PRIVACY POLICY

Name of Entity: Evsol EventSafe Specialised Services (Pty) Ltd

Registration Number: 2012/226620/07

Telephone Number: 0861 911 211

Email: george@evsol.co.za

Introduction

We are committed to protecting personal information and this privacy statement describes why and how we collect and use personal information and provides information about your rights in relation to personal information.

This Privacy Policy applies to personal information provided to us by participants in our Client Management Framework. We may use personal information provided to us for any of the purposes described in this privacy statement, or as otherwise stated at the point of collection.

In this Privacy Statement, we refer to information about you, or information that identifies you as “Personal Information”, and refer to the handling, collecting, protecting, or storing of your personal information as “processing” such personal information.

We process personal information for numerous purposes, and we are committed to being transparent about why and how we process personal information.

Personal Information Collected

During our engagement with entities in our client management framework process, we may collect the following information from our clients:

Name, identity number, passport number, registration number, contact details, addresses, tax and VAT reference numbers, next of kin, transaction history with clients, service level agreements, history of telephonic conversations, formal communications, bank account numbers, credit history and ratings, home language, as well as security-related information.

Security-related information includes, but is not limited to vehicle registration number, location information, passwords/safe words for security systems, installation details with respect to security installations, secure routes, details of paroles, particulars relating to C.I.T. activities, CCTV footage, and information incidental to scanning systems, security incidents, etc.

Source of Information

Most of the information regarding our clients will be obtained from the client except with respect to the following:

· Information pertaining to the client's credit history and rating may be collected from established credit bureaus;

· Security-related information may be collected from security sub-contractors, including but not limited to, armed response operators, installers, security consultants and advisers, etc.

Purpose of Processing

We collect personal information from our clients with the sole purpose of administering, managing and developing our businesses and services, and in pursuing our contractual obligations towards our clients.

Legal Grounds for Processing Personal Information

We rely on one or more of the following processing conditions in processing personal information within our client management framework:

· To carry out actions for the conclusion of performance of a contract with our clients; and

· To protect the legitimate interests of our clients; and

· To pursue the legitimate interests of Evsol EventSafe Specialised Services (Pty) Ltd; and

· Processing complies with an obligation imposed by law on the Entity including, but not limited to, the Value Added Tax Act, No. 89 of 1991, the Income Tax Act No. 58 of 1962 and the Private Security Industry Regulation Act 56 of 2001;

· Where no other processing condition is available if you have agreed to us processing your personal information for the relevant purpose.

Retention

In Respect of Financial Information:

Personal information collected in our procurement process is either retained in electronic format or in hard copies. Hard copies of financial information are retained under the supervision of the Entity’s finance department in lockable cabinets, or rooms with restricted access. Electronic copies of the personal information are retained in accordance with our information resources policy.

Financial information will be retained for as long as we engage the client in our Client Management Framework, or for a period of five years thereafter, and more specifically, in terms of the Value Added Tax Act, No. 89 of 1991 and Income Tax Act No. 58 of 1962.

In Respect of Security-Related Information:

Security-related information poses a severe threat to the personal information of the client and breaches thereof may be extremely severe.

Hard copies of security-related information shall be kept in separate lockable cabinets, or rooms with restricted access, and booked out against persons accessing this information by means of a register, whilst access to the electronic copies will be restricted, and protected by passwords as per our electronic resources policy.

Destruction

Personal information will be destroyed by ordinary deletion in case of electronic records, or by shredding or incineration with respect to hard copies.

Destruction of security-related information will be subject to shredding or incineration, with respect to hardcopies, under the supervision of a responsible person, whilst electronic copies will be destroyed by overwriting the relevant data.

Further Processing

Further processing of personal information which is not compatible with the original purpose for which it was collected shall not be allowed without the client's consent.

Transfer of Personal Information

Cross-Border Transfers:

Processing of the personal information of our clients in the client management process may require the Entity to engage in cross-border transfer of personal information, which will mostly be limited to cloud storage facilities, and online software accounting systems, that may be operated from outside the borders of the Republic of South Africa. Evsol EventSafe Specialised Services (Pty) Ltd shall, however, ensure that cross-border processors comply with the general requirements, with respect to our Third-Party Processors Policy.

