Privacy Policy

Protection of
Personal Information Act - 2021


Varnfield & Maritz is committed to compliance with The Protection of Personal Information (POPI) Act and will always:

  • Sufficiently inform Data Subjects (hereafter referred to as “Customers/s”) as to the specific purpose for which we will collect and process their personal information;
  • Protect Personal Information from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.

All employees are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.

Service Providers that provide IT and/or Off-site Data Storage services to our organisation must satisfy us that they provide adequate protection of data held by them on our behalf.

Policy Principles:

Accountability for Data to be collected

  • We shall take reasonable steps to safeguard all Data and Personal Information collected from Customers for the purpose of providing the best service possible.

Processing Limitation/Purpose for Data Collection

  • We will collect personal information directly from Customers.
  • Once in our possession we will only process or further process Customer information with their consent, except where we are required to do so by law. In the latter case we will always inform the Customer.

Limitation on Further Processing

  • Personal information may not be further processed in a way that is incompatible with the initial purpose for which it was collected and will only be done with the express consent of the Customer.

Information Quality

  • We shall ensure that Customer information is complete, up to date and accurate before we use it. We will request Customers, at least once annually, to update their information and confirm that we may continue to store/retain same. If we are unable to contact a Customer their information will be deleted from our records.

Data Security

  • We will implement sufficient measures to guard against the risk of unlawful access, loss, damage or destruction of personal information that is held:
    • Physically;
    • In our electronic data base;
    • By a Data Storage Service Provider;
    • In any electronic devices (that will be Password protected).
  • Data encryption of storage devices will be installed.
  • We are committed to ensuring that information is only used for legitimate purposes with Customer consent and only by authorised employees of our agency.

Participation of Individuals / Complaints

  • Customers are entitled access to, and to correct any information held by us.
  • Complaints should be submitted in writing to the Information Officer for Resolution.
  • Requests to Access, Correct or Delete information must be made on the attached Annexures 1 and 2 and submitted to the Information Officer.

Operational Considerations


  • The Board/Management and Information Officer are responsible for ensuring adherence to Standard Operating Procedures.
  • All employees and individuals directly associated with sales activities will be trained in the regulatory requirements governing the protection of Personal Information.
  • We will conduct periodic reviews and audits, where appropriate, to ensure compliance with this policy and guidelines.

Policy Compliance

  • Breach/es of this policy could result in disciplinary action and termination of employment.