Head Office (086 109 9473)|Cape Town Office (021 525 9159)
Head Office (086 109 9473)|CPT Office (021 525 9159)
Training Catalogue
WWISE One Pager
FAQ
Training Venue and Conferencing
Home / Privacy Policy
WWISE
SPEAK TO A CONSULTANT

Privacy Policy

Version 3 • Reviewed: 30/06/2025 • Next Review By: 30/06/2027

Document Control

Document Number
WWISE-PPI-POL-01
Version Number
3
Review Date
30/06/2025
Next Review By
30/06/2027
Authorised By
Managing Director

Version History

VersionDateAuthorBrief Description of Changes
101/07/2021WWISEFirst Version
223/09/2021WWISEVersion numbers reviewed and updated accordingly.
230/06/2023WWISEAnnual review, no changes made.
330/06/2025WWISEIncorporated additional sections to expand the scope of the Privacy Policy.

1. Purpose, Scope, and Users

  1. This Policy governs the processing of personal information at World Wide Industrial and Systems Engineers (Pty) Ltd (WWISE) and outlines the responsibilities and procedures for ensuring that personal information is processed in a lawful, transparent, and secure manner. It applies to all data subjects, including employees, customers, contractors, website visitors, and other individuals whose information is processed by WWISE.
  2. This Policy applies to all departments and individuals within WWISE, including all wholly owned subsidiaries, affiliates, and contractors involved in processing personal information on behalf of WWISE.
  3. All employees, contractors, and affiliates of WWISE who have access to personal information are required to comply with this Policy.
  4. WWISE is committed to complying with the Protection of Personal Information Act, 4 of 2013 ("POPIA") and any other applicable data protection laws in South Africa. This Policy is guided by the eight conditions for lawful processing in Chapter 3 of POPIA, namely: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.

2. Definitions

Data Subject
An identifiable, living natural person, or where applicable, an identifiable juristic person, whose personal information is processed.
Personal Data
Any information relating to an identifiable, living natural person, and where applicable, an identifiable existing juristic person. This includes any information that can directly or indirectly identify the data subject.
Processing
Any operation or activity concerning personal information, whether or not by automatic means, including collection, storage, use, transfer, modification, or destruction.
Responsible Party
The person or organisation that determines the purpose of and means for processing personal information. In other words, the entity that decides why and how personal information is processed and is accountable for complying with data protection obligations under POPIA.
Sensitive Personal Data
Information relating to a data subject’s race, ethnic origin, trade union membership, political persuasion, religious or philosophical beliefs, health, sex life, biometric information, or criminal behavior, which is afforded higher protection under POPIA.

3. General Principles for Processing Personal Information

WWISE ensures that all personal information is processed in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: Information shall be processed lawfully and in a manner that is fair and transparent to the data subject.
  • Purpose Limitation: Information shall be collected for specific, explicitly defined, and lawful purposes.
  • Data Minimisation: Information collected shall be adequate, relevant, and not excessive.
  • Accuracy: Reasonable steps shall be taken to ensure that personal information is complete, accurate, not misleading, and kept up to date.
  • Storage Limitation: Information shall not be retained for longer than necessary for achieving the purpose for which it was collected.
  • Integrity and Confidentiality: Appropriate security measures shall be in place to protect against loss, damage, unauthorised access, or unlawful processing.
  • Accountability: WWISE shall ensure compliance and be able to demonstrate such compliance to the Information Regulator when required.

4. Data Subjects

WWISE respects the rights of data subjects as provided under POPIA, including:

  • Right to Access – Request access to personal information held.
  • Right to Correction – Request correction or deletion of inaccurate or incomplete information.
  • Right to Erasure – Request deletion of personal information where permitted by law.
  • Right to Restriction – Request limitation of processing in certain circumstances.
  • Right to Data Portability – Receive personal information in a structured, commonly used, and machine-readable format.
  • Right to Object – Object to processing based on legitimate interests or for purposes of direct marketing.
  • Right to Withdraw Consent – Withdraw consent at any time where processing is based on consent.

