Managed People Solutions Data Privacy Policy

Managed People Solutions, a subsidiary of Meridian Holdings (Pty) Ltd, is committed to safeguarding your personal information. Protecting your privacy is a fundamental aspect of how we conduct business and reflects our dedication to ethical data practices. For us, it is more than just ensuring we comply with the relevant legislation; it outlines your choices and your rights concerning your personal data.

This policy sets out our approach to managing personal information in a manner that is transparent, responsible, and aligned with the requirements of the Protection of Personal Information Act (POPIA), the Promotion of Access to Information Act (PAIA), and other applicable privacy laws in the jurisdictions where we conduct business.

1. What this Privacy Policy covers / applies to

This Privacy Policy applies when you:

  • Use any of our products, resources, services and/or solutions;
  • Apply for a customer account to purchase from us;
  • Make use of our website, including any linked or affiliated online platforms (i.e. Reporting Site);
  • Make use of any electronic platforms whereby services and information are provided through a service level agreement between Managed People Solutions and a third-party supplier;
  • Visit any of our branded social media pages;
  • Apply to us for a job or work placement;
  • Apply to us for a training and development program (e.g. qualification, internship, skills program, short course, etc.)
  • Supply services to us where this involves any personal information; and/or
  • As a result of your relationship with our clients, customers and/or employees;
  • Conclude a contract with us;
  • Need to comply with, keep, and maintain and report on records and/or information in accordance with any legislative provision/s and industry specific regulation/s;
  • As a result of a contract requiring us to support you with statutory compliance;
  • When performing authorised credential verifications which include, but are not limited to, educational qualifications, professional memberships, employment history, employment references, consumer credit, criminal record, drivers’ license, and fraud prevention checks etc.;
  • When performing recruitment (including selection or functional assessments), human resource and payroll operations; and
  • When administering benefits such as Healthcare, Retirement Funding, etc. where applicable.

2. How Personal Information is defined

‘Personal information’ is information that relates to an identified or identifiable living natural person, or a juristic person.

In the case of a living natural person, this includes any information that can be used to identify you or that we can link to you. Such information may include, but is not limited to, your name, identity or passport number, contact details, demographic information, and any other data that can be associated with you. In the case of a juristic person, this refers to a legal entity (such as a company, trust, or other organisation) and includes any information relating to ownership, identification, registration numbers in terms of relevant South African legislation, contact details, and financial information and history.

3. Who are you sharing your Personal Information with

The following companies or brands are considered part of the Meridian Group: Meridian Holdings, Meridian Wine Merchants, Meridian Wine Distribution, Meridian Services, Meridian East Africa, Meridian Wines Kenya, Meridian Collective, Meridian Foundation, Managed People Solutions, Cape Wine Academy, and Commerce 7.

For this Privacy Policy, we will refer to Managed People Solutions.

We may share your personal information within the Meridian Group under the following circumstances:

  • Support Services: When we require assistance with services such as information technology support and maintenance, accounting, management services, legal support, or other operational functions that we are unable to perform without the support of the broader group.
  • Employee Access: When access to your personal information is necessary for employees to perform their duties, such as members of our sales team who need your information to engage with you regarding our products and services. All employees are contractually obligated to maintain the confidentiality of personal information and to protect it against unauthorized access or disclosure.

4. What Personal Information do we collect and store

We may collect the following categories and types of information considered to be personally identifiable (if either applicable to a living natural person or juristic person):

  • Personal details: Name, surname, ID, age, race, gender, sex, pregnancy, marital status, nationality, physical or mental health, well-being, disability, language, and date of birth, registration number, taxation and VAT numbers, registration to applicable liquor authorities, ownership information, disability status;
  • Contact details: Phone number, mobile number, physical and postal address, business address, delivery address, email address, information relating to next of kin and beneficiaries;
  • Employment details: employment history such as job title, employer name, employee number, medical particulars, financial particulars, such as retirement annuity and pension fund details, salary figures; information provided through a CV or resume, criminal background history;
  • Education details: qualifications completed and schooling information including results, competency levels;
  • Economic or Financial information: Banking details, bank statements, taxation certificates, financial statements, insurance information and references to payment history;
  • Transactional information: Details of payments made to or received from you as an individual or juristic person, details of products and/or services purchased from us to supplied to us;
  • Technology Based information: Browser, device and domain names and information, Internet Protocol (IP) address, geographic locations including GPS coordinates, information collected through cookies, online services and applications requiring passwords and other access and login information features, operating systems and platforms;
  • Correspondence: Marketing preferences, information you provide to us for customer communications, information provided through our customer service department, and any dealings with our representative employees, pictures (i.e. graduation, in trade pictures);
  • Special Personal Information:
    o racial and ethnic information through CCTV cameras installed at our premises for security reasons;
    o criminal behaviour and history through the recruitment and hiring process;
    o information relating to your health as part of our Covid 19 screening process and protocols; and
    o information indicating religious beliefs through organising of events and asking for dietary requirements.

