documents
PART 3/3 DEMYSTIFYING THE INBOX

MOBILE.NET PRIVACY POLICY

Privacy Policy. Revisions to this Policy. What Information we collect. How do we collect Information?

SeelogicMail Terms and Conditions

REPORT OF THE ADJUDICATOR

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

PRIVACY POLICY QUICK GUIDE TO CONTENTS

WHITEPAPER BlueHornet. bluehornet.com

Canadian Anti-Spam Legislation (CASL)

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

2.1. Information you provide when you use the Digital Services (including any contact, payment or demographic information).

Vodafone Location Services. Privacy Management Code of Practice. Issued Version V1.0

TIA. Privacy Policy and Cookie Policy 5/25/18

We may change the privacy notice from time to time by amending this page.

Intro. So, let s start your first SMS marketing legalese class!

Sketching for UX Designers Website & Newsletter Privacy Policy

Sarri Gilman Privacy Policy

ETSY.COM - PRIVACY POLICY

VETS FIRST CHOICE PRIVACY POLICY FOR PARTICIPATING VETERINARY PRACTICES

Spree Privacy Policy

Oracle Eloqua s User Guide

All-In-One Cloud-Based Blaster

Canadian Anti Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS

What This Policy Covers

Canada's Anti-Spam Legislation

Kährs Group s Privacy Policy

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Cognizant Careers Portal Privacy Policy ( Policy )

Cellular Solutions and Services Limited and Cellular Solutions and Network Services Privacy Policy

PORTICO PRIVACY NOTICE

Element Finance Solutions Ltd Data Protection Policy

Privacy Policy Statement Last update 25 th May 2018.

1 Privacy Statement INDEX

VETDATA PRIVACY POLICY

ADMA Briefing Summary March

PS Mailing Services Ltd Data Protection Policy May 2018

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Canadian Anti-Spam Legislation (CASL)

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Privacy notice. Last updated: 25 May 2018

How to Stay Compliant with SMS Marketing

Our Privacy Policy. Last modified: December 12th Summary of changes can be consulted at the bottom of this Privacy Policy.

MailChimp Basics. A step by step guide to MailChimp Course developed by Virginia Ridley

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Website Privacy Statement

2.1 Website means operated and owned by UCS Technology Services, including any page, part of element thereof;

Learning Management System - Privacy Policy

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

SYDNEY FESTIVAL PRIVACY POLICY

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

OBTAINING CONSENT IN PREPARATION FOR GDPR

Tracking 101 DISCOVER HOW TRACKING HELPS YOU UNDERSTAND AND TRULY ENGAGE YOUR AUDIENCES, TURNING INTO RESULTS

Privacy Notice Q-UK-PO02

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

Oracle Eloqua s User Guide

Privacy Policy GENERAL

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

What is the website's privacy policy?

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

1. How we process Personal Data from and about you.

BoostMyShop.com Privacy Policy

NSDA ANTI-SPAM POLICY

We reserve the right to modify this Privacy Policy at any time without prior notice.

SALES LEAD MULTIPLIER INC. PRIVACY POLICY

Privacy Policy. About Us

A Homeopath Registered Homeopath

Data Privacy Policy Updated: Q2-2018

Data Protection Policy - Sustainable Hackney

Privacy Policy. Effective date: 21 May 2018

Information we collect in connection with your use of MoreApp's Services; and

PRIVACY NOTICE Olenex Sarl

Privacy policy. Privacy Policy

What kind of information does MLW Air collect and how does MLW collect it?

The Luma Learn website is a e-commerce site. By using the Luma Learn website, you consent to the data practices described in this statement.

Getting into Gmail and other inboxes: A marketer's guide to the toughest spam filters

Privacy Policy. Full name and contact details (including your contact number, and postal address).

1. provide and communicate with you about the Services or your account with us,

At Sound United, we re committed to protecting and respecting your privacy.

Shaw Privacy Policy. 1- Our commitment to you

Canada s Anti-Spam Legislation (CASL) What it means for Advisors. Distributor Learning & Development

PRIVACY POLICY Commitment to Privacy

Conjure Network LLC Privacy Policy

Privacy Policy. How we handle your information you provide to us. Updated: 14 March 2016

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Privacy Policy Effective May 25 th 2018

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Last updated: 25 May 2018

Creative Funding Solutions Limited Data Protection Policy

For clarity, the following phrases and words are defined as shown below when used in the context of our Terms and Conditions:

Introduction. The website. E-newsletter. Use of cookies

Brasenose College ICT Systems Privacy Notice (v1.2)

Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):

PRIVACY POLICY. 1. Introduction

center Guide to GDPR

We may change the privacy notice from time to time by amending this page.

