Protection of Personal Information Operating Policies and Procedures
Pace Car Rental specialise in off-airport rentals and executive meet and greet services at the major airports. We also specialise in the insurance car replacement business, the film industry, long term car rental, minibus hire, van rental and bakkie rentals.
Pace Car Rental proudly conducts business in accordance with the highest standards of integrity and business ethics and is in full compliance with all applicable laws.
The Data Protection Policy was developed at the direction of Pace Car Rental Executive Management to provide clear guidance and raise awareness amongst all employees.
Executive Management is fully committed to conduct business with the highest level of integrity and have appointed an Information Officer to ensure the strict adherence to the Data Protection Policy and the law.
We are committed to compliance with The Protection of Personal Information (POPI) Act which requires us to:
- Sufficiently inform our customers how we intend using their information;
- Protect our Information assets from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.
This policy establishes general standards for the protection of personal information within our organisation and provides principles regarding the right of individuals to privacy and to reasonable safeguarding of their personal information.
The Information Officer is responsible for:
- The development and upkeep of this policy;
- Ensuring this policy is supported by appropriate documentation;
- Ensuring that documentation is relevant and kept up to date;
- Ensuring this policy and subsequent updates are communicated
All employees, departments and individuals directly associated with us are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.
Any Service Provider responsible for providing and managing information technology must adhere to the same information security principles contained in this policy to ensure security measures are in place in respect of processing of personal information.
Principle 1: Accountability
- We take reasonable steps to ensure that personal information obtained from customers is stored safely and securely.
Principle 2: Processing Limitation
- We collect personal information directly from customers.
- Once in our possession we only process or release customer information with their consent, except where we are required to do so by law. In the latter case we will always inform the customer.
Principle 3: Specific Purpose
- We collect personal information from customers to enable us to provide them with our great services.
Principle 4: Limitation on Further Processing
- Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially.
- We collect personal information to conduct our core business and will only use the information for such purpose.
Principle 5: Information Quality
- We are responsible for ensuring that customer information is complete, up to date and accurate before we use it.
- We may find it necessary to request customers to update their information and confirm that it is still relevant.
Principle 6: Transparency/Openness
- Where personal information is collected from a source other than directly from a customer we are responsible for ensuring that the customer is aware:
o That their information is being collected;
o Who is collecting their information by giving them our details;
o Of the specific reason you we are collecting their information.
Principle 7: Security Safeguards
- We ensure technical and organisational measures to secure the integrity of personal information and guard against the risk of loss, damage or destruction thereof.
- Personal information is protected against any unauthorised or unlawful access or processing.
- We are committed to ensuring that information is only used for legitimate purposes with customer consent and only by authorised employees of our company.
Principle 8: Participation of Individuals
- Customers are entitled to know particulars of their personal information held by us, as well as the identity of any authorised employees of our company that has access thereto.
- Customers are entitled to correct any information held by us.
The Executive Management Team and Information Officer are responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes. All employees, business units, departments and individuals directly associated with us are to be trained, according to their functions, in the regulatory requirements, policies and guidelines that govern the protection of personal information.
We will conduct periodic reviews and audits, where appropriate, to ensure compliance with this policy.
We shall establish appropriate standard operating procedures that are consistent with this policy and regulatory requirements. This will include:
- Allocation of information security responsibilities
- Incident reporting and management
- Information security training and education
- Data backup
Any breach of this policy may result in disciplinary action and possible termination of employment.