Privacy Policy
INTRODUCTION
The information, content, services, and/or materials offered by HLBNGA on, or through its website www.hlbnga.com.au (“the Website”), are made available subject to the provisions contained below.
Please read this Privacy Policy carefully to understand how your personal information will be treated when you use the Website. All queries and/or requests relating to this Privacy Policy should be sent to [email protected].
HLBNGA endeavors to comply with all laws and regulations providing for privacy including, but not limited to, the Constitution of the Republic of South Africa, 108 of 1996, and the Protection of Personal Information Act, 4 of 2013 (“the Act”).
For purposes of this Privacy Policy, the person accessing the Website, or on whose behalf the Website is accessed, is referred to as “the User” and the term “Personal Information” bears the meaning as ascribed to it in the Act.
HLBNGA seeks to ensure the quality, accuracy, and confidentiality of all Personal Information in its possession and recognizes the importance of protecting the User’s privacy in respect of the User’s Personal Information collected by HLBNGA when the User visits the Website. HLBNGA is committed to protecting and preserving the Personal Information of all visitors to the Website.
By accessing the Website, the User agrees to the processing of the User’s Personal Information for the purposes stated in this Privacy Policy. This Privacy Policy includes various consents and permissions provided by the User to HLBNGA in respect of the User’s Personal Information.
The User should not use this Website if the User does not agree with HLBNGA’s processing activities described in this Privacy Policy. HLBNGA undertakes that the processing of the User’s Personal Information shall be carried out by it solely in accordance with the provisions of this Privacy Policy.
The User will be subject to the Privacy Policy in force at the time that the User accesses the Website. This Privacy Policy should not be viewed in isolation and must be read together with the applicable terms of use of the Website (which are available on the Website) and any further agreement/s entered into between the User and HLBNGA (such as an agreement in terms of which the User elects to subscribe for any of the services rendered by HLBNGA).
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you browse our site, we automatically receive your computer’s internet protocol (IP) address and information about your browser and operating system. This data is required to provide the service, but we do not permanently store it or use it in any other way.
SECTION 2 – CONSENT
You can contact us by email or other channels using the information provided on our website. The information you provide to us when contacting us (e.g., your email address) will only be used for the purpose of answering your communication, such as providing you with information that you may require.
How do I withdraw my consent? You may withdraw your consent for us to contact you at any time, by contacting us at [email protected].
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so.
SECTION 4 – THIRD-PARTY SERVICES
In general, the third-party providers used by us (e.g., for hosting the website) will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 5 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. HLBNGA will not sell your data or personal information.
SECTION 6 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence.
SECTION 7 – CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our site is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to provide services to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to access, correct, amend, or delete any personal information we have about you, register a complaint, or simply want more information, contact us at [email protected].
INFORMATION COLLECTION AND USE
HLBNGA strives to collect only that Personal Information which is necessary for the intended purpose of the collection. HLBNGA and/or its authorized agents shall collect certain Personal Information from the User in connection with the User’s use of the Website. The information collected is used for the following purposes:
- To make the User’s visit to the Website more efficient;
- To enable efficient use of the Website;
- To process electronic communications and transactions;
- To administer any promotion, survey, or similar interactive activity conducted by HLBNGA; and
- To provide the User with newsletters or other periodic emails and/or promotional materials as requested by the User.
When the User accesses the Website, the User’s Personal Information will be automatically collected in relation to the User’s visit to the Website. This information includes but is not limited to:
- The User’s browser type and version;
- The User’s operating system and information about the User’s use of the Website including details of the User’s visits to the Website (such as pages viewed and the resources that the User accessed on the Website).
The Website also uses different types of cookies, such as cookies which provide web analytics services, flash cookies, and other types of cookies. NGA’s hosting agents and/or service providers may automatically log the User’s “IP address” (the unique identifier for the User’s computer and/or other access device). The aforesaid information collected by HLBNGA is for aggregate purposes only and cannot be used to identify the User personally.
