This glossary applies and must be adhered to by the drafters of all data protection policies, procedures, standards, or guidelines developed by TSAM.
TERM | DEFINITION | ABBREVIATION |
Automated decision-making | Decisions made solely by automated means, without any human intervention. Section 71 PoPIA | |
Biometrics | Special personal identification technique based on physical, physiological or behavioural characterization including fingerprints and voice recognition. Section 1 Definition PoPIA | |
Closed-circuit television | A video surveillance system used by TSAM. | CCTV |
Child/ children | A person/s under the age of 18. Section 1 Definition Children’s Act No. 38 of 2005 | |
Consent | Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information. Section 1 Definition PoPIA | |
Cookies | Small text files TSAM places on a website visitors’ computer during a browsing session. | |
Customer | A natural or juristic person who receives a product or service from TSAM. “Customer” includes prospective customers who address enquiries to TSAM. | |
Customer personal data | Personal information gathered in the context of providing products or services to a customer or prospective customers of TSAM. | |
De-identification | The process of removing personal identifiers from personal information, resulting in the information no longer identifying a data subject. Section 1 Definition PoPIA | |
Data Processing and Security Agreement | A contract between TSAM and a responsible party or operator when sharing information, imposing obligations for the processing of that information. | DPSA |
Data Protection Committee | The committee appointed by the Governing Body of TSAM to oversee the implementation and maintenance of data protection by TSAM. | DPC |
Data protection impact assessment | An assessment conducted by TSAM or a third party to help mitigate or minimize data protection risks of processing. | DPIA |
Data sharing | Authorised transfer, or provision of access to data from TSAM to a third party under an agreement. | |
Data subject | the person to whom Personal Information relates. Section 1 Definition PoPIA | |
Dealer | Authorised and licensed reseller of TSAM products and services. | |
Direct marketing | Products or services promoted by TSAM directly to the data subject by mail or electronic communication. Section 1 Definition PoPIA | |
Employee | A person, who works for and is remunerated by TSAM other than an independent contractor. If the context indicates “Employee” may include a prospective employee. | |
Employee personal data | Personal information relating to TSAM employees or prospective employees gathered in the context of employment relations. | |
Encryption | A data security process used by TSAM to convert information into an unrecognizable form that allows only authorized persons to decrypt and read the information. | |
Financial Intelligence Centre Act | Financial Intelligence Centre Act No.38 of 2001. | FICA |
Guest | TSAM’s preferred terminology for referring to ‘customers’. ‘Guest’ may be used inter-changeably with ‘customers’. | |
Information Officer | The person appointed by the Head (CEO) of TSAM as the Information Officer, authorised to discharge the obligations of the TSAM CEO in terms of the Protection of Personal Information Act and the Promotion of Access to Information Act. | IO |
Legitimate Interest | The justification for the processing of personal information in paragraph 11(1)(d) of PoPIA. | |
Legitimate Interest Assessment | An assessment that applies a three-part test to the processing of personal information, being:
| LIA |
Operator/Processor | a person who processes personal information for TSAM as the responsible party, in terms of a contract or mandate, without coming under the direct authority of TSAM. Section 1 Definition PoPIA The GDPR uses the term ‘processor’. | |
Opt-in and opt-out | Opt-in is the agreement by the customer to receive direct marketing. Opt-out is the request by the customer not to receive marketing. | |
Promotion of Access to Information Act | Promotion of Access to Information Act No. 2 of 2000 as amended from time to time. | PAIA |
Person | a natural person or a juristic person. Section 1 Definition PoPIA | |
Policy | A decision by the governing body of tsam or a committee delegated to make the decision by the governing body. | |
Policy Instrument | A collection of policy statements that applies to the people indicated in the scope of the policy instrument. | |
Policy Statements | Written declarations of a policy adopted by TSAM contained in a Policy Instrument. | |
the Protection of Personal Information Act | the Protection of Personal Information Act No. 4 of 2013, as amended from time to time. Section 1 Definition PoPIA | PoPIA |
PoPIA champion | A person appointed by TSAM to ensure the implementation and maintenance of TSAM data protection. | |
Processing | The use of personal data by TSAM from the time of its acquisition or creation until the time of its destruction. Section 1 Definition PoPIA | |
Personal information/ personal data | Any information relating to an identified or identifiable data subject. Section 1 Definition PoPIA PoPIA uses the term ‘personal information’, whereas the GDPR uses the term ‘personal data’. The terms may be used interchangeably by TSAM as may be approved by the DPC. | |
Regulator | The Information Regulator established in terms of PoPIA. Section 39 of PoPIA | |
Responsible party/Controller | A public or private body, or any other person that determines the means and purposes for the processing of personal data. Section 1 Definition PoPIA The GDPR uses the term ‘controller’. | |
Special personal information | Any information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour of a data subject. Sections 26 to 33 of PoPIA | |
Technical and organisational measures | The appropriate controls, including policies, procedures, organizational structures, physical security and software and hardware configuration, aimed at securing the processing of data. Section 19 of PoPIA | |
Third party | A public or private body, or any other person that is independent from TSAM. | |
Transfer | The authorised replication or communication of data from one location to another, locally or cross-border to another jurisdiction. | |
Video surveillance | The use of CCTV systems by TSAM to monitor the workplace. |
** end of policy**
Revision History | |||
Revision No. | Revision Date | Changes Made | Chairman of DPC Approval |
Rev 0 | 16/09/2020 | ||