We do not collect the following information:

  • Information of persons under 18. Such information is only obtained if voluntarily disclosed by employees through the completion of employee contracts, retirement fund-, pension fund- or life insurance fund beneficiary details.
  • Credit card information. Credit card details are specifically prohibited from being stored to minimise the risk and protect our business and our customers from fraudulent transactions.

5. How we collect your Personal Information

Where you make use of and/or purchase our products and/or services (refer to point 1. What this Privacy Policy covers / applies to), we will collect personal information from various sources including (but not limited to) the following:

  • Directly from or through interactions with you (i.e. through subscription to our publications and marketing emails);
  • Through automated or passive interactions with you (i.e. through access to and navigating of our website or ERP system platform);
  • Application for a job, training program or work placement with us;
  • Opening and purchasing through a customer account with us;
  • Opening and supplying through a vendor / supplier account with us;
  • Through granting access to our premises;
  • Our warehousing and office facilities may be monitored by CCTV cameras;
  • To enable you to facilitate the conclusion of an agreement with us;
  • Legislative authorities:
    o We may collect personal information from registered legislative authorities such as, but not limited to The South African Revenue Services (SARS), The Companies and Intellectual Property Commission (CIPC), etc.
  • Third Parties:
    o We may also collect personal information from third parties such as your employing organisation, regulatory authorities, recruitment agencies, credit reporting agencies, information or service providers, and publicly available records.

6. How we use your Personal Information

We process your personal information under the following lawful bases as per POPIA Section 11:

  • Where we have obtained your explicit consent;
  • Where it is necessary for the performance of a contract;
  • Where we have a legal obligation to do so;
  • Where processing is necessary for our legitimate business interests, provided your rights do not override these interests.

The core base or reasoning for the use of your personal information will be one of the following:

  • Customer information:
    o to provide services or sell products to you as our customer;
    o to fulfil our contractual obligation to you;
    o to retain and make information available to you on our website and other information platforms;
    o to maintain and update our customer and potential customer databases; and/or
    o debt tracing and debt recovery.
  • Supplier information:
    o to make use of your services to us or purchase a product from you;
    o to fulfil our contractual obligation to you; and/or
    o to create supplier profiles on our systems, pay suppliers, and for general supplier administration.
  • Direct marketing:
    o to conduct market research surveys;
    o to offer you information and content which is more appropriately tailored for you as far as reasonably possible;
    o to provide you with the latest information about our products and services or events if you have agreed to receive such information; and/or
    o campaign tracking and reporting.
  • Communications:
    o to communicate with you as a customer, supplier and/or employee. These communications will be deemed a requirement in order to carry out our instructions, requests, legal obligation and/or services to you; and/or
    o to maintain and constantly improve our relationship with you.
  • Legal and regulatory obligations:
    o to comply with legal and regulatory obligations set out by applicable legislation and laws;
    o to comply with our statutory obligations, including client identification and verification as part of our screening clients and visitors’ health when accessing our premises to comply with Covid-19 regulations and protocols; and/or
    o to comply with auditing and record keeping requirements.
  • Employee information:
    o to comply with the employment equity act requirements; and/or
    o to transact and interact with the employee in order to perform the tasks and function required of the position fulfilled.

7. Disclosure of your Personal Information

We will not generally share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis or requirement for doing so.

We rely on third-party service providers to perform a variety of services on our behalf, including but not limited to: financial statement preparation, auditing, company registration and secretarial compliance, assisting with tax related queries on behalf of the company and employees, BEE certification, data analytics, valuation determinations, IT service providers and payment processing through banking services.

Any third parties with whom we share personal information are contractually required to implement appropriate data protection and security measures to protect personal information and are not permitted to use personal information for any purpose other than the purpose for which they are provided with or given access to personal information.

