- ESG Sustainability
- JSE Archive
Adapt IT Proprietary Limited (“Adapt IT”) adheres to applicable data privacy laws. We believe that everyone has a right to privacy, and we take our responsibilities seriously in processing the personal information of those we do business with.
What is the global view on data protection?
There are over 100 countries that have data protection laws, including an increasing number of African countries. The good news is that data protection laws around the world are about 80% the same. As a proudly South African company that plays on the global stage, Adapt IT maintains a global view because data protection laws influence each other.
What is the GDPR?
GDPR stands for the General Data Protection Regulation. It is a European Union (EU) law that became effective on 25 May 2018. Europe is the world leader in data protection, which means that the GDPR sets the global trends for data protection law. The GDPR determines how organisations must process and protect the personal information of people living in the European Union. Although it was drafted and passed in the EU, it imposes obligations onto organisations anywhere, so long as they target or collect the personal information of people in the EU. While Adapt IT only has a small number of EU customers, we take the protection of your personal information very seriously and have positioned ourselves to comply with the GDPR.
What is POPIA?
POPIA stands for the Protection of Personal Information Act. It is the South African law that governs how personal information is collected, used, and stored. POPIA recently came into full effect on 1 July 2021. It aims to strengthen the security and protection of personal information in South Africa. Adapt IT is required to comply with POPIA.
POPIA uses different terminology to the GDPR:
What is personal information (or personal data)?
Personal information (or personal data) is any information that identifies a person either directly (e.g. names and contact details) or indirectly (e.g. email addresses and IP addresses). POPIA differs from the GDPR in that it protects the personal information of not only natural persons, but also juristic entities, like companies, close corporations, and non-profit organisations.
What is Adapt IT’s role as defined by data protection laws?
Generally, there are three role players in data protection:
Adapt IT is either the responsible party or the operator, depending on the circumstance.
- With our Caseware™ solution, we provide you with practice management, audit and financial reporting functionality. Our solution allows you to upload your customer’s information to manage their tax, finance and audit related matters more efficiently. In this case we are your operator because you are using the Caseware solution to provide services to your customers and we have the backend ability to view your customer’s information to help troubleshoot any issues you may have.
- With our IntelliPERMIT™ solution, we provide you with electronic permits to work and plant operations management services. You use our solution to track and monitor the safety and compliance of your staff at a plant. Like with the Caseware example, we have the backend ability to view your staff data and troubleshoot any issues you have may experience.
Although it’s these are our solutions, you are collecting the personal information that we can view, and you are making the decisions on how to process that personal information.
Does the GDPR apply to Adapt IT’s resellers, collaborators and contractors?
Yes. If you provide products or services to clients in the EU, then you need to comply with the GDPR in the following roles:
A reseller of Adapt IT’s services acts as a processor to their customers, and Adapt IT becomes a sub-processor of the information uploaded to your hosting package on our servers.
What is an Information Officer (or Data Protection Officer)?
An Information Officer is responsible for making sure that an organisation is doing everything right when it comes to protecting personal information. An Information Officer is sometimes called a Data Protection Officer or Privacy Officer. Eddy Lekhuleni is Adapt IT’s Information Officer. If you have any questions about your personal information, or how we protect it and ensure that it is processed according to relevant laws and regulations, he is available at firstname.lastname@example.org.
What steps has Adapt IT taken to comply with relevant data protection laws?
We have taken several steps to comply with relevant data protection laws, including:
What is a data processing agreement?
A data processing agreement (or data processing addendum or DPA) is a legally binding document that describes an arrangement between two organisations, where one instructs the other to perform information operations on their behalf. These relationships almost always entail a third-party processing people’s personal data. For this reason, data protection laws generally have strict rules governing data processing agreements.
Does Adapt IT have data processing agreements?
We have taken proactive steps to update our various agreements in line with our requirements in data protection law, including our Customer Relationship Terms, Contractor Relationship Terms and various orders. This means that data protection provisions have already been incorporated into your agreements with us.
If you are still concerned about whether you need a DPA with us, please contact our Information Officer. We are happy to work with you to ensure compliance with relevant data protection laws.
In terms of POPIA, does the law prohibit Adapt IT from transferring personal information cross-border?
Generally, no. However, POPIA does place various limitations on how a responsible party may transfer personal information cross-border. In the definition of POPIA, Adapt IT usually acts as an operator on behalf of our customers (the responsible party). POPIA permits operators to transfer personal data outside of South Africa on the condition that a responsible party is informed by an operator where personal data is transferred to.
The way we provide you with our products and services may require us to transfer personal data you place in our care outside of South Africa. This is especially the case with our products that makes use of cloud-based technology. Some examples of these products include:
Although cloud infrastructure may not always be based in South Africa, we have taken appropriate due diligence and care to ensure that:
Adapt IT uses industry-standard information security measures to make sure that the personal information you put in our trust is as secure as reasonably possible.
Adapt IT remains committed to helping you Achieve more by working together to protect personal data.