External Privacy Policy

Introduction

BlockPlan offers professional services pertaining to architecture and interior design projects. In order for BlockPlan to offer these services in a manner specifically tailored to our clients’ needs, we require to keep personal information in an attempt to balance the interests of our clients, service providers, talent and third parties.

The Eight Key Principleas Of Data Protection

The approach we take when it comes to your personal data is aligned with the POPI Act. These principles include:

  1. Accountability –  we understand that there is an obligation on us to ensure that measures are put in place to give effect to all the principles contained in the POPI Act and to ensure compliance;
  2. Processing limitation – we will only process personal information that is lawfully obtained, and that does not infringe on your privacy;
  3. Purpose specification – the information that we collect will only be for a specific purpose, which will always be explicitly defined and lawful;
  4. Further processing limitation – we will only process information for the purpose that it was collected, taking into account all the factors provided for in the applicable data protection legislation;
  5. Information quality – reasonable and necessary steps will be taken to ensure that the personal information that we hold is complete, accurate and not misleading;
  6. Opennes – we will maintain documentation of all processing information and take reasonable steps to ensure that you are aware when information has not been collected directly from you;
  7. Security safeguards – there is a responsibility on us to secure the integrity and confidentiality of your personal information by taking certain measures in order to safeguard such information, which we have in place; and
  8. Data subject participation – we appreciate your right to furnish you with a description of the personal information that we hold, together with the identity of any third parties who have had access to such information.

Personal Information That We Store

This will include, but is not limited to; your name, e-mail address, home address, telephone details, gender, date of birth, skills, banking details and specific details of your, of another Data Subject’s property (which could include photographs)

Where Do We Collect The Personal Information And When Will We Process It?

We will only process any personal information relating to you for lawful purposes, relating to our business in circumstances where:

  1. You have consented to the processing of such personal information;
  2. A court has made an order which has the effect that your personal information is to be processed;
  3. Your legally authorized representative has consented to such processing;
  4. The law permits such processing;
  5. It is necessary in order to protect or pursue your, BlockPlan’s and/or a third party’s legitimate interest; and/or
  6. In the event that you are a child, a competent person, such as a guardian or a parent has consented thereto on your behalf.

When Will We Process Your Special Personal Information

  1. In the event that you have consented to the processing;
  2. Where the processing is required in terms of a legal obligation; and
  3. In the event that the specific personal information was made public by you.

When And How Will We Process The Personal Information Of Children

In South Africa, a child is a person under the age of 18. We will process the personal information of children where it is permitted by law. We will only process the personal information of children if any of one of the following applies:

  1. The parent or guardian, being a person with the ability to sign legal agreements, has consented to the processing;
  2. The processing is necessary in accordance with a legal obligation;
  3. The personal information was made public by the child, with the consent of the guardian; and
  4. Where the child benefits from a bank account.

How We Process Information About Persons Related To A Juristic Person

In the event that information of a related person is provided to us, you warrant that the related person is fully aware of the fact that you are sharing such personal information with us, and that the related person has consented thereto. Accordingly, we will process the personal information of the related person in a manner as stated in this document and in line with the POPI Act.

Personal Information Of Other Individuals

In the event that you provide any personal information to BlockPlan, we accept that:

  1. You have informed the Data Subject about the content of this External Policy document; and
  2. The Data Subject has consented to the processing of such Personal Information.

Reasons Why We Need To Process Personal Information

Personal Information is processed in order to:

  1. Carry out your instructions and requests;
  2. Make decisions about whether to use your personal information in line with a request from one of our clients, to your benefit;
  3. Communicate with you and others as part of our business;
  4. Send you information and offers regarding Projects;
  5. For security and identity verification;
  6. Manage business operations;
  7. Process payments;
  8. Comply with any legal obligations; and/or
  9. Resolve any complaints.

Security

We take, and will continue to take, appropriate and the reasonable, technical, physical, and organisational measures, which are in line with the relevant data protection laws, which includes, but is not limited to:

  1. Ensuring that our systems are secure by monitoring access and usage;
  2. Storing our records securely;
  3. Ensuring that access to our buildings, systems and records are secured; and
  4. Destroying and/or deleting records and personal information that bears no purpose for us to hold.

Although we understand that no data transmission over the internet or data storage system can be guaranteed to be completely secure, we will always strive to have the highest level of security in order to ensure that your personal information is secure at all times, as best we can. In the event that you feel that the security of any personal information has been compromised, please immediately notify us at gordon@blockplan.co.za.

In the event that we provide personal information to any of our service providers, which we will only do so with your consent, in terms of a legal obligation or as otherwise provided for in the POPI Act, we will require such a service provider to sign an agreement with us whereby they agree to appropriate measures in order to protect the confidentiality and security of the personal information.

International Transfer Of Personal Information

In considering that we offer services internationally, we may transfer personal information to service providers located across the globe. These countries may have different data protection legislation than we do. However, we will always strive to ensure that your data is protected in line with this policy, together with the POPI Act.

