Privacy Statement
Introduction and Purpose
​
ATG DIGITAL (ATG) takes the protection of personal data very seriously. The purpose of this policy statement is to expand upon our Privacy Policy and to describe the way in which we collect, store, use, and protect data that is associated with any Data Subject (natural/juristic person) and/or could be used to identify the Data Subject.
This statement applies to you if you are:
-
A Client or Prospective Client
-
A Data Subject who has interacted with one of the ATG Devices (At The Gate or At Reception) at one of our clients’ sites
​
Definitions
Under the Act, ATG is defined as the Operator, together with the relevant security company (if applicable), and our client is defined as the Responsible Party:
​​
-
Responsible Party means a public or private body or any other person which, alone or in conjunction with others determines the purpose of and means for processing personal information. Called Controllers in other jurisdictions (GDPR)
​
-
Operator means a person who processes personal information on behalf of the responsible party. Called processors in other jurisdictions (GDPR)
-
Data Subject is any person, natural or juristic, who can be identified, directly or indirectly, via an identifier such as a name; an ID number; location data; or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity.
-
Processing means any operation or activity, whether or not by automatic means, concerning personal information, including:
-
The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of data
-
Dissemination by means of transmission, distribution or making available in any other form
-
Merging, linking, restriction, degradation, erasure or destruction of information.
-
-
Record means any recorded information
-
Regardless of form or medium, including any of the following:
-
Writing of any material
-
Information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other devices, and any material subsequently derived from information so produced, recorded or stored
-
Label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means
-
Book, map, plan, graph or drawing
-
Photograph, film, negative, tape or other devices in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced; in the possession or under the control of a responsible party
-
-
Whether or not it was created by a responsible party and
-
Regardless of when it came into existence.
-
-
Personal Information means information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic person, including, but not limited to
-
Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person.
-
Information relating to the education or the medical, financial, criminal or employment history of the person
-
Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignments to the person
-
The biometric information of the person
-
The personal opinions, views or preferences of the person
-
Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence
-
The views or opinions of another individual about the person
-
The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
-
​
Expanded Definition of Personal Information
-
Personal Information that ATG Collects:
-
certain information that we collect when you present your ID/Drivers License and Vehicle License Disc for scanning
-
certain information collected by your manual entries onto a device
-
-
Personal Information Excludes:
-
Permanently de-identified information that does not relate to, or cannot be traced back to, you specifically
-
Non-personal statistical information collected and compiled by us
-
-
Examples
-
Identifying Information – such as your name, date of birth, or identification number of any kind;
-
Contact Information – such as your phone number or email address (if provided by you)
-
Information Collection
​​
-
ATG collects information from the consumer at sites owned/rented/managed/secured by our clients. Our client, as the defined Responsible Party is the sole owner of the information collected via ATG Devices, and will have their own Privacy Policies in place to safeguard this information
​
-
As Operator, under POPIA, ATG will not sell, share, or rent this information to others in any way. Our objective remains to facilitate the collection of information on behalf of a contractually stipulated third party, our client.
​
-
Consent to collect information can be express (eg. signing an agreement) or implied (by providing guards with access to identification documents)
​
Acceptance and Consent
We will obtain your consent to collect personal data in accordance with POPIA, which states that information may be collected in pursuance of the Responsible Party’s reasonable interests.
Purpose, Processing and Retention
ATG devices capture information including, but not limited to, that which is contained on a driver’s license as well as the associated vehicle license disc as per the purposes set out by the responsible party.
-
Information is collected for the purpose of:
-
Safety and Security
-
Customer Service
-
Site Management
-
​
-
Information is subject to no further processing by ATG: analysis; evaluation; sharing.
​
-
ATG will retain your personal data for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:
-
retention of the record is required or authorised by law
-
The data subject has consented to the retention of the record.
-
​
Disclosure of Information
-
In compliance with POPIA and GDPR, ATG will not share consumer data with any third party external to our client contracts and agreements. This includes, but is not limited to: marketing agencies and their affiliates; other clients; employees; the general public
-
However, POPIA does require that we share your data with:
-
Our clients (Reseller and Site) pursuant to the SLA we have in place with them, but only in accordance with the principles of the Act and upon confirmation of their own Data Protection Policies.
-
Information Regulators: we may disclose your personal data as required by law or governmental audit
-
Law enforcement: We may disclose personal data if required:
-
by a subpoena or court order;
-
to comply with any law;
-
to protect the safety of any individual or the general public
-
-
​
Privacy by Design
As ATG develops new/more efficient products or systems which involve the processing of personal data we take the privacy and data protection laws and principles into account in order to build them into the product proactively.
Security
-
Any information scanned by our devices is encrypted and immediately uploaded to secure cloud storage. The information cannot be viewed or retrieved on the device thereafter.
-
The information that has been captured can only be accessed by:
-
Authorised personnel of the responsible party for their purposes
-
Authorised personnel of ATG on request of the responsible party or by an officer of the law; or by the data subject in accordance with the Act.
-
​
-
In order to ensure the safety of all the information that we gather on behalf of responsible parties:
-
Passwords are required by both the responsible party, as well as by all duly authorized ATG personnel.
-
Only authorized ATG personnel to have access to these passwords
-
Each individual staff member is carefully screened before employment
-
Access to customer data is monitored via software installed on personnel PC’s and any suspicious activity is flagged and immediately actioned.
-
​
Data Breaches
In the event of a breach, we will take all reasonable measures to notify all responsible parties, as well as the relevant supervisory authorities and affected data subjects, as soon as we become aware of such a breach, providing information such as:
-
When the breach occurred
-
If available, how the breach occurred
-
Which information has been breached
-
Who may be affected by such breach
-
The measures we intend to take to rectify the breach
​
Enquiries
If you have any questions or concerns arising from this privacy policy, please contact us on popi@atgdigital.biz