Privacy Policy

How we protect your data and respect your privacy in South Africa.

Onfon Mobile Privacy Policy - South Africa

01INTRODUCTION

In a changing technical world, majority of jurisdictions values the Privacy and the Protection of Personal Data. All the actors involved in the management of Personal Data are expected to respect the requirements of safeguarding Personal Data. Through the various legislations passed into law the world over is committed to protecting the privacy of individuals.

The aim of this policy is to protect personal data in order to guard against misuse and to eliminate the unwarranted invasion of privacy. The fundamental principles of the policy have been largely informed by global practices and the need to bridge the gaps that exist in contextualizing privacy and data protection in technological environment in South Africa.

02POLICY STATEMENT

Onfon Mobile Limited is committed to complying with all relevant jurisdictions, legislation and applicable global legislations. Onfon Mobile recognises that the protection of individuals through lawful, legitimate, and responsible processing and use of their personal data is a fundamental human right.

03PURPOSE

The policy provides guidance on how Onfon Mobile staff will handle the data it collects. It helps the company comply with the data protection law, protect the rights of the data subjects and protects Onfon Mobile from risks related to breaches of data protection.

Understand Laws

Staff members should be knowledgeable about data privacy laws like GDPR, CCPA, etc.

Data Collection

Only collect data necessary for legitimate business purposes with consent.

Storage & Security

Store data in secure environments with encryption and access controls.

Data Retention

Establish clear policies for data retention and deletion.

Access Control

Limit access on a need-to-know basis with role-based permissions.

Incident Response

Report any breaches or suspicious activities promptly.

04SCOPE

The policy applies to:

  • Employees, Trustees, implementing partners, vendors, and contractors.
  • All data subjects, whether resident in our jurisdictions or not.
  • All formats including printed, digital, text, images, and audio.
05DEFINITIONS
Data Controller

Entity which determines the purpose and means of processing.

Data Processor

Entity which processes personal data on behalf of the controller.

Data Subject

Identified or identifiable natural person who is the subject of data.

Sensitive Data

Reveals race, health, ethnicity, beliefs, genetics, or sexual orientation.

06PRINCIPLES

Onfon Mobile will ensure that data is:

Processed lawfully, fairly and transparently.

Collected for specified, explicit purposes.

Adequate, relevant and limited to necessity.

Accurate and kept up to date.

Stored no longer than necessary.

Processed with security and integrity.

08. DUTY TO NOTIFY

Data subjects have the right to:

  • Be informed of how data is used.
  • Access their data in our custody.
  • Object to processing of their data.
  • Correct or delete false information.
09. LAWFUL & FAIR PROCESSING

Processing is lawful only where the data subject has given consent or for contract performance, legal obligations, or public interest.


11. ACCURACY OF DATA

We ensure data is accurate, corrected, or deleted without delay. Inaccurate records are destroyed promptly.

12. SAFEGUARDS & SECURITY

Measures are instituded in our Information Security policy to safeguard personal data.

13. CHILDREN'S DATA

No processing of child data without parental/guardian consent and strict protection mechanisms.

14. IMPACT ASSESSMENT

Assessments are carried out for high-risk processing operations by the DPO.


15. SENSITIVE PERSONAL DATA

Processed only for legitimate activities with safeguards or if public/required for legal claims.

16. TRANSFERRING DATA OUT

Data transfer outside South Africa only occurs with appropriate security measures and legal proof.

17. ONWARD REPORTING

Breaches are reported to the DPO within 72 hours and to the subject as soon as practical.

18. TRAINING & AWARENESS

All staff undergo induction and regular training on data privacy policies.

19. GRANTEES & PARTNERS

Partners must report breaches within 48 hours and abide by strict safeguard mechanisms.

20. ROLES & RESPONSIBILITIES

The CEO and COO are responsible for policy awareness. The PIC provides governance oversight.

21. INDEPENDENT ASSURANCE

Effectiveness is subject to regular internal audit reviews and potential external audits.

22. DATA RETENTION

Retention periods are determined by legitimate needs and documented decision making.

23. POLICY REVIEW

Reviewed every two years by the COO and approved by Trustees.