PRIVACY POLICY CHILDREN S PRIVACY

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

The New Data Protection Law a Basic Guide

Transcription:

Guide To Navigating POPI July 2014

Table of Contents Introduction 3 About this Guide 4 10 Points to Consider on the Road to POPI Compliance 5 - Specific Business Purpose or Consent 6 - Maintain the Quality of Your Data 7 - Keep Accurate Records of all Processing 8 - Ensure Safety and Security of Data 9 - Get Consent to Store Data Offshore 10 - Consent must be Obtained to Communicate to Prospective Customers 11 - General Consent Versus Specific Consent 12 - Direct Marketing to Customers 13 - Transparency of the Sender 14 - Buying of Databases 15 Contact Us 16 Guide To Navigating POPI 2

Introduction The introduction of the Protection of Personal Information Act (POPI) puts the onus on companies and individuals to respect and protect the personal information they process in the course of routine business, including personal information of customers, prospective customers, employees, and suppliers. It is not limited to people but also applies to information about organisations, including communities and corporate entities. POPI has already been passed into law, but the act provides for a one-year grace period for businesses to become compliant. At the publishing date of this guide, the one-year grace period had not yet commenced due to its pending announcement. Guide To Navigating POPI 3

About this Guide This guide provides a summary of some of the important areas in the POPI Act that Everlytic customers should be aware of in order to become compliant. We include general guidelines on storage and processing of personal information for the purposes of direct marketing as well as specific guidelines on how to utilise Everlytic features to comply. Please Note: This is not a comprehensive guide to POPI, nor should it be considered any form of legal advice. Foolish Assumptions: In writing this guide, we assume a few things: You are currently a user of Everlytic s software You want to make sure that you are complaint with the POPI Act and do NOT want to receive a fine of up to R10 million or face 10 years jail time. Icons Used in this Guide: This guide uses the following colour boxes to call to your attention information you may find helpful: Small tips to make your journey to compliance a bit easier. WARNING Pay attention to this information, to save yourself a headache or possibly even a couple of million cents. This shows you how an Everlytic feature can make your compliance life easier. Guide To Navigating POPI 4

10 Points to Consider on the Road to POPI Compliance Guide To Navigating POPI 5

1 Specific Business Purpose or Consent POPI requires you to have a particular business purpose for the storage of personal information or explicit consent from the subject. Storing an email address or cell phone number of a recipient who has opted into a newsletter is considered acceptable, but recording someone s religious affinity may not be. Keep an ongoing compliance document which details why your business needs each information field and be prepared to be able to substantiate for each field beyond the standard because it is nice to have. Everlytic stores the date and time that a recipient subscribes to your newsletter which can be used as proof of consent. Guide To Navigating POPI 6

2 Maintain the Quality of Your Data Personal information must be kept up-to-date and a process must be in place to allow an individual to request and update his or her personal information. If the personal information is no longer being used for a particular business purpose it must be deleted or de-identified so that it cannot be associated back to an individual or company. If you have a list of contacts that you have stopped communicating to, this must be deleted. If, however, you have an email address or cell phone number of a recipient who has unsubscribed from a list or complained about spam, you can legitimately retain this information to ensure the contact is always filtered out of any communication. Consider having a permanent option on your mailers to make it easy for your customers to update their details. Update profile feature: one click real-time updating of personal information directly into the database. Guide To Navigating POPI 7

3 Keep Accurate Records of all Processing POPI requires that records be kept of what is done with the personal information. This will include all processing such as when the contact was imported or subscribed, when you sent the contact emails or SMSes, or when they unsubscribed. It is important to have this information on hand should you receive complaints from the recipients who believe your company may have or has contravened the act. Contact reporting detailed log and message archives of every interaction you have had with a contact including the date they subscribed, updated their profile, received messages and unsubscribed. SMS on bounce notifies a contact that their email address bounced and allows them to send an updated email address via SMS which will automatically update their details on the database. Guide To Navigating POPI 8

4 Ensure Safety and Security of Data Ensuring the safety and security of data at all times becomes crucial to comply with POPI. Security procedures must be in place for passwords and individuals who have access to any system where the data is stored. You can enhance your security features by IP locking access systems to specific areas such as inside your building. These security measures must extend to all internal processes to ensure compliance when personal information is handled outside of the system. For example, if you email contact lists internally. IP locking of application: restrict access outside of your building even if passwords are lost. Login failure notifications: the administrator of the account can set up notifications on failed login attempts. Should this happen the logins may be investigated and reset. Guide To Navigating POPI 9

