-
process the Personal Information strictly in accordance with its mandate any specific instructions provided to it by the Organisation from time to time.
-
not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement.
-
only disclose, transfer and / or hand over the Personal Information to authorised person(s).
-
treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Organisation with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the a similar Operator agreement with this Operator;
-
has and will continue to have in place, appropriate technical and Organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure, or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA.
-
notify the Organisation immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person.
-
process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions.
-
not use the Personal Information for any direct marketing or advertising, research, or statistical purposes.
-
not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Organisation’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Operator.
-
not sell, alienate, or otherwise part with the Personal Information or any of the records housing the Personal Information.
-
where it is allowed to transfer the Personal Information onwards to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and the Organisation which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to a Sub operator.
-
ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular a Sub Operator Agreement, where applicable.