1. Introduction

1.1 The Toyota South Africa Motors (Pty) Ltd (“TSAM”) Data Protection Committee (DPC) is responsible for the implementation and maintenance of data protection by TSAM.

1.2 All data protection policies (and the procedures, standards and guidelines supporting the policies) are approved by the DPC.

2. Purpose

2.1 The purpose of this glossary is to provide a guide for the consistent use of words, phrases and abbreviations in the data protection policies, procedures, standards and guidelines developed by TSAM.

2.2 This glossary is a “living document” and will be updated regularly to take account of developments within TSAM and externally, and promote a consistent use of words, terms and phrases used in policies, procedures, standards, and guidelines developed by TSAM.

3. Scope

This glossary applies and must be adhered to by the drafters of all data protection policies, procedures, standards, or guidelines developed by TSAM.

4. GLOSSARY OF TERMS

4.1 Words and phrases defined below will, unless the context in which it is used is clearly contrary to this Glossary, bear the meaning attributed to the word or phrase contained in this Glossary.

4.2 Where a word, term or phrase has a particular meaning within TSAM this meaning should be attributed to the word, term or phrase in preference to an alternative meaning.

4.3 Capitals are used in defined terms and abbreviations unless custom or language usage dictates the contrary.

4.4 In some instances, the term defined is also defined in relevant legislation or regulation. For the purposes of convenience and ease of reading the term referred to in legislation or regulation will not be used in full, but a reference to the definition in the legislation or regulation is provided in bold after the definition.

TERM

DEFINITION

ABBREVIATION

Automated decision-making

Decisions made solely by automated means, without any human intervention.

Section 71 PoPIA

Biometrics

Special personal identification technique based on physical, physiological or behavioural characterization including fingerprints and voice recognition.

Section 1 Definition PoPIA

Closed-circuit television

A video surveillance system used by TSAM.

CCTV

Child/ children

A person/s under the age of 18.

Section 1 Definition Children’s Act No. 38 of 2005

Consent

Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.

Section 1 Definition PoPIA

Cookies

Small text files TSAM places on a website visitors’ computer during a browsing session.

Customer

A natural or juristic person who receives a product or service from TSAM. “Customer” includes prospective customers who address enquiries to TSAM.

Customer personal data

Personal information gathered in the context of providing products or services to a customer or prospective customers of TSAM.

De-identification

The process of removing personal identifiers from personal information, resulting in the information no longer identifying a data subject.

Section 1 Definition PoPIA

Data Processing and Security Agreement

A contract between TSAM and a responsible party or operator when sharing information, imposing obligations for the processing of that information.

DPSA

Data Protection Committee

The committee appointed by the Governing Body of TSAM to oversee the implementation and maintenance of data protection by TSAM.

DPC

Data protection impact assessment

An assessment conducted by TSAM or a third party to help mitigate or minimize data protection risks of processing.

DPIA

Data sharing

Authorised transfer, or provision of access to data from TSAM to a third party under an agreement.

Data subject

the person to whom Personal Information relates.

Section 1 Definition PoPIA

Dealer

Authorised and licensed reseller of TSAM products and services.

Direct marketing

Products or services promoted by TSAM directly to the data subject by mail or electronic communication.

Section 1 Definition PoPIA

Employee

A person, who works for and is remunerated by TSAM other than an independent contractor.

If the context indicates “Employee” may include a prospective employee.

Employee personal data

Personal information relating to TSAM employees or prospective employees gathered in the context of employment relations.

Encryption

A data security process used by TSAM to convert information into an unrecognizable form that allows only authorized persons to decrypt and read the information.

Financial Intelligence Centre Act

Financial Intelligence Centre Act No.38 of 2001.

FICA

Guest

TSAM’s preferred terminology for referring to ‘customers’. ‘Guest’ may be used inter-changeably with ‘customers’.

Information Officer

The person appointed by the Head (CEO) of TSAM as the Information Officer, authorised to discharge the obligations of the TSAM CEO in terms of the Protection of Personal Information Act and the Promotion of Access to Information Act.

IO

Legitimate Interest

The justification for the processing of personal information in paragraph 11(1)(d) of PoPIA.

Legitimate Interest Assessment

An assessment that applies a three-part test to the processing of personal information, being:

  • The “Purpose” test (identify the legitimate interest);
  • The “Necessity” test (consider if the processing is necessary); and
  • The “Balancing” test (consider the data subject’s rights and interests)

LIA

Operator/Processor

a person who processes personal information for TSAM as the responsible party, in terms of a contract or mandate, without coming under the direct authority of TSAM.

Section 1 Definition PoPIA

The GDPR uses the term ‘processor’.

Opt-in and opt-out

Opt-in is the agreement by the customer to receive direct marketing.

Opt-out is the request by the customer not to receive marketing.

Promotion of Access to Information Act

Promotion of Access to Information Act No. 2 of 2000 as amended from time to time.

PAIA

Person

a natural person or a juristic person.

Section 1 Definition PoPIA

Policy

A decision by the governing body of tsam or a committee delegated to make the decision by the governing body.

Policy Instrument

A collection of policy statements that applies to the people indicated in the scope of the policy instrument.

Policy Statements

Written declarations of a policy adopted by TSAM contained in a Policy Instrument.

the Protection of Personal Information Act

the Protection of Personal Information Act No. 4 of 2013, as amended from time to time.

Section 1 Definition PoPIA

PoPIA

PoPIA champion

A person appointed by TSAM to ensure the implementation and maintenance of TSAM data protection.

Processing

The use of personal data by TSAM from the time of its acquisition or creation until the time of its destruction.

Section 1 Definition PoPIA

Personal information/ personal data

Any information relating to an identified or identifiable data subject.

Section 1 Definition PoPIA

PoPIA uses the term ‘personal information’, whereas the GDPR uses the term ‘personal data’. The terms may be used interchangeably by TSAM as may be approved by the DPC.

Regulator

The Information Regulator established in terms of PoPIA.

Section 39 of PoPIA

Responsible party/Controller

A public or private body, or any other person that determines the means and purposes for the processing of personal data.

Section 1 Definition PoPIA

The GDPR uses the term ‘controller’.

Special personal information

Any information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour of a data subject.

Sections 26 to 33 of PoPIA

Technical and organisational measures

The appropriate controls, including policies, procedures, organizational structures, physical security and software and hardware configuration, aimed at securing the processing of data.

Section 19 of PoPIA

Third party

A public or private body, or any other person that is independent from TSAM.

Transfer

The authorised replication or communication of data from one location to another, locally or cross-border to another jurisdiction.

Video surveillance

The use of CCTV systems by TSAM to monitor the workplace.

** end of policy**

Revision History

Revision No.

Revision Date

Changes Made

Chairman of DPC Approval

Rev 0

16/09/2020