This data protection policy ensures PBSA:

• Complies with data protection law and follow good practice
• Protects the rights of staff, customers, and partners
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach

The POPI Act describes how organisations, including PBSA, must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The POPI Act is underpinned by eight important principles in summary. These say that personal data must:

• Be processed fairly and lawfully
• Be obtained only for specific, lawful purposes
• Be adequate, relevant and not excessive
• Be accurate and kept up to date
• Not be held for any longer than necessary
• Processed in accordance with the rights of data subjects
• Be protected in appropriate ways
• Not be transferred outside the country, unless that country or territory also ensures an adequate level of protection

Security

pbsa additionally has strict security policies that meet ISO standards. In summary, online we adhere to the following:

• All connections are secured using SSL making communication between your browsers, mobile phone or web services secure end to end
• Information stored is protected using military-grade encryption
• All systems are actively monitored for suspicious activity and use state of the art firewalls to protect all connections