External Privacy Policy
Introduction and Purpose
​
-
ATG guarantees its commitment to protecting the Data Subject’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws, both within South Africa and outside of it.
​
-
As the Operator, ATG processes your Personal Information in accordance with the requirements of POPIA, and upon the instruction of our customer (Responsible Party).
​
Scope
​​
This policy applies to the information ATG processes on behalf of our customers, via our scanning devices at their entry points and receptions, as well as any back-end processing we facilitate for the customer.
We respect the privacy of all Data Subjects and will protect all the personal information with which we are entrusted. This policy tells you how we will process and protect your personal information.
​
Definitions
-
Data Subject: The person to whom the personal information relates
-
POPIA: The Protection of Personal Information Act 4 of 2013;
-
GDPR: The General Data Protection Regulation (EU) 2016/679
-
Responsible Party: A public or private body or any other person which, alone or in conjunction with others determines the purpose of and means for processing personal information. Called Controllers in other jurisdictions (GDPR)
-
Operator: A person who processes personal information on behalf of the responsible party. Called processors in other jurisdictions (GDPR)
-
Processing: Any operation or activity, whether or not by automatic means, concerning personal information, including:
-
The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of data.
-
Dissemination by means of transmission, distribution or making available in any other form
-
Merging, linking, restriction, degradation, erasure or destruction of information.
-
-
Record means any recorded information: Regardless of form or medium, including any of the following:
-
Writing of any material
-
Information produced, recorded or stored by means of any tape-recorder, computer equipment
-
Label, marking or other writing
-
Book, map, plan, graph or drawing
-
Photograph, film, negative, tape
-
-
Personal Information: Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
​
Why and how do we collect Personal Information?​
​
ATG provides scanning devices which are used by our customers to collect the information of people visiting their premises. Under POPIA, ATG is defined as the Operator, with our Customer being defined as the Responsible Party:
-
ATG does not make any decisions regarding the type/detail of information required – these decisions rest solely with the Responsible Party
-
ATG simply facilitates the collection of this information through the provision of ATG Scanning Devices.
-
Information is collected either through the scanning of license cards or discs or through the manual input of data by either an employee of the Responsible Party or the Data Subject themselves.
Why and what kind of information do we collect?​
​
The Responsible Party decides, based on their site requirements and security risk profile, what kind of information they require. Some of our customers collect information purely for security purposes, whilst others require more detailed information in order to ensure the safety of each visitor (such as cellphone numbers, which can be used to alert individuals of emergency situations) or health data (for sites where there is a risk to personal safety for certain conditions, or a risk to produce on certain agricultural sites)
Information could include:
-
ID Number/Passport Number
-
Name
-
Car Registration Number
-
Vehicle Registration Details as per the Vehicle License Disc
-
Cellphone Number
-
Email Address
-
Company and Designation
-
The person being visited and Reason for visit
-
Photograph
-
Health Information
How is the information stored?
-
Once information is collected, it is encrypted and uploaded to a secure cloud-based platform.
-
The secure system ATG uses is the Google Cloud Platform, and its security and privacy are governed by International as well as American Data Protection legislation.
-
ATG has a contract with Google ensuring the safety of all the data, and Google’s privacy policy is available for all data subjects to inspect.
​
Who has access and what processing is involved?
​
-
Once the information is collected, it is encrypted to prevent unauthorized access
-
Data is stored on the cloud, in an account dedicated to the Responsible Party, to which only authorized personnel to have password-controlled access:
-
Authorized personnel who work for the Responsible Party
-
Limited personnel at ATG
-
-
ATG will only access the information at the request of the Responsible Party, and only to assist them with technical support issues, or backend reporting requirements
-
Information is only processed in so far as it is collated for the Responsible Party to view reports on their site activity, to manage their Security and/or Health and Safety and/or General Service Departments.
-
ATG does not access or process the information at all for any purposes other than facilitating the requests of its customers: the Responsible Parties
​
Will information be disclosed to third parties:?
​
ATG will never disclose any of the Personal Information it collects to third parties unless the request is made by Law Enforcement in accordance with POPIA
​
How long do we keep personal information?
-
Personal Information is kept, in accordance with POPIA, for no longer than the minimum time required for the original processing requirement
-
This retention period is determined by the Responsible Party
-
When the retention period is complete, ATG deletes all information or completely de-identifies it
​
Recourse
If you have an inquiry or complaint regarding this Policy or the collection or use of your Personal Information, including any rights of access, ability to limit the use or disclosure of Personal Information or to correct or delete inaccurate Personal Information, please email popi@atgdigital.biz
​To lodge a complaint, please see the ATG Data Complaints Policy​
​
Policy Review
This policy shall be reviewed on at least an annual basis to
-
Determine if there have been changes in International, National or Internal references that may impact on this policy.
-
Determine if there are improvements or changes within the ATG systems or processes that should be reflected in this policy