Protection of Personal Information Act 14 of 2013 (“POPI”)

Abrasive Flow Solutions (Pty) Ltd, (a subsidiary of Invicta Holdings Limited) (the “AFS”), considers information to be critical to its business. Our clients and their employees, our business partners and our colleagues around the world entrust us with their Personal Information (as defined in POPI) as well as confidential business information.

POPI requires us to inform you as to the manner in which your personal information is used, disclosed and destroyed. We are committed to protecting your privacy and ensuring that your personal information is used appropriately, transparently, securely and in accordance with applicable laws.

The AFS’s Code of Conduct, and the appropriate handling of information Policies, all provide guidance for our colleagues to ensure proper safeguards are put in place and that we handle your information responsibly. All colleagues are required to certify that they have read, understand, and will comply with the Company’s Code of Conduct.

We confirm that AFS has established internal controls to comply with business and regulatory requirements, including the protection of confidential and Personal Information, shared with us.

We address some of the Frequently Asked Questions below about the AFS’s POPI readiness:

How is the AFS preparing for POPI?

AFS is undertaking a comprehensive POPI project in South Africa, to enhance its already established internal controls to comply with POPI. AFS’s POPI project involves a detailed assessment, remediation and validation of business processes, operational, IT (systems and applications), third party relationships and documentation to address any new and/or additional requirements under POPI.

How is AFS addressing POPI information security requirements?

We have an Information Security Policy in place, applicable to all information systems and applications used across the Company. We have policies and procedures in place for administrative, technical, and physical safeguards designed to appropriately protect the security, confidentiality, and integrity of Personal Information consistent with POPI.

The following measures were already in place prior to the coming into effect of POPI:

  • Internal policies for the secure handling of information;
  • Encryption tools and software to mitigate the unsecure sending of personal information outside our organisation;
  • Appropriate security systems in place to prevent unauthorized access and to combat malware, phishing and ransomware attacks;
  • Security measures in place where personal information is stored;
  • Ongoing colleague awareness and training on POPI.

How does AFS handle my Personal Information?

We handle your Personal Information in accordance with our internal policies and procedures as detailed above, and in accordance with our contractual obligations in providing our agreed services to you. We also handle your Personal Information in a manner to ensure our compliance with our sanctions, anti-money laundering and anti-corruption and other regulatory obligations.

Is Personal Information disclosed by AFS to any third parties?

Yes. In order to provide our agreed services to you and to help us operate effectively, we may disclose your Personal Information to insurers, agents, service providers and suppliers, our affiliates, regulators, or our professional advisors and auditors.

We may also disclose your Personal Information to any law enforcement agency, court, government authority, or other third party, where we believe this is necessary to comply with our legal or regulatory obligations, or to exercise our legal rights, and to a third party that purchases, or to which we transfer some, all or substantially all of our assets and/or business.

Where we contract third party services providers who may have access to your Personal Information on our behalf, we have an obligation to only appoint providers who can provide sufficient guarantees that the requirements of POPI, or other applicable data privacy laws, will be met, and the rights of data subjects, protected.

Is any Personal Information shared with AFS in South Africa transferred outside South Africa?

In certain circumstances, yes. There may be service providers that we engage that are located in countries outside of South Africa.

We may allow access to your Personal Information to parties outside South Africa. However, we have safeguards in place to protect any such data and require third parties receiving Personal Information and other confidential information, to agree to use and protect data consistent with applicable data privacy laws, including but not limited to POPI and The General Data Protection Regulation (“GDPR”).

Do we need to update any agreement in place with AFS for POPI compliance?

We do not require a new contract to be entered into, however you can access our Privacy Notices on our website www.abrasiveflowsolutions.com. If required we may provide you with an updated agreement.