4.1 Openness and Notification to Data Subjects

When collecting personal information, WWISE will provide data subjects with the following as required by Section 18 of POPIA:

  • Name and address of the organisation (Responsible Party).
  • Purpose for which the information is collected.
  • Whether supply is voluntary or mandatory.
  • Consequences of failure to provide the information.
  • Law authorising or requiring collection (if applicable).
  • Recipients or categories of recipients of the information.
  • Data subject rights under POPIA.
  • Where applicable, intention to transfer the information across borders and applicable safeguards.

5. Data Processing

Personal information will only be processed on the following lawful bases:

  • Consent from the data subject.
  • Contractual necessity.
  • Compliance with legal obligations.
  • Protection of vital interests of the data subject or another person.
  • Performance of a public law duty or function.
  • Legitimate interests not overridden by the data subject’s rights.

WWISE may transfer personal information to third parties or across borders only where permitted under POPIA and where adequate protection measures are in place.

5.1 Processing of Special Personal Information

WWISE recognises that certain categories of personal information are classified as special personal information under POPIA. Such information will only be processed:

  • With the explicit consent of the data subject.
  • Where necessary for the establishment, exercise, or defence of a right or obligation in law.
  • Where authorised by legislation.
  • For historical, statistical, or research purposes, subject to appropriate safeguards.

Appropriate technical, organisational, and contractual measures will be implemented to ensure that such information is protected against loss, unauthorised access, or misuse.

5.2 Direct Marketing

In compliance with Section 69 of POPIA, WWISE will not conduct direct marketing via electronic means without the data subject’s consent, unless the recipient is an existing customer and has been given an opportunity to opt out. All marketing communications will contain a clear opt-out mechanism.

5.3 Special and Children’s Personal Information

WWISE will not process special personal information or children’s personal information unless permitted by Sections 26–34 of POPIA, authorised by law, or with the consent of a competent person.

6. Data Security

Appropriate technical and organisational measures will be implemented to safeguard personal information. In the event of a personal information breach, WWISE will notify the Information Regulator and affected data subjects as soon as reasonably possible in accordance with Section 22 of POPIA.

7. Data Retention

Personal information will be retained only for as long as necessary to achieve the purpose for which it was collected or as required by law. Thereafter, it will be securely destroyed or anonymised.

8. Compliance and Monitoring

The Information Officer is responsible for overseeing compliance, conducting audits, and providing training. All employees, contractors, and service providers must report any suspected breach or non-compliance immediately.

9. Third-Party Relationships

Where personal information is shared with operators or service providers, a written agreement will ensure they adhere to POPIA standards and data subject rights.

10. Data Privacy Training and Awareness

Regular training and awareness programmes will be provided to ensure compliance with this Policy and with POPIA.

11. Impact Assessments

Before initiating new projects or processing activities that may affect personal privacy, a Data Protection Impact Assessment (DPIA) will be conducted.

12. International Data Transfers

Any cross-border transfers will comply with Section 72 of POPIA, ensuring the receiving country or organisation provides substantially similar protection to POPIA.

13. Complaints Procedure

Complaints relating to the processing of personal information can be submitted to the Information Officer at:

If unresolved, complaints may be escalated to the Information Regulator:

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: popiacomplaints@inforegulator.org.za
Website: inforegulator.org.za

14. Policy Review

This Policy will be reviewed every two years and updated as necessary to ensure compliance with any changes in the law or organisational practices.

📄 WWISE-PPI-POL-01 • Version 3

Sign Up For Our Newsletter

Our Services

Quick Links

Compliance Services

Contact Us

Global Offices | Click Here

PRIVACY POLICY | PAIA | POPIA

COPYRIGHT ©2025 WWISE. ALL RIGHTS RESERVED