5 Get Consent to Store Data Offshore Many service providers in South Africa store their data in the USA. Under POPI, you are required to get consent to store personal information outside of the borders of South Africa. or referring to it when recipients subscribe to your newsletter. You can also refer to it in the footer of your emails to gain consent from existing subscribers. This can be obtained from your contacts by including a clause in your privacy statement on your website Be sure to check and understand in which country all your company s data is being stored, so that you can take the necessary actions to comply and avoid any potential fines. At Everlytic, all data is stored locally when you select our POPI compliant local solution. Alternatively our data is stored in the US and you would have to inform your clients accordingly. Guide To Navigating POPI 10

6 Consent must be Obtained to Communicate to Prospective Customers While best practice email and SMS marketing has always worked this way, the law now compels us to do so. It is now against the law to use direct marketing tactics to sell to a prospective customer without their consent. You may however contact a recipient once, to obtain this consent (an opt-in campaign) and if they do not explicitly provide you with consent all future communications must cease. Once a recipient opts-in, a method of unsubscribing must be provided as is the current standard practice. The double opt-in process can be used which will send the recipient a further mail to confirm their opt-in. This prevents false subscriptions (subscribing with someone else s email address). Double opt-in automatically send a confirmation mailer when a client subscribes to a newsletter to prove consent and avoid false subscriptions. Guide To Navigating POPI 11

7 General Consent Versus Specific Consent Under POPI you will need to get consent for the direct marketing of specific products / services or ranges of products / services. You may not market other unrelated products / services. For example, if a prospect optsin to receive travel deals, you cannot market beer to them. Provide a detailed description of what information subscribers will receive on your subscription web-form to avoid any confusion. Your initial communication to prospects should accordingly be wide enough to encompass all ranges or future ranges of products / services you will be communicating to them about. A commonly used tactic is providing the prospective with a tick box list of items, which you offer for them to indicate what they would like to hear about. Click triggers: You can set Everlytic up to automatically subscribe someone to a list if they click on a link inside a mailer. This is useful to get subscribers to opt-in to newsletters with different content. The system keeps a log of people that subscribed on the link as proof of consent. Guide To Navigating POPI 12

8 Direct Marketing to Customers Direct marketing to customers is permitted under POPI without having to get their explicit consent. All other rules still apply though, including being able to only market similar products or services to them. Ask for consent to market to your customer at the point of sale, i.e. put a tickbox on your sign up form, contracts or quotations. Guide To Navigating POPI 13

9 Transparency of the Sender All communications must include the identity and contact details of the sender. Ensure that your company information is a standard part of every email you send. It is also good practice to ensure that your email footer has a complaints link to provide recipients with an option to complain to you if they feel a violation of their privacy has occurred. It is better to receive these complaints and deal with them directly rather than to be reported to the authorities. Ensuring that your mailer is well branded is not only good marketing but also removes any doubt in the consumer s mind as to who they are receiving the communication from. Complaints handling: One click complaint reporting and integrated spam feedback loops with major web email clients (e.g. Yahoo, Hotmail) and active complaints monitoring by our reputation team. Default footer: One click and Everlytic will automatically append a POPI compliant footer at the end of every email you send including the full details of the sender. Guide To Navigating POPI 14

10 Buying of Databases Purchasing contact information from a third party vendor has never been allowed by Everlytic, but the law has up until now not restricted it. The POPI act states that a vendor may only pass on information to a third party if they have permission from the recipients to do so. If a marketer receives a database from a vendor (even if they have never sent a message to that database), the vendor may already have infringed POPI and thus you too would be held liable. Do not accept a database from a third party unless you know the vendor has explicit permission from the recipients to pass their personal information on. Everlytic has never allowed the purchasing of contact information from a third party vendor. This was done in order to protect the reputation of our senders as well as to avoid being blacklisted by mail hosting companies. Users are asked to tick to agree to the spam policy when they upload their database to ensure they understand they can t upload bought databases. Guide To Navigating POPI 15

Contact Us HEADQUARTERS JOHANNESBURG Ground Floor, Rosebank Corner Cnr Jan Smuts & 7th Avenue Parktown North Johannesburg Tel: +27 11 447 6147 Email: sales@everlytic.com CAPE TOWN 5th Floor Canal Walk office East Towers Century Boulevard Century City 7441 Tel: +27 21 201 7444 Email: sales@everlytic.com If you like what you see and would like to know more about Everlytic... Guide To Navigating POPI 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback