Search
Join Us
Menu

Privacy Policy

Home » Privacy Policy

TERMS OF USE

This document serves to convey confidential information to a limited group and is not intended for further circulation. The intended recipient will:

  • Use it fairly, lawfully, at his/her own risk and exclusively for the specified purpose. protect it by reasonable measures against loss, unauthorised access, use, modification, and disclosure.
  • Notify COMRiC of corrections; and destroy the information if it no longer serves the said purpose.
  • COMRiC will not be liable for any damage or loss, relating to the use of the information, whether it arises out of contract or delict, and regardless of whether the possibility of such damage or loss was advised, or not.

1. DEFINITIONS

Throughout this document, unless otherwise stated, the words expressed have the meanings stated next to it.

a. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

b. Information relating to the education or the medical, financial, criminal or employment history of the person;

c. Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other assignment to the person;

d. The biometric information of the person;

e. The personal opinions, views, or preferences of the person;

f. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

g. the views or opinions of another individual about the person; and

h. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Public body -Means— (a) any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or (b) any other functionary or institution when— (i) exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or (ii) exercising a public power or performing a public function in terms of any legislation.

Responsible party – Means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. 

Sensitive information – This means information which, if compromised in any manner or accessed by unauthorised persons, is likely to result in significant and/or long-term harm to the institution and/or individuals to which it belongs. Sensitive Information includes Personal Information (PI) and Special Personal Information (SPI) as defined in the Protection of Personal Information Act, 2013. 

Social Identity – Means the groups with which the Third Party identifies with like race, ethnic or social origin, gender, socioeconomic status, sexual orientation, (dis)abilities, and religion/religious beliefs. 

Special Personal Information – Special Personal information means (a) the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric Page 4 | 11 Term Meaning information of a data subject; or (b) the criminal behaviour of a data subject to the extent that such information relates to— (i) the alleged commission by a data subject of any offence; or (ii) any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings. 

Stakeholder – n organisation, Government Department, entity or agency that pursues similar crime combating objectives to that of COMRiC and with whom we collaborate. 

Third party – “Third party” refers to members, collaborative partners, stakeholders, contractors, suppliers, service providers and any other external party whose information we have processed. Third parties can broadly be divided into 5 categories: 1. Organisations who are COMRiC members; 2. Vendors, suppliers, consultants who deliver services and/or product to COMRiC and who may be associated with COMRiC; 3. Collaborate Partners include organisations that are Public and or Private entities including NPO’s, NGO’s, industry bodies who COMRiC collaborate with for the purpose of combatting crime in the telecommunications industry, and have a memorandum of understanding with; 4. Stakeholders including law enforcement, Government Departments and Regulators; and 5. Any other Third Party whose personal information that COMRiC has processed lawfully. 

2. INTRODUCTION

COMRiC is a Non-Profit company formed by the telecommunications industry to assist its members to create, maintain, and support viable and commercial crime and risk combating capabilities, to enter beneficial collaboration agreements to achieve our strategic objectives for the benefit of our Country and its citizens at large.

COMRiC treats personal information that we collect from our Third Parties through various channels as sensitive information. COMRiC is committed to maintaining its responsibilities as a responsible party under the Protection of Personal Information Act, 2013 (POPIA). This policy also serves as our Privacy Notice to Third Parties.

3. PURPOSE

The purpose of this policy is to be transparent about the Personal Information that COMRiC collects from Third Parties, to describe why and how it is collected, used and protected by COMRiC and what the rights of Third Parties are in this regard.

4. APPLICABILITY

This policy is applicable to all Third Parties whose personal information is processed by COMRiC including but not limited to, members, collaborative partners, stakeholders, consultants, vendors, suppliers, service providers and any other Third Party whose Personal Information we collect.

5. DATA CLASSIFICATION

From a risk perspective, COMRiC classifies Personal Information as Sensitive Information and treats it as confidential.

6. WHAT IS PERSONAL INFORMATION

For the purposes of this policy, Personal Information will relate to the definitions of Personal Information and Special Personal Information, as described in POPIA, collectively. Personal information refers to any information relating to third parties which identifies the third party (who can be a natural or a juristic person). If a third party is a juristic person, COMRiC may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, and spouses. The latter is the third party’s related persons.

7. COMRIC’S COMMITMENT TO LAWFUL PROCESSING OF PERSONAL INFORMATION

  1. Accountability – COMRiC as the Responsible Party will ensure that Personal Information is processed in a lawful and responsible manner.
  2. Processing limitation – we shall lawfully collect personal information for a defined purpose and where applicable, with the consent of our Third Party.
  3. Purpose specification – we will only use personal information for the purposes mentioned in this policy.
  4. Further processing limitation – where a processing activity is deemed as further processing and this further purpose is inconsistent with the original purpose, we will ensure that our processing activities meet the requirements of the POPIA.
  5. Information quality – we will take reasonable steps to ensure your Personal Information is accurate, complete and updated and not misleading.
  6. Openness – COMRiC will always be open, clear and honest on how and why we use Personal Information and how we protect Personal Information.
  7. Security safeguards – COMRiC will apply and follow appropriate and reasonable technical and organisational measures to make sure that the confidentiality, integrity and availability of personal information are secured. These measures will also be applied to protect Personal Information against loss, damage, unauthorised destruction, or unlawful access. COMRiC will notify you as soon as reasonably possible should your Personal Information be accessed in an unauthorized manner.
  8. Data subject participation – we have processes in place for Third Parties to access, correct and delete Personal Information and exercise their rights in terms of applicable data protection laws.

8. TYPES OF PERSONAL INFORMATION THAT WE COLLECT

We may collect:

  • Identity information including name, surname and identity number or passport number;
  • Other identifying information of the third party which includes company registration number, VAT number, tax number and contact details;
  • Business details;
  • Financial information of the third party;
  • Invoices issued by the third party to COMRiC;
  • The contract/agreement between COMRiC and the third party;
  • Marital status and matrimonial property regime (e.g. married in community of property);
  • National origin;
  • Language;
  • Age;
  • Sex;
  • Financial history;
  • Employment details;
  • Designation;
  • Email address;
  • Physical address (e.g. residential address, work address or physical location);
  • Information about the location (e.g. geolocation or GPS location) of a third party;
  • Telephone number;
  • Online and other unique identifiers;
  • Social media profiles;
  • Social identity;
  • Criminal history;
  • Confidential correspondence;
  • Another’s views or opinions about a third party;
  • Vehicle registration numbers;
  • Surveillance records;
  • Photographs;
  • Location information;
  • Criminal behaviour and related information;
  • Physical access records ;
  • Digital records like IP addresses and digital footprint when using COMRiC platforms
  • Images on CCTV network; and
  • Any other Personal Information that is necessary for us to comply with legislation or execute our mandate.

9. HOW DO WE COLLECT

We collect this information from members, collaborative partners, stakeholders, consultants, vendors, suppliers, service providers in the course of entering into agreements, business interactions or from open-source data sources. These entities further nominate employees who will engage with COMRiC, and its network and these nominations include the sharing of limited personal information of their employees. We further collect Personal Information from other sources where lawful and reasonable, such as reputable third parties that you deal with or that COMRiC interacts with for the purposes of conducting its business. This includes Personal Information that Third Parties have provided about another Third Party. In instances where we are appointed as the Operator for other Responsible Parties, we collect directly from the relevant Responsible Party.

10. WHY DO WE PROCESS PERSONAL INFORMATION

We process Personal information in the normal course of COMRiC’s business and in the execution of our mandate. Such purposes may include but are not limited to:

  • Contractual obligations;
  • Procuring products, goods, and services from the third party;
  • Responding to enquiries from the third party;
  • Maintaining the data of the third party during the relationship with COMRiC;
  • Onboarding relationships with third parties;
  • Collaborating with the third party;
  • Complying with legislative, regulatory, risk and compliance requirements (including directives, sanctions, and rules), voluntary and involuntary codes of conduct and industry agreements or fulfilling reporting requirements and information requests;
  • Detecting, preventing, mitigating, and reporting of banking crime, financial crime, money laundering, terror finance and other crimes;
  • Communicating with the third party;
  • Performing vendor and other risk management processes;
  • For access control to our premises;
  • Conducting research and analysis; and
  • In our capacity as Operator for Responsible Parties who have appointed COMRiC to process Personal Information on their behalf.

11. WHEN WILL WE PROCESS YOUR PERSONAL INFORMATION

COMRiC will only collect, use, and share your personal information where it is necessary for us to carry out our lawful business activities. To enable you to fully understand the way in which we process your personal information, we have described the different lawful grounds for such processing in detail below:

  • We may process your personal information for a specific and explicitly defined purpose where you consent;
  • We will process your personal information where it is necessary to enter into a contract with you in order for us to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue our contractual relationship;
  • To support a public body information request– we may process personal information when it is necessary to facilitate a request from a public body as defined in POPIA;
  • In compliance with an obligation imposed by law- We are required by law to collect and process certain personal information. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue our contractual relationship;
  • We may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms;
  • When the processing is necessary for the establishment, exercise or defence of a right or obligation in law by COMRiC, and to protect the interests of a COMRiC member, collaborative partner, or stakeholder and the greater public at large;
  • The processing is for historical statistical or research purposes; and
  • The information is public information.

12. WITH WHOM MIGHT WE SHARE YOUR PERSONAL INFORMATION

When applicable and necessary, we share information with third parties like auditors and advisers supporting our services, with our employees, our members, collaborative partners, and stakeholders in execution of our mandate, with data validation providers to verify your Personal Information and perform risk management processes like credit bureaus, and other authorities as required by law.

13. CROSS BORDER SHARING OF YOUR PERSONAL INFORMATION

We will only share your personal information with third parties located outside of South Africa if they comply with either a law, or binding corporate rules or a binding agreement which states that they will provide an adequate level of protection to your personal information. This means that they must agree to lawfully process your personal information and protect your personal information in the same manner as we do. The transfer of your personal information will be based on one of the following conditions:

  • You provide your consent to the transfer;
  • The transfer is necessary for the conclusion or performance of a contract to which you are a party;
  • Transfer is for your benefit, and it is not reasonably practical to obtain your consent to that transfer; and if it were reasonably practicable to obtain such consent, you would be likely to give it; and
  • The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the responsible party and a third party.

14. DATA STORAGE AND RETENTION

We will store and keep your personal information as long as permitted for legal, regulatory, crime prevention and legitimate business purposes or for specific retention periods defined by mandates given to COMRiC. We will take all reasonably practicable steps to make sure that it is kept up to date and deleted or archived, according to our defined retention schedules.

15. SECURITY SAFEGUARDS

All PI provided by Third parties to COMRiC will be classified as sensitive data and held confidentially. The security of PI is a priority for COMRiC. We have implemented appropriate and reasonable technical and organisational measures to prevent loss, unauthorised destruction, damage or access to your PI by unauthorised parties. The security of your PI is important to us. We make sure that we implement organisational and technical procedures to keep your PI safe. We caution that you must not share or send us any Personal Information over unauthorised channels, since it is not a secure way of communication and carries a risk of interception and unauthorised access. You should only share Personal Information over authorised digital channels of COMRiC.

16. MONITORING OF ELECTRONIC COMMUNICATIONS

We communicate with you through different methods and channels. Where permitted by law, we may record and monitor electronic communications to make sure that we comply with legal and regulatory responsibilities and internal policies.

17. YOUR RIGHTS

We want to ensure that you are aware of your rights in relation to the Personal Information that we process about you.

Right to access – You have a right to get access to the Personal Information that we hold about you. If you would like a record or description of the Personal Information that we hold about you, please request this through the process that is described in the COMRiC Information Manual that will be made available upon request.

Right to rectify/correct/ update – You have a right to correct inaccurate Personal Information and to update incomplete PI. Please request this through the process described in the COMRiC Information Manual.

Right to be notified – You have the right to be notified that your Personal Information is being collected by us subject to none of the exemptions in law being applicable to the circumstances, or when your Personal Information has been accessed or acquired by an unauthorised person.

Right to object – You have a right to object to us processing your Personal Information where we have relied on one of the lawful grounds above for legitimate interest or where we perform a public law duty (and to request us to restrict processing). Please note that if you request us to restrict processing your Personal Information whilst we have a contractual relationship with you, we may have to exit the relationship. Please note that where the law permits us to process your Personal Information, we will have a legal obligation to do so and will inform you, accordingly, should you request us to restrict processing. Should you wish to exercise your right to objection, please request this through the process described in the COMRiC Information Manual that is available on request.

Right to deletion – You have a right to request that we delete your PI. Please request this through the process described in the COMRiC Information Manual that is available on request.

Right not to be subject, under certain circumstances, to automated-decisionmaking processes – You have rights in relation to automated decision-making, including a right to appeal if your application is refused. You can exercise your right by submitting your request using the process described in the COMRiC Information Manual that is available on request.

Right to lodge a complaint with the Information Regulator – If you wish to raise a complaint on how we have handled your Personal Information, you can contact our Chief Executive Officer who will investigate the matter. We hope that we can address any concerns you may have.

Please note that in instances where we have processed your Personal Information in our capacity as Operator for a Responsible Party, we are obliged to refer your enquiry or the exercise of your rights, to the applicable Responsible Party.

18. RIGHT TO CHANGE THIS PRIVACY NOTICE

We may change this privacy policy from time to time. We will update changes on our Privacy Notice on our website as is necessary: The latest version of the privacy notice will replace all earlier versions unless it says differently.

Last Updated: 07/10/2025

Table of Contents

  1. DEFINITIONS
  2. INTRODUCTION
  3. PURPOSE
  4. APPLICABILITY
  5. DATA CLASSIFICATION
  6. WHAT IS PERSONAL INFORMATION
  7. COMRIC’S COMMITMENT TO LAWFUL PROCESSING OF PERSONAL INFORMATION
  8. TYPES OF PERSONAL INFORMATION THAT WE COLLECT
  9. HOW DO WE COLLECT
  10. WHY DO WE PROCESS PERSONAL INFORMATION
  11. WHEN WILL WE PROCESS YOUR PERSONAL INFORMATION
  12. WITH WHO MIGHT WE SHARE YOUR PERSONAL INFORMATION
  13. CROSS BORDER SHARING OF YOUR PERSONAL INFORMATION
  14. DATA STORAGE AND RETENTION
  15. SECURITY SAFEGUARDS
  16. MONITORING OF ELECTRONIC COMMUNICATIONS
  17. YOUR RIGHTS
  18. RIGHT TO CHANGE THIS PRIVACY NOTICE
Start typing to see posts you are looking for.