This data protection policy ensures pbsa:
- Complies with data protection law and follow good practice
- Protects the rights of staff, customers, and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
The POPI Act describes how organisations, including pbsa, must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The POPI Act is underpinned by eight important principles in summary. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the country, unless that country or territory also ensures an adequate level of protection
pbsa additionally has strict security policies that meet ISO standards. In summary, online we adhere to the following:
- All connections are secured using SSL making communication between your browsers, mobile phone or web services secure end to end
- Information stored is protected using military-grade encryption
- All systems are actively monitored for suspicious activity and use state of the art firewalls to protect all connections
- Servers and data storage is in Bio-metric access controlled secure data centres in 2 geographic locations for redundancy
- pbsa does not store your password at all so it cannot be retrieved by anybody, not even us!
- Your password is already hashed before it even leaves your device so it never sent to us at all
- We have 2 factor authentication mechanisms in place for those that opt for additional security
Actual Data Centre/s
The 2 data centres' in separate geographic locations, where the actual information is stored and delivered, has many levels of security, including 24-hour guards, biometric authentication, digital CCTV cameras, and bullet-proof protection on doors and other areas.The building management system to remotely monitor devices such as generators, electrical systems, fire systems, fuel tanks, and air-conditioning units.
The alarms are monitored 24-7 via SMS and from the control centre by onsite security staff.
The data centre has multiple layers of protection against an electricity outage, including uninterruptible power supplies (UPSs), battery backups, and redundant diesel generators as well as heavily protected against any instances of fire.