Third-Party Processors

Evsol EventSafe Specialised Services (Pty) Ltd may transfer or disclose the personal information we collect/process to third party contractors, subcontractors and/or all their subsidiaries and affiliates, in providing its services in running and managing identity management, payroll systems, website hosting and management, information analysis, remote software, backup, security and cloud storage services.

Third-party process is will be obliged to:

· Always process information only with the knowledge or authorization of the Entity; and

· Treat information which comes to their knowledge as confidential and not disclose it; and

· Immediately notify the Entity in the event that there are reasonable grounds to believe that the personal information of a client has been accessed or acquired by any unauthorized person.

Third-Party Processing, with respect to security-related services, which may include subcontracted armed response installers, security consultants and advisors are subject to confidentiality provisions contained in the Private Security Industry Regulation Act, No.56 of 2001, and concomitant regulations, as well as a confidentiality agreement for Third Party Processors of security-related information, which is also aligned with the general principles applicable to general Third Party Processors.

Disclosure of Personal Information

We may disclose personal information under the following circumstances:

· To professional advisors, e.g. law firms, as is necessary to establish, exercise or defend our legal rights, and obtain advice in connection with the running of our business. Personal information may be shared with these advisors as necessary, in connection with the services they have been engaged to provide;

· When explicitly requested to do so by clients;

· To law enforcement, regulatory and other government agencies, and professional bodies, as required by and/or in accordance with applicable law or regulation. We may also review and use your personal information to determine whether the disclosure is required or permitted. The South African Police Services and the Private Security Industry Regulator are examples of the above.

· Security subcontractors include, but are not limited to, armed response operators, installers, security consultants and advisers, etc.

Processing by Means of Information Technology

The processing of personal information by means of computers, mobile devices, networks, and servers are safeguarded in terms of our Information Resources Policy, which provides for the creation and maintenance of backup facilities and procedures, the installation and regular updating of antivirus and firewall software, and by subjecting our employees to a stringent Fair Use Policy, with respect to our information resources.

Processing by Employees

Evsol EventSafe Specialised Services (Pty) Ltd implements a generally accepted standard of security as far as our employees are concerned, through training, a Human Resources Policy, confidentiality agreements and awareness programmes, the Entity further procures special confidentiality undertakings from our employees pertaining to the protection of security related information.

Your Legal Rights in Relation to Personal Information

You are legally entitled to:

· Request the Entity to confirm, free of charge, whether or not the Entity holds any personal information about you; and

· Request the record or description of the personal information held by the entity about you; and

· Request the Entity to correct or delete personal information about you in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully; and

· Withdraw your consent for the processing of your personal information at any time, if the processing was dependent on only your initial consent; and

· Request that personal information be destroyed or deleted, subject thereto that the Entity is no longer authorized to retain the information in terms of Section 14 of the Protection of Information Act; and

· Be informed as to the purpose and method of processing your personal information

o Restrict the processing of your personal information:

¤ For a period to allow for the verification of the accuracy of such information where you contested

the accuracy thereof;

¤ If your personal information has been unlawfully processed and you request the restriction of processing instead of deletion;

¤ Your personal information is no longer necessary in relation to the purpose for which it was initially collected and processed, but the personal information is required by you to establish exercise or defend legal claims; or

¤ For a period of time, in order to grant us the opportunity to verify whether the legitimate grounds relied on by us, take preference over your interests, in the situation where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.

o The right to object to the processing of your personal information where:

¤ Processing was based on protecting your legitimate interest;

¤ The legal justification for processing is necessary for a legitimate interest pursued by us or a third party; or

¤ the processing is for direct marketing purposes.

Lodge a complaint with the information regulator with respect to the processing of your personal information, which complaint can be directed to the Information Regulator, JD house, 27 Steimens Street, Braamfontein, Johannesburg, 2001, or to complaints.IR@justice.gov.za