Retention Of Personal Information

As far as is reasonably possible, we will ensure that your personal information which we process, is accurate, complete and reliable for its intended use, which will be a specific, explicitly defined and lawful purpose related to a function or activity of the company. We will always endeavour to ensure that you are aware of such purpose. We will only retain personal information for the period that is necessary in order to fulfil the purpose that the information was obtained in the first place, and as is provided for in this Policy, unless we are required to keep the personal information for a longer period in terms of any applicable legislation. We will only keep your personal information for as long as:

  1. We are required to keep it in terms of law;
  2. An agreement between you and BlockPlan requires us to keep it;
  3. Your consent allows us to keep the personal information;
  4. We are required to keep it to achieve a purpose listed in this Policy;
  5. We require it for statistical or research purposes, in which event we will de-identify the personal information, where necessary; and
  6. It is necessary for a lawful business purpose.

Please take note that, in light of the nature of business that BlockPlan is involved in, the deletion of certain personal information may lead to the termination of your business relationship with us.

Your Duties Regarding The Personal Information We Have About You

Your personal information may change during the course of an agreement that was entered into with us and we kindly request that you always ensure that the personal information that we hold is accurate and correct. This is to ensure that the personal information that we hold is complete, accurate, not misleading and updated.

Your Rights Regarding Personal Information That We Hold In Respect Of You

  1. You have the right to request access to the personal information that we hold about you, which we will furnish you within a reasonable time. This includes the identities and categories of third parties who have, or have had access to your personal information. Please take note that you will be required to pay a reasonable fee to receive copies or descriptions of records. In such an event we will advise you as to the applicable fee before attending to your request for such personal information.
  2. You are entitled to request for us to delete any information that is misleading, inaccurate, irrelevant, excessive, out of date, incomplete, unlawfully obtained or, in the event that we are no longer authorised to keep such information. In such an event, kindly inform us of your request in writing. It follows that in the event that the law requires us to keep certain information, you will not be entitled to request for us to delete such information.
  3. You may withdraw your consent for the processing of your personal information. However, when you have withdrawn your consent, there may be consequences, which we will explain to you. In the event that the law permits us to process your personal information, we will do so, regardless of whether you have withdrawn your consent.
  4. You can access your personal information, or request information in respect of the use of your personal information, by contacting the Information Officer at: gordon@blockplan.co.za

Complaints Procedure

You have the right to complain in the event where any of your rights in terms of the POPI Act have been infringed. BlockPlan views all complaints in a serious light and will address all personal information/ privacy related complaints in accordance with the following procedure:

  1. Where the complaint has been received by any person other than the Information Officer and/or the Deputy Information Officer, that person shall ensure that full details of the complaint reach the Information Officer or Deputy Information Officer as soon as possible;
  2. You will receive a written acknowledgement of receipt;
  3. The Information Officer and/or the Deputy Information Officer will carefully consider the complaint and address the complainant’s concerns in an amicable manner and in accordance with the principles of the POPI Act;
  4. The Information Officer and/or the Deputy Information Officer must also determine whether the complaint relates to an error or breach of confidentiality that has occurred, and which may have a wider impact on the data subjects of BlockPlan;
  5. Where the Information Officer and/or the Deputy Information Officer have reason to believe that your personal information has been accessed or acquired by an unauthorised person, the Information Protection Committee must be consulted.

Information Officers And Deputy Information Officers

Accountabilities, roles and responsibilities

Information Officers and Deputy Information Officers in BlockPlan are appointed according to the legal and regulatory requirements and will fulfil their regulatory obligations to protect personal information in BlockPlan. The information officer and deputies are responsible for:

  1. Encouraging compliance with the conditions for lawful processing of personal information;
  2. Attending to requests and complaints made by data subjects in terms of the POPI Act and PAIA;
  3. Assisting the regulator with any investigation relating to BlockPlan, the POPI Act and PAIA compliance;
  4. An Information Officer is the custodian of any activity relating to the processing of personal information and if any of the provisions of the POPI Act is breached, he or she could ultimately be held liable for that transgression.
  5. Ensuring that Privacy Notices for internal and external purposes are developed and published;
  6. Ensuring that BlockPlan makes it convenient for data subjects to update their personal information or submit POPI Act related complaints to BlockPlan; and
  7. Liaising and working with the Information Regulator in relation to ongoing investigations, arising issues, reporting and any other related matter in consultation with Group Compliance or subsidiary company compliance.

Information Protection Committees

BlockPlan has established an Information Protection Committee, which will convene when the need arises and as required, when any problems pertaining to non-compliance and breach activity is reported or suspected.

The Information Protection Committee will consist of:

  1. The information Officer;
  2. Deputy information Officer; and
  3. Human resources manager.

The target audience of this Policy is all people/companies that provide BlockPlan with information.