PRIVACY POLICY 

TAKEOVER REGULATION PANEL

(“THE PANEL”)

  1. PURPOSE OF THIS POLICY
  2. WHO ARE WE AND WHAT DO WE DO
  3. HOW TO CONTACT US
  4. DEFINITIONS
  5. WHY DO WE COLLECT YOUR PERSONAL INFORMATION
  6. WHAT PERSONAL INFORMATION DO WE COLLECT
  7. HOW DO WE USE YOUR PERSONAL INFORMATION
  8. WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION?
  9. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
  10. WHERE DO WE TRANSFER YOUR PERSONAL INFORMATION TO?
  11. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
  12. HOW DO WE SECURE AND ENSURE THE CONFIDENTIALITY OF YOUR PERSONAL INFORMATION
  13. WHAT ARE YOUR RIGHTS IN REGARD TO YOUR PERSONAL INFORMATION?
  14. CHANGES TO THIS PRIVACY POLICY

1. PURPOSE OF THIS POLICY

1.1 This Privacy Policy (“Privacy Policy”) explains our approach to any Personal Information that we collect from you or which we have obtained about you from a third party and the purposes for which we process your Personal Information. 

1.2 This Privacy Policy will inform you of the nature of your Personal Information that is processed by us as well as your rights in relation to your Personal Information, including the right to request that we delete, update, and/or provide you with access to your Personal Information.

1.3 This Privacy Policy is intended to assist you in making informed decisions when engaging with us and/or to understand how your Personal Information may be processed by us and any third parties or to whom we may provide your Personal Information. 

1.4 Please also note that this Privacy Policy only applies to the Panel’s use of your

Personal Information and does not cover the processing of Personal Information by third parties.

2. WHO ARE WE AND WHAT DO WE DO

2.1 The Takeover Regulation Panel (“the Panel”) is established in terms of section 196 of the Companies Act No 71 of 2008 (“Companies Act”) as a juristic person. The Panel reports to the Minister of Trade and Industry. It functions as an organ of state within the public administration, but as an institution outside the public service. The Panel performs a number of services, including: 

  • regulating affected transactions or offers set in part B and C of chapter

5 of the Companies Act that involve regulated companies;

  • investigating complaints relating to affected transactions and offers;
  • applying to court for an order to wind up a company in certain circumstances;
  • consulting with the Minister of Trade and Industry in respect of additions, amendments or deletions to the Takeover Regulations;
  • consulting with any person with a view of advising that person on the application of the Companies Act and the Takeover Regulations;
  • issuing, amending or withdrawing information on current policy dealing with an affected transaction or offer for guidance;
  • receiving and dealing with any representations by parties on any matter in respect of affected transactions or offers; and
  • performing any other function assigned to it by legislation,    together, our “Services”.

3. HOW TO CONTACT US

3.1 If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact the Information Officer of the Panel:

Takeover Regulation Panel

Physical Address:        Freestone Park

      1st Floor

      Block 2

      135 Patricia Road

      Atholl

      2196

Telephone Number:                              011 784 0035

Information Officer:  Zano Nduli

Email address of Information Officer:  zanon@trpanel.co.za

4. DEFINITIONS

4.1 “Data Subject” has the meaning given in POPIA and includes a natural person and juristic person (companies).

4.2 “Information Regulator” means the supervisory authority in South Africa, established in terms of POPIA.

4.3 “Operator” means a person who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party.

4.4 “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person
    • “POPIA” means the Protection of Personal Information Act, 2013, as amended or replaced from time to time, and the Regulations thereunder;
    • “Process”, “Processing” or “Processed” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including-
  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
  • dissemination by means of transmission, distribution or making

available in any other form; or

  • merging, linking, as well as restriction, degradation, erasure or destruction of information.
    • “Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.
    • “Special Personal Information” means Personal information concerning-
  • the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a Data Subject; and
  • the criminal behaviour of a Data Subject to the extent that such

information relates to- o the alleged commission by a Data Subject of any offence; or

o any proceedings in respect of any offence allegedly committed by a Data Subject or the disposal of such proceedings.

5. WHY DO WE COLLECT YOUR PERSONAL INFORMATION?

5.1 We may collect Personal Information from you in the course of our business, including when you contact the Panel or request information from us, when you engage us to provide our Services or as a result of your relationship with one or more of our staff.

