1. Introduction

1.1 The Toyota South Africa Motors (Pty) Ltd (“TSAM”) Data Protection Committee (DPC) is responsible for the implementation and maintenance of data protection by TSAM.

1.2 All data protection policies (and the procedures, standards and guidelines supporting the policies) are approved by the DPC.

2. Purpose

2.1 The purpose of this glossary is to provide a guide for the consistent use of words, phrases and abbreviations in the data protection policies, procedures, standards and guidelines developed by TSAM.

2.2 This glossary is a “living document” and will be updated regularly to take account of developments within TSAM and externally, and promote a consistent use of words, terms and phrases used in policies, procedures, standards, and guidelines developed by TSAM.

3. Scope

This glossary applies and must be adhered to by the drafters of all data protection policies, procedures, standards, or guidelines developed by TSAM.

4. Glossary of Terms

4.1 Words and phrases defined below will, unless the context in which it is used is clearly contrary to this Glossary, bear the meaning attributed to the word or phrase contained in this Glossary.

4.2 Where a word, term or phrase has a particular meaning within TSAM this meaning should be attributed to the word, term or phrase in preference to an alternative meaning.

4.3 Capitals are used in defined terms and abbreviations unless custom or language usage dictates the contrary.

4.4 In some instances, the term defined is also defined in relevant legislation or regulation. For the purposes of convenience and ease of reading the term referred to in legislation or regulation will not be used in full, but a reference to the definition in the legislation or regulation is provided in bold after the definition.

5. Terms

TERM DEFINITION ABBREVIATION
Automated decision-making Decisions made solely by automated means, without any human intervention. Section 71 PoPIA
Biometrics Special personal identification technique based on physical, physiological or behavioural characterization including fingerprints and voice recognition. Section 1 Definition PoPIA
Closed-circuit television A video surveillance system used by TSAM. CCTV
Child/ children A person/s under the age of 18. Section 1 Definition Children’s Act No. 38 of 2005
Consent Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information. Section 1 Definition PoPIA
Cookies Small text files TSAM places on a website visitors’ computer during a browsing session.
Customer A natural or juristic person who receives a product or service from TSAM. “Customer” includes prospective customers who address enquiries to TSAM.
Customer personal data Personal information gathered in the context of providing products or services to a customer or prospective customers of TSAM.
De-identification The process of removing personal identifiers from personal information, resulting in the information no longer identifying a data subject. Section 1 Definition PoPIA
Data Processing and Security Agreement A contract between TSAM and a responsible party or operator when sharing information, imposing obligations for the processing of that information. DPSA
Data Protection Committee The committee appointed by the Governing Body of TSAM to oversee the implementation and maintenance of data protection by TSAM. DPC
Data protection impact assessment An assessment conducted by TSAM or a third party to help mitigate or minimize data protection risks of processing. DPIA
Data sharing Authorised transfer, or provision of access to data from TSAM to a third party under an agreement.
Data subject The person to whom Personal Information relates. Section 1 Definition PoPIA
Dealer Authorised and licensed reseller of TSAM products and services.
Direct marketing Products or services promoted by TSAM directly to the data subject by mail or electronic communication. Section 1 Definition PoPIA
Employee A person, who works for and is remunerated by TSAM other than an independent contractor. If the context indicates “Employee” may include a prospective employee.
Employee personal data Personal information relating to TSAM employees or prospective employees gathered in the context of employment relations.
Encryption A data security process used by TSAM to convert information into an unrecognizable form that allows only authorized persons to decrypt and read the information.
Financial Intelligence Centre Act Financial Intelligence Centre Act No.38 of 2001. FICA
Guest TSAM’s preferred terminology for referring to ‘customers’. ‘Guest’ may be used inter-changeably with ‘customers’.
Information Officer The person appointed by the Head (CEO) of TSAM as the Information Officer, authorised to discharge the obligations of the TSAM CEO in terms of the Protection of Personal Information Act and the Promotion of Access to Information Act. IO
Legitimate Interest The justification for the processing of personal information in paragraph 11(1)(d) of PoPIA.
Legitimate Interest Assessment An assessment that applies a three-part test to the processing of personal information, being: The “Purpose” test (identify the legitimate interest); The “Necessity” test (consider if the processing is necessary); and The “Balancing” test (consider the data subject’s rights and interests) LIA
Operator/Processor A person who processes personal information for TSAM as the responsible party, in terms of a contract or mandate, without coming under the direct authority of TSAM. Section 1 Definition PoPIA. The GDPR uses the term ‘processor’.
Opt-in and opt-out Opt-in is the agreement by the customer to receive direct marketing. Opt-out is the request by the customer not to receive marketing.
Promotion of Access to Information Act Promotion of Access to Information Act No. 2 of 2000 as amended from time to time. PAIA
Person A natural person or a juristic person. Section 1 Definition PoPIA
Policy A decision by the governing body of tsam or a committee delegated to make the decision by the governing body.
Policy Instrument A collection of policy statements that applies to the people indicated in the scope of the policy instrument.
Policy Statements Written declarations of a policy adopted by TSAM contained in a Policy Instrument.
The Protection of Personal Information Act The Protection of Personal Information Act No. 4 of 2013, as amended from time to time. Section 1 Definition PoPIA PoPIA
PoPIA champion A person appointed by TSAM to ensure the implementation and maintenance of TSAM data protection.
Processing The use of personal data by TSAM from the time of its acquisition or creation until the time of its destruction. Section 1 Definition PoPIA
Personal information/ personal data Any information relating to an identified or identifiable data subject. Section 1 Definition PoPIA. PoPIA uses the term ‘personal information’, whereas the GDPR uses the term ‘personal data’. The terms may be used interchangeably by TSAM as may be approved by the DPC.
Regulator The Information Regulator established in terms of PoPIA. Section 39 of PoPIA
Responsible party/Controller A public or private body, or any other person that determines the means and purposes for the processing of personal data. Section 1 Definition PoPIA. The GDPR uses the term ‘controller’.
Special personal information Any information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour of a data subject. Sections 26 to 33 of PoPIA
Technical and organisational measures The appropriate controls, including policies, procedures, organizational structures, physical security and software and hardware configuration, aimed at securing the processing of data. Section 19 of PoPIA
Third party A public or private body, or any other person that is independent from TSAM.
Transfer The authorised replication or communication of data from one location to another, locally or cross-border to another jurisdiction.
Video surveillance The use of CCTV systems by TSAM to monitor the workplace.