Should the User subscribe to receive any newsletter, periodic email, or promotional material or information distributed by HLBNGA, the User’s Personal Information (including but not limited to the User’s email address) will be processed by HLBNGA. HLBNGA may also track whether the User has read the material supplied byHLBNGA and/or whether the User has clicked on any of the links so provided. All HLBNGA communications shall contain an unsubscribe link and by following the unsubscribe process, the User shall be removed from the relevant distribution list and HLBNGA shall no longer send the User the subscription content or contact the User.
CONSENT TO PROCESS PERSONAL INFORMATION
By accessing the Website, the User agrees and consents that HLBNGA may process the User’s Personal Information for the purposes set out in this Privacy Policy including providing the User with access to the Website and its contents.
By providing HLBNGA with his/her/its Personal Information, the User expressly consents to having his/her/its Personal Information processed in accordance with this Privacy Policy, which processing is necessary to enable HLBNGA to carry out the actions required of it in relation to the User when the User accesses the Website.
Processing shall include the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation, use; dissemination by means of transmission, distribution or making available in any other form; or merging, linking, as well as blocking, degradation, erasure, or destruction of information.
This consent is effective immediately and will endure until the User’s relationship with HLBNGA has been terminated, or until such time as the User expressly notifies HLBNGA that such consent is retracted.
RETAINING PERSONAL INFORMATION
The User expressly consents to HLBNGA retaining the Personal Information once the User’s relationship with HLBNGA has been terminated for the following purposes:
- Aggregate, statistical, and reporting purposes and for only so long as is necessary to enable HLBNGA to achieve the purpose for which the Personal Information was collected or subsequently processed, subject to the further provisions of section 14 of the Act;
- In order to ensure that the User’s Personal Information is treated in accordance with the User’s prior instructions, for example ensuring that the User remains unsubscribed from NGA’s mailing list; and
- HLBNGA’s operational purposes and/or for production as evidence by HLBNGA in legal proceedings in which event records relating to the User’s use of the Website and the Personal Information submitted by the User may be required to be retained in terms of legislated records retention requirements.
TRANSBORDER FLOW OF PERSONAL INFORMATION
HLBNGA appoints certain agents, third parties, and/or service providers which operate outside the borders of the Republic of South Africa, alternatively outside the country in which the User resides and/or operates from. As a result, HLBNGA is required to transmit the User’s Personal Information outside South Africa, alternatively outside the country in which the User resides and/or operates from.
The purpose of the trans-border flow of the User’s Personal Information may include, but is not limited to data hosting and storage.
The User expressly consents to the trans-border flow of the Personal Information, in order to enable the trans-border flow of the aforesaid information.
HLBNGA warrants in this regard that it shall only engage the services of third parties (in relation to the aforesaid trans-border flow of information) which subscribe to internationally recognized standards in this regard and in order to secure the integrity and confidentiality of the User’s Personal Information.
HANDLING OF THE USER’S PERSONAL INFORMATION
HLBNGA shall secure the integrity and confidentiality of the User’s Personal Information in its possession or under its control by taking appropriate, reasonable technical and organizational measures to prevent loss of, damage to, or unauthorized destruction of the User’s Personal Information and the unlawful access to or processing of such Personal Information.
HLBNGA will not sell, exchange, or transfer the User’s Personal Information to any third party without the User’s consent and save as provided for in this Privacy Policy.
DISCLOSURE OF PERSONAL INFORMATION
HLBNGAmay disclose the User’s Personal Information to its third-party service providers, where necessary. HLBNGA requires that its service providers take appropriate, reasonable, technical, and organizational measures to keep the User’s Personal Information secure and such third parties may not use or disclose the User’s Personal Information for any purpose other than providing the services required by the User on HLBNGA’s behalf.
HLBNGA may disclose the User’s Personal Information under the following circumstances:
- to comply with the law or with legal process;
- to protect and defendHLBNGA’s legitimate interests (safety, property, or other rights);
- to protect HLBNGA against misuse or unauthorized use of the Website and/or of the services offered by HLBNGA; and
- to protect other customers, Website users, or third parties affected negatively by the User’s actions in his/her/its use of the Website.
ACCESSING AND UPDATING PERSONAL INFORMATION BY THE USER
HLBNGA will take reasonable steps to keep the User’s Personal Information accurate and complete. HLBNGA suggests that the User regularly updates his/her/its Personal Information.