5.2       Our primary goal in collecting Personal Information from you is to help us:

  • verify your identity;
  • deliver our Services;
  • carry out requests made by you in relation to our Services;
  • investigate or settle inquiries or disputes;
  • comply with any applicable law, court orders, other judicial process, or the requirements of a regulator;
  • protect the rights, property or safety of us or third parties, including our employees;
  • with recruitment purposes;
  • manage the employment relationship; and
  • use as otherwise required or permitted by law.

6. WHAT PERSONAL INFORMATION DO WE COLLECT?

6.1 Save for Personal Information that we are required or permitted by law to collect, all Personal Information provided by you is provided voluntarily. However, if you do not provide the requested information we may not be able to effectively provide the Services or manage our relationship with you. 

6.2 Attached hereto as Annexure A is a non-exhaustive list of the types of Personal Information that we process.

7. HOW DO WE USE YOUR PERSONAL INFORMATION?

7.1 We attach hereto as Annexure B a non-exhaustive list of the purposes for which we Process Personal Information.

7.2 This Privacy Policy may be amended from time to time to update you regarding any other purposes for which we wish to use your Personal Information that are not listed in Annexure B, or any other changes we propose to make to the existing purposes set out in this Privacy Policy.

8. WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION?

8.1 We may Process your Personal Information with your consent. We may also Process your Personal Information on the following legal bases:

  • where Processing is necessary to carry out actions for the conclusion or performance of a contract to which you are a party;
  • where Processing complies with an obligation imposed by law on the Panel;
  • where Processing protects your legitimate interests;
  • where Processing is necessary for the proper performance of a public law duty by the Panel; or
  • where Processing is necessary for pursuing the legitimate interests of the Panel or of a third party to whom the information is supplied.

8.2 When Processing your Special Personal Information we will only process such information where permitted by law and when one or more of the following justifications apply:

  • you have consented to the processing. You may refuse or revoke your consent at any time, but should you not provide the data or revoke your consent then we may not be able to manage our relationship with you and/or provide the Services to you;
  • the Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
  • the Processing is to neccesary to comply with an obligation of

international public law;

  • the Processing is for historical, statistical or research purposes to the extent that the prupose serves a public interest and the Processing is necessary for the purpose concerned; or it appears to be impossible or would involve a disproportionate effort to ask for your consent, and sufficient guarantees are provided to ensure that the Processing does not adversely affect your individual privacy to a disproportionate extent;
  • You have deliberately made the Personal Information public;
  • The Processing is on the basis of any other justifications under POPIA;
  • Race or ethnic origin: The Processing of race or ethnic origin is to comply with laws and other measures designed to protect or advance persons or categories of persons disadvantaged by unfair discrimination.

9. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

9.1 From time to time we may also share Personal Information with the following categories of third parties as necessary:

  1. government and regulatory bodies;
  2. payroll service providers;
  3. accountancy firms;
  4. tax authorities (i.e. the South African Revenue Service);
  5. banks;
  6. insurance companies;
  7. professional service providers;
  8. IT service providers;
  9. benefit providers;
  10. cloud service providers;
  11. third-party applications or platforms; and
  12. other third party service providers.
    1. Please note this list is non-exhaustive and there may be other examples where we need to share Personal Information with other parties in order to provide the Services as effectively as we can.
    1. When we share your Personal Information with Operators we ensure that there is a written agreement in place in terms of which the Operator agrees to keep the Personal Information confidential and implement and maintain appropriate security safeguards to protect the Personal Information from unauthorised access or disclosure. 

10. WHERE DO WE TRANSFER YOUR PERSONAL INFORMATION TO?

10.1 In order to provide the Services we may need to transfer your Personal Information to locations outside South Africa from time to time, including but not limited to United State of America.

10.2 We will take steps to ensure that any international transfer of Personal Information is carefully managed to protect your rights and interests. In this regard, we will only transfer your Personal Information outside of South Africa to countries which provide an adequate level of data protection similar to that of POPIA or where we are satisfied that there is an appropriate justification under POPIA for the transfer. 

10.3 To the extent that prior authorisation from the Information Regulator is required for the transfer of Special Personal Information or Personal Information relating to children to third parties in foreign countries that do not provide an adequate level of data protection, we shall ensure that such prior authorisation requirements are complied with, in circumstances where required.

11. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?

