Open Cities Lab Protection of Personal Information Policy

1. Introduction

1.1 Open Cities Lab is a non-profit organisation that works to realise people-centric participatory democracy by focusing on empowering informed decision-making in change agents and watchdogs in civil society, government, the media and the citizenry that leads to implemented positive social change.

1.2 Open Cities Lab is committed to processing all personal information lawfully, transparently, securely, and in accordance with the Protection of Personal Information Act 4 of 2013 (‘POPIA’), and related legislation – including the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679).

1.3 This policy sets out the manner in which Open Cities Lab processes personal information. 1.4 For purposes of this policy “we”, “us”, “our” refers to Open Cities Lab, and “you”, “your”, “user” refers to the data subject.

2. Personal Information

2.1 Personal information is any data relating to an identifiable living or juristic person and includes: contact details, demographic information, personal history, product preferences, or any other information that can be used to identify a person.

2.2 Special Personal Information is information concerning a child; and personal information concerning the religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, DNA, sexual life or criminal behaviour of a data subject.

3. How does Open Cities Lab use Personal Information?

3.1 Personal information collected by Open Cities Lab will be processed to facilitate communication with users and, in certain circumstances, special personal information will be gathered to capture demographic information and feedback during engagement processes. Specifically, we will use personal information in relation to: our professional service; administrative purposes; security and legal purposes; marketing purposes and for the enhancement of the current service offering. In the case of engagement process data, special personal information will be gathered for research processes, statistical analyses, or for matters of public interest.

3.2 Where possible and feasible, Open Cities Lab will de-identify personal information and special personal information.

4. What Personal Information is Collected by Open Cities Lab?

4.1 Open Cities Lab will collect personal information from data subjects when they contact us via our website; register on one or more of our various websites and data-tools; provide feedback through online commenting channels; establish project-level lines of communication; and during engagement and/or interview proceedings in communities. In all instances, personal information is collected with the informed consent of the data subjects concerned.

4.2 The personal information collected by Open Cities Lab may include:

4.3 The special personal information collected by Open Cities Lab may include:

• Gender
• Religious or philosophical beliefs
• Race or ethnic origin
• Trade union membership
• Political opinions

 

4.4 From time-to-time, Open Cities Lab will act as an operator, as defined in POPIA, when it receives data from its client’s or partner’s clients or partners. In this event, Open Cities Lab will:

4.4.1 only process personal information in accordance with its client’s instructions; and will not process personal information for any purpose other than those expressly authorised by the client;

4.4.2 ensure the client has appropriately secured all consents in relation to the processing of personal information;

4.4.3 ensure that reasonable steps are taken to ensure the reliability and integrity of all of our employees who have access to personal information; 4.4.4 take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal information; and

4.4.5 take reasonable steps to guard against accidental loss or destruction of, or damage to, personal information.

4.5 All our data gathering, processing, and storing activities are performed in alignment with our general Cyber Security and Incident Response policies.

5. Where is my Personal Information Processed?

5.1 Usually, your personal information will be processed within the borders of South Africa on secure Open Cities Lab servers using top-level technology and industry standard norms to manage, secure and process personal information.

5.2 From time-to-time, given the nature of cloud technology, your personal information may, in addition to 5.1 above, be stored outside the borders of South Africa to help us offer more efficient and cost-effective solutions. Open Cities Lab will ensure that your data is only processed on the same or better standards as required in the POPIA, and will request that external suppliers enter into written agreements with us in the event your data needs to be processed outside of South Africa.

6. Your rights in relation to Personal Information (Access, Deletion and Correction of Personal Information)

6.1 The provision of personal information by any data subject to Open Cities Lab is entirely voluntary – you may withdraw your consent at any time, or you may contact us at privacy@opencitieslab.org to:

i) enquire about what personal information we hold of yours; and/or

ii) request us to delete and/or correct your personal information.

6.2 Open Cities Lab will only retain personal information for as long as it is required to provide the services requested, and will under the instruction and authority of the Information Officer, ensure that all personal information is deleted when it is no longer required to perform the services (using responsible, appropriate industry-standard methodologies).

7. Information Officer and Responsible Party

7.1 If you have any requests, or queries regarding Open Cities Lab’s use of data in terms of any applicable laws, please contact privacy@opencitieslab.org. 6.2 Open Cities Lab’s Information Officer and responsible party is Wasim Moosa, and can be contacted at privacy@opencitieslab.org.

8. Safeguarding Personal Information

8.1 Open Cities Lab will take all reasonable steps to ensure your personal information is accurate, reliable and up-to-date.

8.2 Open Cities Lab will ensure that safeguards such as firewalls and data encryption are implemented to protect personal information, and will enforce physical access controls to our buildings and files.

8.3 We authorise access to personal information only for employees who necessarily require the data to fulfil job responsibilities.

8.4 If applicable, Open Cities Lab’s hosting company will host any data or service in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders.

9. Incident Response

9.1 We have appointed an incident response team to manage any data breach.

9.2 In the event any personal information is compromised as a result of a cyber attack or some form of data incident, we will notify you of this as soon as is reasonably possible.

Other Important Privacy Information

This policy is subject to change and we will take all reasonable steps to notify users in the event of change hereto.