Under certain circumstances we are required by various laws (as amended) to collect and share your personal information. These laws include, but are not limited to the below:

  • Basic Conditions of Employment Act, 75 of 1997
  • Income Tax Act, 58 of 1962
  • Occupational Health and Safety Act, 85 of 1993
  • Companies Act, 71 of 2008
  • Compensation of Occupational Injuries and Diseases Act, 130 of 1993
  • Skills Development Act, 97 of 1998
  • Disaster Management Act, 57 of 2002
  • Tax Administration Act, 28 of 2011
  • Employment Equity Act, 55 of 1999
  • Value Added Tax Act, 89 of 1991
  • Labour Relations Act, 66 of 1995
  • National Qualifications Framework Act 67 of 2008

8. Safeguarding your Personal Information

We store your personal information on:

  • Our premises, in the form of hard copies;
  • The premises of third-party service providers such as document storage service providers;
  • Our servers; and/or
  • On the servers of our third-party service providers, such as IT systems or hosting service providers.

We take the privacy and security of your personal information seriously. We have implemented reasonable security safeguards to protect the personal information provided to us. For example, all electronic data obtained and retained through and by our servers, operating and ERP systems are controlled, safeguarded and monitored through the implementation and adherence to our Cyber Security Policies in place.

You can play a role in protecting your information by never sharing your username, PIN or password with anyone or submitting it to a website you don’t recognise. Always log off after a web session and change your password regularly. We regularly monitor our systems for possible vulnerabilities and attacks. No system is perfect so we cannot guarantee that information may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards.

Please note that any email you send to us is not encrypted and may be monitored by us. Please do not send us sensitive or confidential personal information by email.

We protect your personal information in accordance with our Cyber Security and Data Governance Policies, applying strong safeguards to minimise risks to your privacy. Although no system can eliminate all security threats, we have measures in place to reduce risks effectively. If a data breach affecting your personal information occurs, we will follow data privacy legislation and our internal Cyber Security Policies to notify you. We also apply a Data Retention Policy, keeping personal information only as long as necessary for business or legal purposes, after which it is securely deleted or destroyed.

9. Your rights to access and amend your Personal Information

You have the right to know what personal information we have about you, to correct it and to opt out of any marketing.

You have the right to:

  • ask what personal information we hold about you;
  • ask what information was sent to our suppliers, service providers or any other third-party;
  • ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you;
  • unsubscribe from any direct marketing communications we may send you;
  • block all cookies by setting your browser to do so;
  • object to the processing of your personal information; and/or
  • withdraw consent which you previously gave to the processing of your Personal Information.

It can take us up to 21 days to respond to your request and we may charge a small fee.

If you request that we delete all personal information we have about you, please note that this may impact our ability to maintain our relationship with you. Certain information is required for us to comply with legal obligations or to fulfil contractual commitments (e.g., tax, UIF, or employment records). Therefore, we may not be able to delete your information if we are required by law to retain it or if we need it to protect our legal rights. In such cases, deletion will not be possible, and termination of agreements may be required.

10. Notification of changes to the Privacy Policy

To the extent allowed by the law, this Privacy Policy may be amended and updated from time to time at our sole discretion, without notice, provided that if we do so, we will post the revised policy on our website and we will take reasonably practicable steps to inform you of the updated Privacy Policy.

Accordingly, please check this Privacy Policy for changes periodically. If you continue to engage with us, provide products or services to us or access or use our website and/or products and services after amendments are made to the Privacy Policy and displayed on our website, you will be deemed to have accepted the updated Privacy Policy.

11. How to contact us

If you would like to access, correct, amend or delete any personal information we have about you, you are invited to contact our Information Officer through the following methods:

  • Information Officer: Cobus de Villiers
  • Deputy Information Officer: Martie Mulder
  • Group Compliance Officer: Mart-Ane Botha
  • Email address: popia@managedpeoplesolutions.com
  • Physical Address: 11 London Circle, Brackengate Business Park, Brackenfell, Western Cape
  • Postal Address: PO Box 51, Brackenfell, Western Cape, 7561

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you also have the right to lodge a complaint with the Information Regulator of South Africa via email at inforeg@justice.gov.za. Further details about the Information Regulator can be found at https://www.justice.gov.za/inforeg/