We will retain your Personal Information for as long as required to satisfy the purpose for which it was collected and Processed, unless a longer period is required or authorised in terms of applicable laws or is necessary for our legal obligations or to defend a legal claim. It may also be retained for a longer period if required by a contract between the Panel and you or on the basis of your consent. The Panel may also retain Personal Information for historical, statistical or research purposes provided there are appropriate safeguards against the Personal Information being used for any other purpose.

12. HOW DO WE SECURE AND ENSURE THE CONFIDENTIALITY OF YOUR PERSONAL INFORMATION?

12.1 We are committed to keeping the Personal Information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the Personal Information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.

12.2 All of our employees, consultants and Operators (i.e. those who process your Personal Information on our behalf, for the purposes listed above), who have access to, and are associated with the Processing of Personal Information, are obliged to respect the confidentiality of such Personal Information.

12.3 In the event of a security compromise in relation to your Personal Information we will comply with the notification requirements under POPIA.

13. WHAT ARE YOUR RIGHTS IN REGARD TO YOUR PERSONAL INFORMATION?  

13.1    In terms of POPIA you have the following rights in relation to your Personal            Information:      

  • To request access to your Personal Information (subject to the grounds of refusal in the Promotion of Access to Information Act, 2000); 
  • To request rectification or correction of your Personal Information; 
  • To request the destruction or deletion of your Personal Information in certain circumstances including where it is no longer necessary for the Panel to Process the Personal Information for the purpose it was collected; 
  • To object on reasonable grounds to the Processing of your Personal Information (such as where the Processing is on the basis that it protects your legitimate interests or is on the basis that it is necessary for pursuing the legitimate interests of the Panel or a third party to whom the Personal Information is supplied); 
  • To object to the processing of your Personal Information for the purposes of direct marketing; 
  • Not to be subject to a decision which is based solely on the basis of automated Processing of your Personal Information; 
  • To institute civil proceedings; and
  • To withdraw consent (where such consent was obtained and relied on for the Purposes of the Processing). 

You also have the right to lodge a complaint with the Information Regulator, the details of which are as follows:

The Information Regulator (South Africa)

JD House

27 Stiemens Street

Braamfontein

Johannesburg

2001

Email: inforeg@justice.gov.za / complaints.IR@justice.gov.za

14. CHANGES TO THIS PRIVACY POLICY

We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your Personal Information we will update this Privacy Policy from time to time to reflect any changes to our use of your Personal Information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where it is practicable, we will notify you of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your Personal Information.

ANNEXURE A: TYPES OF PERSONAL INFORMATION THAT WE PROCESS

Data Subject or Category of Data Subject  Description of Personal Information processed in relation to Data Subject
Current, prospective and former employees, directors, temporary and casual workers, agents, independent contractors:  •  full legal name;
•  preferred name/ nickname; 
•  gender; 
•  citizenship, nationality and place of
birth; 
•  personal and work locations (address, city, province); 
•  country of residence; 
•  professional and     personal        phone numbers;
•  mobile number; 
•  national/ government identity number; 
•  passport number; 
•  photograph; 
•  email address;
•  date of birth/ age; 
•  Dependent’s details; 
•  bank account information; 
•  expense claim records; 
•  compensation and remuneration and other payroll information; 
•  tax identification numbers and details; 
•  employee ID; 
•  employee contact details;
•  position and occupation category; 
•  job title; 
• CV data; 
•  hire date; 
•  work history; 
•  working hours; 
•  appraisal data; 
•  termination date; 
•  potential new employers; 
•  pension membership;
•  pension join date and entry;
•  pension contributions;
•  life insurance beneficiaries; 
•  disciplinary measures and records of objectionable conduct; 
•  network user-ID, username, IP address;
•  IT access rights; 
• voice recordings; 
• health-related data including medical/ health information; 
•  disability status; 
•  pregnancy status; 
•  race/ ethnicity; 
•  educational   and/    or         professional qualifications; findings of background checks, criminal record checks and credit checks in respect of employees;
 
electronic signatures; 
 
medical aid benefits; and biometric information of employees.
 
