CONFIDENTIALITY, DATA PROTECTION & SECURITY POLICY

South African Furniture Initiative (SAFI)

Effective Date: 1 March 2025
Last Updated: 1 March 2025

The South African Furniture Initiative (SAFI) is committed to safeguarding the privacy and security of personal and business data in compliance with the Protection of Personal Information Act (POPIA) and other applicable data protection laws. This policy outlines how we collect, process, store, and protect confidential information, ensuring transparency and accountability in all interactions with our members, associates, and stakeholders.

1. INTRODUCTION

SAFI respects the privacy of its members, partners, and website visitors. We are committed to protecting personal and business data through strict confidentiality, secure storage, and controlled access, ensuring compliance with POPIA (Act 4 of 2013).

This policy applies to all users of the SAFI web framework, including:

      • Full Members (Manufacturers)

      • Associate Members (Furniture Sales Professionals)

      • Website Visitors

      • SAFI Employees, Contractors, and Service Providers

By using SAFI’s website, digital platforms, and membership services, users consent to the collection, processing, and storage of their data as outlined in this policy.

2. COLLECTION OF PERSONAL & BUSINESS DATA

SAFI collects and processes personal and business data solely for the purpose of industry collaboration, business facilitation, and member engagement.

2.1. Data We Collect

We may collect the following types of data:

      • Personal Information: Name, contact details (phone number, email address), job title, and business affiliation.

      • Business Information: Company name, industry sector, physical address, registration details, and operational focus.

      • Digital Information: IP addresses, browser type, device information, website usage data, and cookies.

      • Member Account Information: Login credentials, activity history, and engagement with SAFI services.

2.2. How We Collect Data

SAFI collects data through:

      • Direct interactions: When users register, submit inquiries, or engage in SAFI’s programs.

      • Automated technologies: Website analytics, cookies, and digital tracking tools.

      • Third-party sources: Public directories, industry networks, or authorised partners.

All data collection adheres to the principles of lawfulness, fairness, and transparency as per POPIA.

3. PURPOSE OF DATA PROCESSING

SAFI processes personal and business data for legitimate business purposes, including but not limited to:

      • Facilitating industry collaboration between manufacturers and sales professionals.
      • Providing access to SAFI’s Industry Catalogue, Full Members Directory, Tender Bulletin, and Employment Portal.
      • Managing membership registrations, renewals, and updates.
      • Enhancing website functionality and user experience.
      • Ensuring compliance with industry regulations and governance frameworks.
      • Communicating industry news, events, and SAFI-related updates.

We do not sell, rent, or distribute personal or business data to third parties for marketing purposes.

4. DATA SECURITY & PROTECTION MEASURES

SAFI implements appropriate technical and organizational measures to ensure the security of all personal and business data. These measures include:

4.1. Access Control & Confidentiality

      • Access to personal and business data is restricted to authorized personnel only.

      • Members are responsible for maintaining the confidentiality of their login credentials.

      • Any breach of confidentiality by SAFI staff, contractors, or service providers will result in disciplinary action and potential legal consequences.

4.2. Data Encryption & Secure Storage

      • Data is stored on secure servers with encryption protocols.

      • All online transactions and communications are protected through SSL encryption.

4.3. Regular Security Audits & Compliance Checks

      • SAFI conducts regular audits to ensure compliance with POPIA and cybersecurity best practices.

      • Any vulnerabilities identified will be immediately addressed to prevent data breaches.

4.4. Third-Party Service Providers

      • SAFI only works with reputable third-party service providers who comply with POPIA and other data protection laws.

      • Any external partners handling SAFI data are required to sign confidentiality and data protection agreements.

5. DATA SHARING & THIRD-PARTY DISCLOSURE

5.1. SAFI will never share, sell, or rent personal or business data to unauthorized third parties.

5.2. Data may only be shared in the following cases:

      • With the express consent of the individual or business entity.

      • When required by law, regulation, or legal process.

      • With trusted third-party service providers engaged in SAFI’s operations (subject to strict confidentiality agreements).

5.3. SAFI ensures that all third-party partnerships comply with POPIA’s conditions for lawful data processing.

6. MEMBER RIGHTS & DATA CONTROL

SAFI members and website users have the following rights under POPIA:

      • Right to Access: Request access to the personal and business data SAFI holds about them.

      • Right to Correction: Request corrections or updates to their data.

      • Right to Deletion: Request the deletion of their data under lawful conditions.

      • Right to Object: Object to the processing of their data for specific purposes.

      • Right to Data Portability: Request a copy of their data in a structured, commonly used format.

To exercise these rights, members may contact SAFI’s Data Protection Officer at web@southafricanfurnitureinitiative.co.za

7. DATA RETENTION POLICY

7.1. SAFI retains personal and business data only as long as necessary for the purposes outlined in this policy.

7.2. Inactive accounts and outdated business records will be securely deleted after a reasonable period unless required for compliance, legal, or reporting obligations.

7.3. Upon termination of membership, SAFI will remove or anonymize personal and business data unless retention is required by law.

8. BREACH NOTIFICATION & INCIDENT RESPONSE

8.1. In the event of a data breach, SAFI will:

      • Immediately investigate the breach and assess its impact.

      • Notify affected individuals and authorities as required under POPIA.

      • Take necessary measures to mitigate risks and prevent future breaches.

8.2. Members are encouraged to report any suspected data breaches or security concerns to SAFI’s Data Protection Officer at [Insert Contact Email].

9. POLICY UPDATES & CONTACT INFORMATION

9.1. SAFI reserves the right to update this policy in response to legal, regulatory, or operational changes.

9.2. Members and users will be notified of any significant changes. The most recent version of this policy will always be available on our website.

For any questions or concerns regarding this policy, contact:

          📧 Data Protection Officer: web@southafricanfurnitureinitiative.co.za
          🌐 Website: www.southafricanfurnitureinitiative.co.za

By continuing to use SAFI’s website and services, you acknowledge that you have read, understood, and agree to abide by this Confidentiality, Data Protection & Security Policy.

Please enable JavaScript in your browser to complete this form.