The User can request access to any of his/her/its Personal Information held by HLBNGA at any time and for any purpose, including to request HLBNGA to correct any portion of the Personal Information held by HLBNGA which is inaccurate, or to delete the Personal Information which HLBNGA is no longer entitled to retain by law or for a legitimate purpose.
The User also has the right to revoke his/her/its consent to the processing of his/its Personal Information by HLBNGA.
DATA PRIVACY COMPLIANCE (POPIA & GDPR)
- Introduction
HLBNGA provides its services to Accountable Institutions to assist them in meeting their compliance obligations in terms of the Financial Intelligence Act (FICA). These services are provided using software licensed from HLBNGA. The integrity and confidentiality of the personal information of our customers and their clients is of critical importance for HLBNGA.
- Data Privacy Laws and Regulations
The flow of our customer data originates in South Africa and is stored within South Africa, hosted via our own data storage facilities. HLBNGA therefore complies with local (Protection of Personal Information Act) (POPIA) and global (General Data Protection Regulation) (GDPR) data privacy laws and regulations.
Personal information is processed by HLBNGA, as well as our third-party service providers, for the specific, lawful purpose for which it is gathered, which is the customers’ FICA compliance obligations.
Section 72 of the POPIA allows for the transfer of data across international borders.
As a responsible data controller and processor, HLBNGA ensures that all data handling, storage, and processing activities comply with the highest standards of data protection and security as outlined by POPIA and GDPR.
The storage of our customers’ data within South Africa meets the stringent requirements set forth by section 72 of POPIA. This includes ensuring that adequate protections are in place for the secure handling and storage of personal information.
In summary, while the data remains within South Africa under the stringent security measures implemented by HLBNGA, our compliance with local and international data protection laws remains a priority to safeguard the privacy and integrity of our customers’ information.
- Compliance and Data Protection Measures
HLBNGA takes the security of our customer data very seriously and therefore has implemented the following data privacy compliance and security controls to mitigate the risk of data breaches. These controls are monitored regularly to ensure their operating effectiveness.
3.1 Data Privacy Policy
HLBNGA has a privacy policy, and our policy approach is consistent with the core principles of POPIA, which is to protect the privacy rights of individuals and juristic entities and to ensure the secure handling of personal data. HLBNGA is registered with the Information Regulator in South Africa, and any privacy-related concerns or complaints can be directed via [email protected].
3.2 Service Level Agreements (SLAs)
HLBNGA has an SLA in place with every customer, where it is incumbent on the customer to obtain the necessary consent of their data subjects. The SLA confirms that HLBNGA will only collect, store, and process data which is necessary to deliver agreed services. In addition, we have SLAs in place with our subcontractors, which state that data is not permitted for onward transmission.
Clauses in the SLA also address a vital part of POPIA, which is the destruction or de-identification of personal information when HLBNGA no longer has the legal right to retain such information. For example, when an SLA with a customer is cancelled or is not renewed.
3.3 Data Access Control
Customer data is only examined directly if it is absolutely necessary for technical reasons. Furthermore, only the core development and support team have access privileges that allow for the direct modification of production data. Such modification is to be done in only the most critical of cases and/or at the documented request of a customer.
3.4 Data Encryption & Recovery Processes
Technical security measures are also monitored by HLBNGA, this includes all customer data being encrypted during transmission and at rest. All data is backed up on a regular basis, and disaster recovery tests are run annually per company policy.
Users of the web interface must authenticate themselves with a username, password, and multi-factor authentication. HLBNGA uses various software, infrastructure, and architecture to restrict logical access, including a defense-in-depth approach with gateway and perimeter defenses, encryption, secure operations policies and procedures, secured endpoints, and backups.
4.Conclusion
HLBNGA’s security and risk management procedures have been audited by an independent audit firm, that has tested our controls as per the SOC 2 (Security and Organizational Controls) reporting standards. We trust that this provides your organization with assurance with regard to our commitment to data privacy and security standards. Should you have any further questions, please feel free to contact us at [email protected].