Data Protection Policy

1. Introduction

TSAM respects the privacy of data subjects and complies with data protection legislation governing the processing of personal information.

2. Purpose

This policy describes the principles governing the processing of personal information by TSAM.

3. Scope

This policy applies to all personal information processed in the course of TSAM business.

4. Glossary

Unless inconsistent with the context, the words and expressions in the policy (and procedures, standards and guidelines supporting the policy) have the meanings assigned to them in the TSAM Glossary of Terms

5. TSAM Data Protection Policy

TSAM:

5.1 is accountable for and processes personal information in compliance with the conditions and principles governing its lawful processing;

5.2 collects personal information for specific, explicitly defined and lawful purposes and does not further process personal information in a manner that is incompatible with those purposes;

5.3 only processes personal information that is adequate, relevant and not excessive for the purpose of the processing;

5.4 processes personal information transparently to the data subject and in a manner that is fair and does not infringe the privacy of the data subject;

5.5 does not process personal information unless it is lawfully justified to do so. Where it relies on the justification of consent, the consent granted by the data subject will be indicated by a clear affirmative action expressing specific consent, freely given, providing an unambiguous indication of the data subject’s wishes;

5.6 collects personal information directly from the data subject unless it is permitted by law to collect the information from other sources;

5.7 takes appropriate measures to safeguard the integrity and confidentiality of personal information and to prevent its loss or damage, unlawful access and unauthorised destruction;

5.8 by written contract, binds third parties processing personal information on its behalf, to establish and maintain appropriate security safeguards as well as comply with the principles set out in this policy;

5.9 provides timely notification to data subject and data protection authorities of a compromise of the data subject’s personal information;

5.10 processes personal information transparently to the data subject and takes reasonably practicable steps to ensure that the information is accurate and kept up to date;

5.11 permits and assists data subjects to access their personal information and corrects or deletes information that is inaccurate;

5.12 assists data subjects who object to the processing of their personal information;

5.13 retains personal information for the periods required by law, contracts with third parties or reasonably required for business purposes, but not for any longer than is necessary to achieve the purpose for which the personal information was collected and processed;

5.14 avoids processing special personal information and children’s information unless necessary and authorised to do so;

5.15 will not use personal information for the purpose of unsolicited electronic communication, nor for automatic decision-making, without the consent of the data subject;

5.16 only transfers personal information across borders to jurisdictions that effectively uphold the principles and conditions governing the protection of personal information established in the Republic of South Africa, alternatively if the data subject has consented to the transfer.

6. Policy Responsibility

6.1 The governing body of TSAM has appointed a Data Protection Committee to oversee data protection at TSAM.

6.2 The Data Protection Committee requires all TSAM employees, agents or invitees to uphold its data protection policy.

6.3 The TSAM CEO has appointed an Information Officer and delegated to the Information Officer the authority to fulfil the duties and responsibilities required in relevant legislation and regulation.

7. Review and Audit

7.1 The policy (and the procedures, standards and guidelines supporting the policy) is reviewed by the TSAM Data Protection Committee regularly, and at least once in each year.

7.2 Reviews and any revisions of the policy (and the procedures, standards and guidelines supporting the policy) will be recorded in an Approval and Revision History filed with this policy.

7.3 Compliance with this policy (and the procedures, standards and guidelines supporting the policy) is monitored and subject to audit.