Sign In | Register
Policies-Privacy Policy

Privacy Policy

1.   INTRODUCTION

The Institute of Directors in South Africa NPC (hereafter “IoDSA") respects your privacy and your Personal Information. This Privacy Policy together with the IoDSA PAIA Manual aims to let you know how the IoDSA will treat any Personal Information that it may have about you and how you can access such Personal Information held. The IoDSA will take all reasonable measures, in accordance with this Policy, to protect your Personal Information and to keep it confidential.

The IoDSA is the responsible party or controller accountable for any processing of Personal Information on the IoDSA website.

 
2.   DEFINITION OF PERSONAL INFORMATION
 
Personal Information is “Personal Information” as defined in terms of section 1 of the Protection of Personal Information Act 4 of 2013 (“POPIA”).  This is information relating to an identifiable, living natural person or existing juristic person. Please refer to POPIA for a detailed definition and various types or categories of Personal Information.

 

3.   CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION COLLECTED

The IoDSA only collects general Personal Information (some of which may be publicly available) and aims to only collect that Personal Information which is necessary for it to carry out its Services and other facilities provided to you. The IoDSA collects the following categories of Personal Information:

  1. Member – such as name, contact details, email, physical and postal addresses, company details, designations, professional experience, work experience (CVs) and qualifications. Member profiles provide for other information to be provided but this is voluntary information that can be provided at the discretion of the member.
  2. Alumni (Training and Event Delegates and past Corporate Clients) – such as name, contact details, email, physical and postal addresses, company details and documents (where necessary), dietary requirements, and allergies. With regards to Corporate Services company documents required for services and specifically in respect to Board Appraisal Services, director’s personal opinions on the performance of the board are collected and stored for the purposes of reporting. 
    Further information may be requested by the IoDSA depending on the Service being provided or for statistical or healthy and safety reasons.
  3. Director Designations – same information as per Members above including records of results and decisions, certification records such as date awarded, and such information as may be required from the South African Qualifications Authority from time to time.
  4. Suppliers/Procurement – such as company name, address and contact details, banking details, VAT number and BEE certificate/level information.
  5. Website -  such as general website page analytics and usage information through the use of cookies (all such information is un-identifiable information for the purposes of POPIA, see IoDSA Cookie Policy for further detail); as well as in some instances website user (i.e. non-member and alumni) name and contact details for access to specific IoDSA content/services not freely available to the general public.
  6. Employees – all applicable employee information required to be kept from a labour law perspective and running of the organisation. Such information relates to internal employees and not external clients. As such the rest of this Policy will not cover Employee Information as this is dealt with in IoDSA internal HR Policies. Furthermore, external parties (unless with applicable court orders or legal reasons) shall not have access to such Employee Information. The Personal Information relating to children may be collected in so far as it relates to the children of the IoDSA employees and where so required by law, this may include the name, surname and date of birth or identity number of the child.

The IoDSA may collect “Special personal information” this includes information relating to race, ethnical origin, health, biometric information and criminal behaviour of a data subject. Any such collection will be subject to the protocols prescribed under the applicable law.

 

4.   HOW PERSONAL INFORMATION IS COLLECTED

Your Personal Information is obtained directly from you either via online forms on the IoDSA website, email communications, requests for proposals, hard copy forms submitted to the IoDSA (such as training facilitator review forms); and on occasion telephonically (only under specific circumstances and at your request). In instances where Corporate Clients require services, the Corporate Client representative may provide individual director information to the IoDSA. It is the responsibility of the Corporate Client to ensure it has consent from such individuals to share their general personal contact information.


5.   PURPOSE FOR COLLECTING PERSONAL INFORMATION

The IoDSA collects Personal Information for the following purposes:

  1. To provide you with services offered and requested.
  2. To understand your specific needs and requirements, and in order to improve the IoDSA member benefit, service and value offering.
  3. To provide you with IoDSA communications in relation to the services being rendered, and keeping you informed of governance related updates.
  4. To provide you with IoDSA related marketing material due to your past interaction and use of the IoDSA services.
  5. To ensure payment to suppliers for services procured.
  6. For health and safety purposes.For statistical, historical and/or reporting purposes. 

The IoDSA will always ask for your permission before it uses your Personal Information for any purpose not disclosed above or unrelated to the operations/services of the IoDSA and its use in the ordinary course of business.

