INTRODUCTION

Edward Searle (Pty) Ltd and its affiliates has developed this policy to highlight and ensure compliance with information and data security requirements.

Edward Searle (Pty) Ltd and its affiliates views its information and records as a valuable asset. 

Appropriate records management is vital to the maintaining and enhancing the value of this asset.

In addition, records management, through the proper control of the content, storage and volume of records, reduces the vulnerability to legal challenge and financial loss and promotes best value in terms of human and space resources through greater co-ordination of information and storage systems. 

Edward Searle (Pty) Ltd and its affiliates is also required to align its procedures and processes with records, data and information protection laws. The policy applies to all who receive, create, have access to, manage, store and dispose records, including electronic records. 

As an internal control, the policy provides directors and managers with the assurance that records     management, retention, disposal and business continuity risks are being managed and mitigated within the Edward Searle (Pty) Ltd Group. 

PURPOSE 

To exercise effective control over the retention of documents and electronic transactions:

Ø as prescribed by legislation; and

Ø as dictated by business practice. 

Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. They are also necessary for defending legal action. For establishing what was said or done in relation to business of the Company and to minimize the Company’s reputational risks. 

To ensure that the Company’s interests are protected and that the Company’s and clients’ rights to privacy and confidentiality are not breached. 

SCOPE & DEFINITIONS 

All documents and electronic transactions generated within and/or received by the Company. 

Definitions: 

Clients includes, but are not limited to, debtors, creditors as well as the affected personnel and/or departments related to a Sales service Agency of the Company. 

Confidential Information means all information or data disclosed to or obtained by the Company by any means whatsoever and shall include, but not be limited to:

- financial information and records;

- personal information and all other information including information relating to the structure, operations, processes, intentions, product information, know-how, trade secrets, market opportunities, customers and business affairs. 

Constitution: Constitution of the Republic of South Africa Act, 108 of 1996.

Data means electronic representations of information in any form. 

Documents include books, records, security or accounts and any information  which has been stored or recorded electronically, photographically, magnetically, mechanically, electro-mechanically or optically, or in any other form. 

ECTA: Electronic Communications and Transactions Act, 25 of 2002. 

Electronic communication means a communication by means of data messages. 

Electronic signature means data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature. 

Electronic transactions include e-mails sent and received.

ACCESS TO DOCUMENTS

Ø All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances 

Ø where disclosure is under compulsion of law; 

Ø where there is a duty to the public to disclose; 

Ø where the interests of the Company require disclosure; and 

Ø where disclosure is made with the express or implied consent of the client. 

Ø Disclosure to 3^rd parties: Information on clients: Our clients’ right to confidentiality are protected in the Constitution and in terms of ECTA. Information may be given to a 3^rd party if the client has consented in writing to that person receiving the information. 

Ø All employees have a duty of confidentiality in relation to the Company and clients. 

HOW PERSONAL INFORMATION IS USED

Client’s Personal Information will only be used for the purpose for which it was collected and agreed.

This may include:

Ø Providing products or services to clients and to carry out the transactions requested;

Ø Conducting credit reference searches or verification;

Ø Confirming, verifying and updating client details;

Ø For purposes of claims history;

Ø For the detection and prevention of fraud, crime, money laundering or other malpractice;

Ø Conducting market or customer satisfaction research;

Ø For audit and record keeping purposes;

Ø In connection with legal proceedings;

Ø Providing our services to clients to carry out the services requested and to maintain and constantly improve the relationship;

Ø Providing communications in respect of Edward Searle (Pty) Ltd and its affiliates and regulatory matters that may affect clients; and

Ø In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.

ACCESS AND SECURITY

Ø Records shall at all times be protected from unauthorized access, movement and tampering with, to sustain their authenticity and reliability. 

Ø No Edward Searle (Pty) Ltd or Searle Hoist and Tool (Pty) Ltd employee may remove documents and records that are not available in the public domain from Edward Searle’s offices or storage facilities without the explicit and written permission of the Chief Information officer, or from the Operations Director. 

Ø No Edward Searle (Pty) Ltd or Searle Hoist and Tool (Pty) Ltd staff member shall provide information and records that are not in the public domain to the public without written approval of the Information officer, or from the Operations Executive, as per the POPIA policy. 

Ø Specific guidelines for requesting information are contained in the Promotion of Access to Information Manual that is maintained by the Information Officer.

Ø Personal information shall be maintained in terms of the Protection of Personal Information  Act.

 Ø No Edward Searle (Pty) Ltd, or Searle Hoist and Tool (Pty) Ltd staff member shall disclose any personal information of any member of staff, client or other stakeholder of the Edward Searle (Pty) Ltd Group to any other person without prior written approval of the Information Officer as per the POPIA policy, or the Operations Executive. 

Ø Records storage areas shall at all times be protected from or against unauthorized access.  In this regard the following measures shall apply: 

Ø Records storage areas and records storage facilities shall be locked when not in use. 

Ø Access to server rooms and storage areas for electronic records media shall be managed through appropriate access control. 

Ø Proper operation and security practices relating to information technology devices including computers, laptops, I-pads, cellular phones, memory sticks and other. This includes security of data stored in the software, locking the computers off when one is not  in the office or at his or her desk, and switching off of computers at the end of the work day.

DEPARTMENT AND BRANCH MANAGERS

Departmental and Branch managers are responsible for: 

Ø The implementation of this policy in their respective department. 

Ø Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis.  

Ø No Edward Searle (Pty) Ltd or its Affiliates records (including e-mail) may be destroyed, erased or otherwise disposed of without prior written request to your Manager, the Information officer, or the Operations Executive. 

Ø Edward Searle (Pty) Ltd, and Searle Hoist and Tool (Pty) Ltd personnel are encouraged to use good judgment in securing any Edward Searle (Pty) Ltd or its Affiliates, Confidential information to the proper extent - if an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager. 

FAILURE TO COMPLY WITH THIS POLICY

The Edward Searle (Pty) Ltd Group, views its Information and Records Management Policy in a serious light and failure by any employee to adhere to this policy constitutes misconduct and may result in disciplinary action being taken against such employee in accordance with the Edward Searle (Pty) Ltd Group’s Human Resources policies, as amended from time-to-time. 

INFORMATION OFFICER

Name: Andre Rossouw

Telephone number: 011 882 2000

E-mail address: es.ac.ar@edwardsearle.co.za

DEPUTY INFORMATION OFFICER

Name: David De Welzim

Telephone number: 011 882 2000

E-mail address: david@edwardsearle.co.za

Revision of the policy

The policy will be reviewed at three-year intervals to ensure its relevance and alignment with applicable legal and governance requirements.

Where relevant however policies may be reviewed earlier than the above three-year period where there are major changes and / or gaps identified in the policy or where a shorter policy review period is dictated by law or other form of regulation. 

Document Retention Schedule

The following types of documents will be retained for the following periods of time. At least one copy of each document will be retained according to the following schedule: 

Corporate Records

Financial Records

Tax Records

Personnel Records

Insurance Records

Contracts

Donations / Funder Records

 Management Plans and Procedures

Email and Other Computer-Based Correspondence

This is in regard to correspondence/information that is developed and/or maintained by employees on the company’s computers, whether it is in regard to work or personal information.