Access to Personal Information Policy V2

Regulation 4 | Protection of Personal Information Act 2013

    1. Introduction

    Emergence Growth South Africa seeks to provide accurate and timely Information regarding its activities to its Clients / Customers, Employees, Suppliers, Partners and Stakeholders and other interested parties.

    1. Purpose

    The purpose of this Policy is to give effect to the right of access to Personal Information as provided for in the Protection of Personal Information Act (POPIA) and to outline how Data Subjects may request access to Personal Information held by Emergence Growth South Africa (“the Company”).

    This Policy ensures that:

    • Personal Information is processed lawfully and transparently
    • Requests for access are handled consistently and efficiently
    • Confidentiality and privacy of all Data Subjects are protected

    2. Scope

    This Policy applies to:

    • All Personal Information processed by the Company

    All Data Subjects, including:

    • Employees
    • Customers / Clients
    • Suppliers and Service Providers
    • Third Parties

    3. Definitions

    Personal Information: Information relating to an identifiable, living natural person and, where applicable, an identifiable juristic person.

    Data Subject: The person or entity to whom Personal Information relates.
    Responsible Party: Emergence Growth South Africa.

    4. Right of Access to Personal Information

    Data Subjects have the right to:
    Request confirmation of whether the Company holds their Personal Information
    Request access to such Personal Information
    Request correction, updating, or deletion of Personal Information (where applicable)
    Access will be granted:

    • Within a reasonable timeframe
    • Subject to verification of identity
    • Subject to applicable legal limitations

    5. Process for Requesting Access

    Requests for access must:

    • Be made in writing using the prescribed POPIA/PAIA request form (if applicable)

    Include sufficient detail to identify:

    • The Data Subject
    • The specific information requested
    • Be submitted to the Information Officer at: [email protected]

    The Company may:

    • Request proof of identity before processing the request
    • Charge a reasonable administrative fee where permitted

    6. Grounds for Refusal of Access

    Access to Personal Information may be refused where:

    • Disclosure would violate the privacy of another Data Subject
    • The information is protected by legal privilege

    The information relates to:

    • Internal investigations
    • Confidential business information
    • Employee records restricted by internal policies
    • Disclosure may cause harm to the Company or a third party

    7. Categories of Information Restricted from Access

    7.1 Employee Information
    Access is restricted to:

    • Personal employment records
    • Medical information
    • Internal communications
    • Recruitment and selection records
    • Disciplinary and misconduct investigations

    7.2 Customer / Client Information
    Access is restricted to:

    • Personal Information of other clients or their employees
    • Confidential commercial information

    7.3 Supplier and Third-Party Information
    Access is restricted to:

    • Personal Information of suppliers and third parties
    • Contractual and confidential business records

    8. Information Handling and Safeguards

    The Company implements appropriate technical and organisational measures to protect Personal
    Information, including:

    • Confidentiality agreements where required
    • Password protection and encryption of sensitive data
    • Secure storage (electronic and physical)
    • Controlled access based on “least privilege” principles
    • Secure disposal in line with the Document Destruction Policy

    9. Access Control

    Access to Personal Information is:

    • Restricted to authorised individuals only
    • Based on a legitimate business need

    Controls include:

    • User access provisioning and approval processes
    • Role-based access controls
    • Regular access reviews
    • Automatic deactivation of inactive accounts

    10. Security Measures

    The Company enforces:

    • Password protection and encryption
    • Account lockout after multiple failed attempts
    • Mandatory password changes at defined intervals
    • Secure system authentication protocols

    11. Role of the Information Officer

    The Information Officer is responsible for:

    • Ensuring compliance with POPIA
    • Managing access requests
    • Maintaining records of requests and responses
    • Ensuring appropriate safeguards are implemented

    Updates to this Policy

    The Company reserves the right to amend this Policy at any time to ensure ongoing compliance with applicable legislation and best practices.

     

    Updated March 2026

    Ready to transform insights into action?
    Contact Emergence Human Capital to design, deploy, and drive meaningful change through intelligent employee engagement surveys.

    Office: +27 11 026 3442

    eMail: [email protected]

    https://emergencegrowth.com/hr-reward-services/hr-surveys-data-insights/