 

6.   YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION

Under certain circumstances, you have rights under information protection laws in relation to your Personal Information. These include the:

  • Right to be Informed: You have the right to know how your Personal Information is collected and used. 
  • Right to Access: You can request access to the Personal Information the IoDSA hold about you (refer to IoDSA PAIA Manual). 
  • Right to Rectification: If your Personal Information is inaccurate or incomplete, you can request that the IoDSA correct it (refer to Annexure A).
  • Right to be Deleted: You can ask the IoDSA to delete or dispose of your Personal Information (refer to Annexure B). 
  • Right to Restrict Processing: You can request that the IoDSA limit the processing of your Personal Information.
  • Right to Object: You can object to the use of your Personal Information for specific purposes.
  • Right to Withdraw Consent: Where the IoDSA rely on your consent to use your Personal Information, you can withdraw it at any time.
  • Right Against Direct Marketing: Your Personal Information will not be used for direct marketing via electronic communication without your consent.
     

7.   RECIPIENTS OF PERSONAL INFORMATION

The Personal Information collected is used only by the IoDSA and its employees in the rendering of its organisational purpose and services. Only in instances where the sharing of Personal Information to recipients outside of the IoDSA is necessary in order to fulfil an IoDSA obligation or service will such information be provided. 

 

8.   PERSONAL INFORMATION SHARED TO THIRD PARTIES

As part of the Member Benefits provided to IoDSA Members, the IoDSA may be required to provide third party service providers with minimal Member Personal Information (such as for example: name, membership number, contact details) in order to provide such Member Benefits. Personal Information provided to third party service providers for such purposes, will be limited to only that information which is absolutely necessary in order for the member to enjoy such benefit which he/she is entitled to. No further information will be provided and third party service providers are prohibited from using Member details for any other purpose other than providing the Member Benefit or for statistical and historical purposes. 

Your privacy is important to the IoDSA. The IoDSA will therefore not sell, rent nor provide your Personal Information to unauthorised entities or to third parties for their independent use without your consent. The IoDSA will release your Personal Information to a party if it believes that IoDSA is required by law or by a court or statutory body to do so. The IoDSA will also disclose your Personal Information if the IoDSA believes that it is necessary to prevent or lessen any unlawful or harmful actions and to protect and defend legitimate business interests, rights or property of the IoDSA. 

IoDSA policies mandate that all third parties engaged by the IoDSA must respect the security of your personal data and handle it in compliance with the law. Additionally, third-party service providers engaged by the IoDSA are prohibited from using your personal data for their own purposes and may only process your data for specified purposes, strictly in accordance with the IoDSA’s instructions.

 

9.   PROTECTION OF PERSONAL INFORMATION

The IoDSA values the information that you choose to provide and will therefore take reasonable steps to protect your Personal Information from loss, misuse or unauthorised alteration. The IoDSA conducts regular security testing of its servers and ensures that its employees are trained around protection of Personal Information to ensure that your Personal Information is used correctly and protected.

When you use the services or facilities provided by the IoDSA, you may be given an access number, username, password and/or personal identification number ("PIN"). You must always keep your username, access card, password and/or PIN a secret and ensure that you do not disclose it to anyone. The IoDSA shall not be held responsible for Personal Information accessed as a result of you providing someone your IoDSA profile username and password.

Upon your request the IoDSA will provide you with its records of the Personal Information you provided. For security reasons, this information will only be sent to the e-mail address on file for the subscriber username and password associated with it.

If you wish to object to the IoDSA processing your Personal Information, kindly complete Form 1 (Annexure A) in terms of POPIA and send same to the Information Officer at the IoDSA or to info@iodsa.co.za.  Objecting to the processing of your Personal Information, may result in services being stopped, access or implementation issues and/or other service inefficiencies and communications.

 

10.   STORAGE OF PERSONAL INFORMATION AND RETENTION THEREOF

Personal Information is stored on the IoDSA’s servers located onsite and, in the cloud (which in this case may be hosted outside of South Africa, see Clause 11 below) which is accessed by IoDSA internal employees only. Personal Information will only be retained for so long as necessary to carry out the function, Services required and/or for historical and statistical use by the IoDSA. 

Personal Information no longer required for the purposes of rendering services to you or after completion of services, will be destroyed. The IoDSA undertakes to ensure that Personal Information shall not be stored for longer than 5 years, unless required to do so by law or other regulatory obligations and/or for historical record purposes.  The IoDSA however may maintain de-identified information for statistical purposes.

