Legal Consultation

POPIA consent

This sample document is for guidance only. It may differ depending on the information your business collects and what the information is used for. If you require assistance with a tailored consent document, give us a call. 
Sample Third-Party Consent in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA)
1. Introduction
1.1 POPIA gives effect to the constitutional right to privacy. It requires that the personal information of individuals  be processed in a lawful and reasonable manner which does not infringe on the individual’s right to privacy.
1.2 This document sets out the personal information that will be collected and processed by the Company.
2. What is personal information?
2.1 - The Company will collect the following information:
2.1.1 - names and surnames;
2.1.2 - birth dates; 
2.1.3 - demographic information; 
2.1.4 - details regarding education;
2.1.5 - personal and email addresses;
2.1.6 - occupation details; and
2.1.7 - contact details.
3. What is the purpose of the collection and processing of the processing of the personal information? 
3.1 - The Company is required to collect this information ___________________________________.
3.2 - The Company may use and disclose collected personal information to ______________________________________, without obtaining further consent from the relevant individual. 
3.3 - The Company will not process personal information for a purpose other than that identified in clause 3.2 above without obtaining prior consent from the relevant individual to further processing.
4. What is ‘processing’?
4.1 - According to POPIA, “processing’’ refers to any operation or activity, whether or not by automatic means, concerning personal information, including collection, receipt, recording, organisation, collation, storage, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction and destruction of information.
5. How will the Company process personal information? 
5.1 - Information will be collected in the following manner:
5.1.1 - Directly from the individual; 
6. To whom will personal information be disclosed? 
6. 1 - The personal information may be disclosed and exchanged within the Company and ________________________________.
7. Consent and Permission to process personal information:
7.1 - I hereby provide authorisation to the Company to process the personal information provided for the purpose stated above.
7.2 - Where I shared personal information of individuals other than myself with the Company, I hereby provide consent on their behalf to the collection and processing of their personal information in accordance with this consent provided and I warrant that I am authorised to give this consent on their behalf.
7.3 - To this end, I indemnify and hold the Company harmless in respect of any claims by any other person on whose behalf I have consented, against the Company should they claim that I was not so authorised.
7.4- I understand that in terms of POPIA and other laws of South Africa, there are instances where my express consent is not necessary in order to permit the processing of personal information, which may be related to police investigations, litigation or when personal information is publicly available.
7.5- I will not hold the Company responsible for any improper or unauthorised use of personal information that is beyond its reasonable control.
8. Rights regarding the processing of personal information
8.1 - The individual may withdraw consent to the processing of personal information at any time, subject to the provision of reasonable notice to the Company’s Information Officer of the withdrawal to the following email address: ________________________________________.
8.2 - The withdrawal will be subject to the terms and conditions of any other contract in place between the individual and the Company.
8.3 - The withdrawal will come into effect once the notice has been acknowledged in writing by the Information Officer. Acknowledgement of the notice will not be unreasonably withheld. 
8.4 - Where personal information has changed, the individual is encouraged to notify the Company to allow records to be updated. 
8.5 - The individual may request access records of their personal information and the details of third parties to which their personal information has been supplied, by notice to the Company’s Information Officer. A request may be declined if:
8.5.1 - The information comes under legally privileged;
8.5.2 - The disclosure of personal information in the form that it is processed may result in the disclosure of confidential or proprietary information;
8.5.3 - The information was collected in terms of an investigation or legal dispute, instituted or being contemplated;
8.5.4 - Disclosing the information may result in the disclosure of another person’s information; or 
8.5.5 - The disclosure is prohibited by law.
9. Declaration 
9.1 - I give consent to the processing of my personal information by the Company and third parties stated above. 
9.2 - I acknowledge that the Company any of its affiliates will be processing my personal information. The processing of such information will be carried out in accordance with the law and will be reasonable and carefully done. 
9.3 - I agree that the purpose for collection of the personal information as stated above is adequate, relevant, and not excessive. 
9.4 - We agree that the personal information processed shall be confidential information and shall be treated as such by us. 
9.5 - I have read and understood the information provided above. 

POPIA contract clause

This sample document is for guidance only. It may differ depending on the information your business collects and what the information is used for. If you require assistance with a tailored consent document, give us a call. 
Sample Consent Clause in terms of the Protection of Personal Information Act 4 Of 2013 (POPIA)
1.1 - It is recorded that the Parties have disclosed, and in the future shall continue to disclose, personal information to each other as defined and regulated by various other legislation including the Protection of Personal Information Act 4 of 2013 (POPIA).
1.2 - The Parties:
1.2.1 - commit to protecting each other’s right to privacy; 
1.2.2 - shall ensure the processing of personal information is conducted fairly and in accordance with law; 
1.2.3 - shall ensure that the purpose of processing of the personal information is adequate, relevant, and not excessive; and
1.2.3 - shall ensure that the purpose of processing of the personal information is adequate, relevant, and not excessive; and
1.2.4 - shall not, under any circumstances, processes any personal information in any manner prohibited by POPIA or any other legislation.
1.3 - The Parties know and understand the purpose and use of the personal information, and the method and manner of processing of the personal information.
1.4 - The Parties hereby irrevocably give consent to each other to process, and further process, personal information where the processing is necessary and for an agreed-upon purpose.
1.5 - The Parties indemnify and hold harmless each other from any action or claim of any nature whatsoever that might be brought by any person as a result of any personal loss, injury or damage arising directly or indirectly from any act or omission on relating to any negligent or wilful breach of compliance with any law and POPIA.

CIPC: Beneficial Ownership Register 

If you are a director of a company or member of a close corporation, it is your duty to complete a detailed Beneficial Ownership Register, supported by relevant documents, which must be submitted to CIPC on its e-services platform. You may outsource this function to an accountant but remember that this nevertheless remains your responsibility.

What is a Beneficial Owner?
The “Beneficial Owner” of a company is an individual who directly or indirectly, owns 5% or more of that company, or exercises effective control of that particular company, by:
- holding beneficial interests in securities of that company.
- exercising, or controlling the exercise of, voting rights associated with the securities of the company.
- exercising, or controlling the exercise of, the right to appoint or remove members of the board of directors of the company.
- holding beneficial interest in the securities, or the ability to exercise control, including through a chain of ownership or control of a holding company of that company.
- being able to materially influence the management of that company.

What must you do?
You must identify the Beneficial Owners of your business, collect their information, and record it in a Register to be filed with CIPC. All security requirements applicable to personal information should be adhered to.

For each beneficial owner, you must capture the following information in the register:
- their full name, Identity number or registration number, and date of birth.
- business or residential and postal address.
- email address.
- confirmation of their participation and the extent of the beneficial interest in the business.

The Register must be submitted to CIPC on behalf of your business by no later than October 2023.

Thereafter, the Register must be regularly updated as needed and audited annually. Any changes to beneficial ownership must be captured in the register as soon as possible and no later than within ten business days of the change. Your updated Register can be submitted with your business’ annual returns by yourself or your accountant.

If you are required to complete a Beneficial Ownership Register, not doing so is an offence in terms of the Companies Act which may result in the imposition of an administrative penalty on your business. It is therefore imperative that you ensure compliance with CIPC’s requirements.