This Privacy Notice describes how the Tutwa Consulting Group (Tutwa) collects, uses, discloses, retains and protects your personal information, in accordance with the Protection of Personal Information Act (POPIA) and other relevant laws.
Your choices with respect to Personal Information
Collection of Personal Information
As a visitor to this Site, you may engage in many activities without providing any personal information. In connection with other activities, Tutwa may ask you to provide certain personal information about yourself by completing and submitting an online form. Depending on the activity, some of the information that we ask you to provide is categorised as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to engage in that activity. It is optional for you to engage in any of these activities. If you elect to engage in these activities, Tutwa may ask that you provide the following personal information:
- personal details: first name, last name, photograph, qualifications, past/present employment, residency status,
- demographic information: gender, date of birth / age, nationality, title and language preference;
- identifier information: passport or identity number, bank account details (collected only from payees and held confidential) ;
- contact details: a home, postal or other physical address, including postal code, telephone number, facsimile number, email address; other contact information
- employer details: name of employer, address, job title, occupation and department,
- instruction details: details of individuals instructing us; personal information included in correspondence, documents, evidence or other materials that we process in the course of providing consulting services;
- attendance records: details of meetings and other events organised by or on behalf of Tutwa Consulting that you attend;
- consent records: records of any consents you may have given, together with the date and time, means of consent and any other related information;
Source of collection of your Personal Information
Tutwa Consulting may collect or obtain personal information on data subjects as follows:
- directly from you;
- in the course of our relationship with you;
- in the course of providing any services to you where we have been appointed as the consultant;
- in the course of providing consulting services to you or your entity;
- in the course of engaging with prospective clients who enquire about our services;
- when you make your Personal Information public;
- when you visit and/or interact with our website or other media platforms;
- when you register to use any of our related services including but not limited to newsletters, workshops, meetings and updates;
- when you interact with any third party content on our website; or
- when you visit our offices.
We may also receive personal information about you from third parties such as law enforcement authorities and from cookies on our website.
In addition to the above, we may collect personal information about you, such as records of your communications and interactions with us, including, but not limited to, your attendance at events or at interviews in the course of applying for a job with us, subscription to our newsletters and other mailings and interactions with you during the course of our digital campaigns. This personal information may be collected directly or indirectly from you through the completion of a mandate, application form or a contract, which may be completed either electronically or in hard copy.
Special Personal Information
Where we need to process your special personal information, we will do so in the ordinary course of our business, for a legitimate purpose, in accordance with applicable law and with your consent.
Law authorising or requiring collecting of the Personal Information:
The below legislation regulates how personal information may be collected, shared and accessed:
- Promotion of Access to Information Act, no 2 of 2000
- Protection of Personal Information Act, no 4 of 2013
The personal information provided to Tutwa Consulting should be accurate, complete and up-to-date. We take accountability for keeping your information up to date with the latest information provided by you. Please notify us should any of your information change, so we can continue our best possible service to you.
We commit to only processing personal information needed for the legitimate purpose stated.
Purpose for Processing your Information:
We will collect, process, hold, use and disclose your personal information in the ordinary course of the business of providing you with consulting services of a discretionary and/or non-discretionary nature, and related services. We will only process your information for a purpose you would reasonably expect. We will use your personal information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the personal information was collected. We may subject your personal information to for processing during the course of various activities, including, without limitation, the following –
- operating our business; by performing the obligations contained in the contract concluded between you and Tutwa Consulting Group;
- notifying you of new developments that may be of interest to you;
- providing you with advice, products and services that suit your needs as requested;
- compliance with applicable law and fraud prevention;
- verifying your identity and to conduct reference searches;
- confirming, verifying and updating your details;
- transferring information to our Service Providers and other third parties; or
- to register your subscription preferences
- relationship management and marketing related to our services
- internal management and management reporting purposes,
- for safety and security purposes
- Site usage stats received daily in aggregate form, without identifying any user individually
- We may also analyse your personal information for statistical purposes.
Third parties and your personal information
We may need to disclose or share your personal information to our associated companies, service providers and other third parties for legitimate business purposes, in accordance with applicable law and subject to applicable regulatory requirements regarding confidentiality. Where we share your information, we will take all precautions to ensure that the third party will treat your information with the same level of protection as required by us. We may disclose your personal information –
- if required by law;
- to regulatory or governmental authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- Information Technology specialists and third party Operators assisting us with data storage, security, processing, analytics, etc (including, but not limited to, data processors such as providers of data hosting services and document review technology and services), located anywhere in the world,
- where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
- to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security;
- to any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation); and
- to any relevant third party provider, analytics and search engine providers who assist us in the enhancement of our websites and content.
- to our auditors;
- to your employer (where applicable);
- to our compliance officer (where applicable);
- to other product suppliers and administrative platform providers, where required to fulfil the purpose;
- If we engage a third party operator to process any of your personal information, we recognise that any operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with operators we engage and, to the extent required by any applicable law in force, we will require such operators to be bound by contractual obligations to –
- only process such personal information in accordance with our prior written instructions; and
- use appropriate measures to protect the confidentiality and security of such personal information.
We will only retain and store your personal information for as long as we need it, given the purpose for which it was collected, or a legitimate interest as required by law and any other statutory obligations, including anti-money laundering, counter-terrorism, tax legislation, whichever is longer. Your personal information may be retained for a minimum period of 5 years, and no longer than 6 years from the end of our relationship. We will take all reasonable steps to destroy or erase the data from its our systems when it is no longer required.
Transfer of your personal information outside of the Republic of South Africa
We may transfer your personal information to recipients outside of the Republic of South Africa. Your information may be hosted on servers managed by a third-party service provider, which may be located outside of South Africa.
Personal information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection similar to POPIA, the operator/third party undertakes to protect the personal information in line with applicable data protection legislation and the transfer is necessary in order to provide the legal and other related services that are required by our clients.
We implement appropriate technical and organisational security measures to protect your personal information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
Where there are reasonable grounds to believe that your personal information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.
Your legal rights
As a data subject, you may have the right under the South African laws to have access to your personal information and to ask us to –
- confirm whether or not we hold personal information about you;
- rectify, erase and restrict use of your personal information;
- provide you with a description of the personal information we hold about you, and to explain why and how it is being processed;
- ask for the transfer of personal information you have made available to us;
- consider your objection to the processing of your personal information;
- withdraw consent to the use of your personal information;
- Lodge a complaint with the Information Regulator.
Complaints and objections
The Information Regulator
In the event that your personal information has not been processed in accordance with POPIA and the principles set out above, you have the right to lodge a complaint with the Information Regulator.
For further information regarding the complaints process, please visit the website of the Information Regulator, as indicated below. Alternatively, you may contact the Information Regulator for further assistance:
The Information Regulator
Adv Pansy Tlakula
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints: complaints.IR@justice.gov.za