Note:  Membership records, Service Agreements, training attendance records, reports or deliverables provided to Corporate Clients in terms of specific scope of work and Personal Information related thereto shall be kept for the IoDSA indefinitely. The purpose of which is to ensure a continuous and accurate record of your membership, training history and reports/advice provided by the IoDSA. 

 

11.   TRANS-BORDER FLOW OF PERSONAL INFORMATION

Your Personal Information may be stored on servers located outside of South Africa due to the IoDSA’s Association Management Systems. The IoDSA however undertakes to ensure that service providers used for such cloud servers and/or services are obliged to comply with the highest standards of data protection to ensure the security of your Personal Information.

 

12.   LINKS ON IoDSA WEBSITE OR EMAIL COMMUNICATIONS

The IoDSA is not responsible for the content or the privacy policies of websites of other institutions to which it may link you to – mainly for information purposes and access to documents provided by such institutions. The use of other third party websites and content is at your sole discretion. This Policy applies solely to information collected by the IoDSA. 

The IoDSA is not responsible for any representations or information or warranties or content on any website of any third party (including websites linked to the IoDSA website). The IoDSA does not exercise control over third parties' privacy policies, and you should refer to the privacy policy of any third party to see how such party protects your privacy. 

 

13.   IoDSA MOBILE APPLICATIONS

The IoDSA has two mobile applications that are available for download on the Google Play or iOS App Store. See below links to these applications listed on the relevant stores:

13.1. King IV Report Mobile Application:

  1. Google: https://play.google.com/store/apps/details?id=co.za.iodsa.king4
  2. iOS: https://apps.apple.com/za/app/king-iv-report/id1145317905

13.2. IoDSA Member Application:

  1. Google: https://play.google.com/store/apps/details?id=co.za.iodsa.memberapp
  2. iOS: https://apps.apple.com/za/app/iodsa-member-app/id1633663164

The mobile applications do not collect any data from users.

 

14.   PERSONAL INFORMATION HELD BY OR DISCLOSED BY YOU TO THIRD PARTIES 

If you disclose any Personal Information to a third party, such as one of the IoDSA business partners or anyone other than the IoDSA, you must be aware that the IoDSA does not regulate or control how that third party uses your Personal Information. You should always ensure that you read the privacy policy of any third party.

 

15.   CORRECTION OF PERSONAL INFORMATION

It is your responsibility to ensure that the Personal Information provided to the IoDSA is true, correct and accurate at all times. You may update and correct your Personal Information at any time either yourself via your online IoDSA profile, via email communications to the IoDSA  (for Members, kindly contact membership@iodsa.co.za or for others your IoDSA representative), telephonically by calling either the Membership Department or applicable IoDSA representative in relation to the services being used or rendered to you or through completing and sending Form 1 (Annexure A) in terms of POPIA to the Information Officer at the IoDSA or to info@iodsa.co.za. The IoDSA does not vet or check the information provided to it, and thus will not be held responsible for any incorrect or outdated information it may and which may be used to provide you with relevant and important communications.


If you would like your Personal Information deleted by the IoDSA, kindly also use Form 2 (Annexure B) and send same to the Information Officer at the IoDSA or to info@iodsa.co.za . Deleting your Personal Information may impact the services being used, offered or access there to.

 

16.   ACCESS TO PERSONAL INFORMATION HELD BY THE IoDSA

See the IoDSA PAIA Manual for detailed information around your rights to access information held by the IoDSA and applicable steps to follow.

 

17.   CHANGES TO THIS POLICY

The IoDSA may change this Policy at any time. The most current version of this Policy will be displayed on the IoDSA website. If you use this website or any of the services or facilities offered by the IoDSA after the IoDSA has displayed a change to this Policy, you will be deemed to have read and agreed to the change.

 

18.   APPLICABLE LAWS

This Policy will be governed by the laws of the Republic of South Africa. Specifically, the IoDSA undertakes to comply with the provisions of POPIA and the Promotion of Access to Information Act No.2 of 2000 (“PAIA”).

In so far as the IoDSA collects and uses Personal Information relating to European Citizens (who may elect to be IoDSA Members), the IoDSA undertakes to uphold and comply with the data protection obligations in terms of the General Data Protection Regulation (GDPR) (EU) 2016/679 so far as it applies to the IoDSA and in a proportionally manner based on the type and amount of information held. For more information on the GDPR see The European Commission website.

 

19.   JURISDICTION

You consent to the jurisdiction of the South African courts for any dispute which may arise out of this privacy policy.