Companies, vendors, third party service providers and other third parties: •  authorised persons’ names;  dates of birth;
•  identity numbers;
•  company registration numbers;
•  financial data; 
•  financial statements;
•  resolutions;
•  physical and postal addresses; 
•  contact numbers; 
•  email addresses; 
• copies of the incorporation certificate;
•  tax information and tax clearance certificate; 
•  VAT vendor details; 
•  banking details and evidence of banking details; and
•  various sensitive type of data as part of the background checks which include sanction screening and credit checks;
•  representations by parties on any matter in respect of affected transactions or offers.

ANNEXURE B: THE PURPOSES FOR WHICH WE PROCESS PERSONAL INFORMATION

Description of Record of Personal
Information
Purpose of Processing
Current,         prospective    and     former employees, directors, temporary and casual workers, agents, independent contractors: 
•  full legal name;
•  preferred name/ nickname; 
•  gender; 
•  citizenship, nationality and place
of birth; 
•  personal and work locations
(address, city, province); 
•  country of residence; 
•  professional and personal phone numbers;
•  mobile number; 
•  national/ government identity number; 
•  passport number; 
•  photograph; 
•  email address;
•  date of birth/ age; 
•  dependent’s details; 
•  bank account information; 
•  expense claim records; 
•  compensation and remuneration and other payroll information; 
tax identification numbers and details;  employee ID;  employee contact details;
position and occupation
category; 
job title; 
CV data;  hire date;  work history;  working hours;  appraisal data;  termination date;  potential new employers;  pension membership; pension join date and entry; pension contributions; life insurance beneficiaries; 
disciplinary measures and records of objectionable
conduct;  network user-ID, username, IP address;
IT access rights;  voice recordings;  health-related        data             including medical/ health information;  disability status;  pregnancy status;  race/ ethnicity; 
 
•  educational and/ or professional qualifications;
•  findings of background checks, criminal record checks and credit checks in respect of employees;
•  electronic signatures; 
•  medical aid benefits; and
•  biometric information    of employees.
•  verifying employees’ identity; 
•  communicating with employees;
•  managing the employment relationship including recruitment;
•  background checks; 
•  verification of right to work; 
•  work references;
•  on-boarding;
•  off-boarding; 
•  time and attendance; 
•  planning;
•  employee data management; 
• leave management;
•  processing vacation requests;
•  performance management;
•  managing disciplinary processes;
•  compensation and benefits administration;
•  insurance administration and management; 
•  remuneration and payroll administration;
•  pension management;
•  general human resources administration and management; 
•  managing workplace health and safety;
security and access control to the business premises;
IT and devices monitoring and maintenance;  employee relations including grievances, complaints, harassment, discrimination, misconduct, disciplinary, theft or loss prevention; fraud detection; 
managing employee compliance
with rules and policies; complying with employment equity obligations under the Employment Equity Act, 1998; managing legal disputes; arranging and facilitating travel; 
administrating salary, compensation and benefits, including performance reviews and payroll;
safeguarding personal property and the health of the workforce including through health and safety measures, whistleblowing, internal investigations, engagement of law enforcement; 
monitoring to protect the Company’s and its employees’ legal rights;
 
managing Company assets and properties, turnover, resourcing, workforce deployment; 
maintaining the safety, security, functionality and integrity of the Company’s websites, assets and business including troubleshooting technical problems when they arise.
 
Companies, vendors, third party service providers and other third parties:
•  authorised persons’ names; 
•  dates of birth;
•  identity numbers;
•  company registration numbers;
•  financial data; 
•  financial statements;
•  resolutions;
•  physical and postal addresses; 
•  contact numbers; 
•  email addresses; 
•  copies of the incorporation
certificate;
•  tax information and tax clearance
certificate; 
•  VAT vendor details; 
•  banking details and evidence of banking details; and
•  various sensitive type of data as part of the background checks which include sanction screening and credit checks; representations by parties on any matter in respect of affected transactions or offers.
 
•  on-boarding new vendors or service providers;
•  considering and investigating complaints in relation to affected transactions and offers; regulating affected transactions and offers; making applications to court; consulting with any person with a view of advising that person on the application of the Companies Act and the Takeover Regulations;  receiving and dealing with any representations by parties on any matter in respect of affected
transactions or offers;
effecting payment to the
vendor/service provider; conducting sanction checks; conducting criminal and credit checks on potential vendors and
service providers;    
•  managing accounts payable in respect of vendors or service providers;
for statistical and budgetary purposes;
• controlling access to the premises;
• management of the relationship and entering into contracts with vendors and service providers.