top of page
Screenshot 2024-09-14 at 19.37.21.png

Facebook

LinkedIn

Data Processing Policy
 
Effective Date:  15 January 2024
Version: 1.5
 
Purpose
 
This policy outlines how Citi Grid Pty Ltd processes personal data to ensure compliance with the Protection of Personal Information Act (POPIA) and maintain the integrity, security, and confidentiality of personal information.
 
Scope
 
This policy applies to all employees, contractors, and third-party service providers of Citi Grid Pty Ltd who process personal information as part of their work.
 
 
Definitions
 
Data Subject - The person to whom the personal information relates.
Personal Information: Any information that identifies a person, such as name, contact details, ID number, financial data, etc.
Processing - Any operation involving personal information, including collection, storage, use, dissemination, or destruction.
Responsible Party: Citi Grid Pty Ltd, as the entity determining the purpose and means of processing personal information.
 
Policy Principles
Citi Grid Pty Ltd is committed to upholding the 8 conditions for lawful processing of personal information as stipulated by POPIA:
 
Accountability
Citi Grid is responsible for ensuring compliance with POPIA in all data processing activities.
 
Processing Limitation
Personal information will only be processed in a lawful and reasonable manner. Consent must be obtained from the data subject where required.
 
Purpose Specification
Information will only be collected for specific, explicitly defined, and lawful purposes. Data will not be used for purposes other than those agreed to by the data subject.


 
Information Quality
Citi Grid will take reasonable steps to ensure that all personal information is complete, accurate, and up-to-date.
Openness
Data subjects will be informed about the purpose of collecting personal information and their rights regarding their data.
 
Security Safeguards
Appropriate technical and organizational measures will be implemented to prevent unauthorized access, loss, or damage to personal information. Security breaches must be reported to the Information Regulator and affected parties.
 
Data Subject Participation
Data subjects have the right to access their personal information, request corrections, and object to processing in certain cases.
 
Key Procedures
 
Collection of Personal Information : 

  • Personal data will be collected directly from the data subject unless otherwise authorised by law.

  • Data subjects must be informed of:

  • The purpose of data collection.

  • Whether providing data is mandatory or voluntary.

  • The consequences of failing to provide information.

 
Consent Management

  • Explicit consent will be obtained where required.

  • Records of consent will be maintained and accessible.

 
Data Retention and Disposal

  • Personal information will be retained only as long as necessary for its purpose or as required by law.

  • Data will be securely deleted or anonymized when no longer needed.

 
Access and Amendments

  • Data subjects may request access to their personal information by contacting Citi Grid’s Information Officer.

  • Citi Grid will respond to access requests within a reasonable time as per POPIA regulations.

 
Third-Party Data Sharing

  • Personal data may only be shared with third parties if:

  • There is a legal obligation.

  • The data subject has given consent.

  • A contractual agreement ensures the third party’s compliance with POPIA.

 
Security Measures

  • Data encryption, secure passwords, firewalls, and restricted access controls will be used to safeguard personal information.

  • Employees must report any potential or actual data breaches immediately.

 
Roles and Responsibilities

  • Information Officer: Responsible for POPIA compliance and overseeing the implementation of this policy.

  • Employees and Contractors: Required to adhere to this policy and report any concerns or breaches.

 
Data Breach Response
In case of a data breach, Citi Grid will:
 

  1. Notify the Information Regulator and affected data subjects within a reasonable time.

  2. Investigate and document the breach’s cause and impact.

  3. Implement corrective measures to prevent future breaches.

 
Training and Awareness
All employees handling personal information will undergo regular training on POPIA and the company’s data processing protocols.
 
Policy Review
This policy will be reviewed annually or whenever there are significant changes in relevant laws or company processes.
 
Contact Information
For queries or to exercise data-related rights, please contact:
Information Officer: Keshan Kana Patel
Email: serivces@citigrid.co.za
Phone: 0825728220
 

bottom of page