Privacy Policy (PAIA Manual)

 

Effective Date: 30 June 2025
Version: 2.0
Document number: TKS-POL-03

Tokiso Dispute Settlement (Pty) Ltd

Introduction

1. Tokiso Dispute Settlement (Pty) Ltd (“we”) respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”), the Promotion of Access to Information Act, 2000 (“PAIA”), and Tokiso’s Information Security Management Systems (ISMS).
2. This Privacy Policy (or PAIA Manual) explains how we collect, use, store, share and protect your personal information, and your rights as a data subject.

Definitions

3. “Personal Information” means information that can identify you as an individual or relate to you as an identifiable natural or juristic person.
4. “Data Subject” means the person to whom the personal information relates.
5. “Processing” means any operation or activity concerning personal information, including collection, storage, use, dissemination, or destruction.
6. “Information Officer” means the person responsible for ensuring POPIA and PAIA compliance within Tokiso.

Information Officer Contact Details

7. The appointed Tokiso Information Officer is Tanya Venter who may be contacted at tanya@tokiso.co.za or (+27) 011 853 6300.
8. The appointed Tokiso Deputy Information Officer is Kerith Kieser who may be contacted at kerith@tokiso.co.za or (+27) 011 853 6300.
9. The Tokiso offices are at 10^th Floor, Fredman Towers, 13 Fredman Drive, Sandton, 2196.

Categories of Information Available

10. Certain records are available without a requester having to request access thereto. This includes your personal details stored on Tokiso’s systems and Tokiso’s terms and conditions of service.

Categories of Data Subjects and Personal Information Collected

11. We may collect and process personal information from the following categories of data subjects:

• Clients
• Parties and their representatives
• Employees and job applicants
• Panellists
• Panellists’ next of kin
• Suppliers and service providers
• Website users
• Course participants

12. The types of personal information we collect may include:

• Full name, title, ID or passport number
• Contact details (email address, phone number, physical and postal address)
• Banking details
• Employment history and qualifications
• Demographic details (age, race, gender, etc.)
• Case-related and training-related documents
• IP address and browser data from website visits

13. Should your personal information change, please inform us and provide us with updates as soon as reasonably possible to enable us to update your records.
14. You may choose to provide additional personal information to us, in which event you agree to provide accurate and current information, and not to impersonate or misrepresent any person or entity.

Purpose of Processing Personal Information

15. We may process your personal information for the following purposes:

• To deliver our services
• To manage and administer processes, bookings, training and workshops
• For compliance with legal and regulatory obligations
• To manage service providers, suppliers and contracts
• To contact you regarding new services by us or any of our divisions or partners (unless you have opted out)
• To inform you of new services, features and special offers by us or our partners
• For reporting, analytics, and improvement of services

16. Through the use of our services and registration on Tokiso systems, you consent to your personal information being processed and stored for these purposes.
17. We will not, without your express consent, use your personal information for any purpose other than that stipulated above.

Sharing of Personal Information

18. We will not share your personal information with any third party except where:

• It is necessary for providing our services (e.g., case management, training administration)
• Required by law or legal process
• You have given your consent
• We are communicating with partners, panellists, or service providers who are bound by confidentiality

19. We may disclose your information to:

• Employees
• Panellists handling your matter
• Third-party service providers assisting us to interact with you properly and efficiently
• Suppliers and system administrators
• Training facilitators, organisers, and accrediting bodies
• Legal or regulatory authorities, if legally required
• The Information Regulator, upon lawful request

20. We are entitled to use or disclose your personal information if required to comply with any applicable law, court order or legal process served on us, or to protect and defend our rights or property.

Cookies and Tracking Technologies

21. Our website uses cookies to enhance user experience and analyse traffic. Cookies collect non-personally identifiable data. You may disable cookies in your browser settings, although some features of our website may be unavailable as a result.

Transborder Information Flows

22. Your personal information may be transferred outside South Africa where:

• The foreign jurisdiction provides adequate data protection
• The information is stored outside South Africa on a cloud-based service
• You consent to the transfer
• It is necessary for the performance of a contract (e.g., virtual services)
• Appropriate contractual safeguards are in place

Security of Personal Information

23. We implement technical and organisational measures to safeguard personal information, including secure cloud platforms, two-factor authentication for internal systems, and anti-malware and firewall protection.
24. Our employees with access to your personal information are bound by appropriate confidentiality obligations.
25. We will treat your personal information as strictly confidential, protect it against unauthorised or unlawful processing, and provide you access to view and update it.
26. Tokiso will not sell or make your personal information available to any third party other than as provided in this policy, unless compelled by law. In the event of a fraudulent online payment, Tokiso may disclose relevant personal information for investigation purposes.
27. While we take all reasonable steps to protect your privacy, we cannot guarantee or accept liability for unauthorised disclosures by third parties not under our control, unless due to our gross negligence.
28. If you disclose your personal information to a third party (e.g., another website), Tokiso is not liable for any loss arising from such disclosure. You should always read that third party’s privacy policy.

Data Subject Rights

29. You have the right to:

• Access your personal information
• Request correction, deletion, or restriction
• Object to processing (especially direct marketing)
• Withdraw consent at any time
• Lodge a complaint with the Information Regulator

30. Upon written request, we will destroy your personal information in our possession or control.

31. Information Regulator Contact Details:
    Website: inforegulator.org.za
    Email: complaints.IR@justice.gov.za | PAIAComplaints@inforegulator.org.za
    Tel: 010 023 5200

Data Retention

32. We will retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Thereafter, data is deleted or anonymised unless consent is given for longer storage.

PAIA Manual and Access to Records

33. Our PAIA Manual is available at our head office for inspection during office hours.

The manual includes:

• Available records without request
• Categories of records and applicable legislation
• Process for making a PAIA request
• Contact details of the Information Officer and deputies
• Information about the PAIA Guide and how to access it

Updates to This Policy

34. We may amend this policy from time to time. The latest version will always be available on our website. Continued use of our services indicates acceptance of the policy in effect at the time.

Questions

35. If you have any questions regarding this policy or wish to exercise any of your rights, please contact us at info@tokiso.co.za or speak to the Information Officer directly.