Platform Features
Join the world’s leading organizations that trust Lumi Global with their critical meetings.
Join the world’s leading organizations that trust Lumi Global with their critical meetings.
Lumi Global has acquired Assembly Voting, a technology company specializing in end-to-end verifiable, cloud-based voting and election solutions.
The Protection of Personal Information Act (PoPI) is South Africa’s equivalent of the EU GDPR, and officially commenced on 1 July 2021. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
The Act applies to anyone who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently. It therefore sets the minimum standards for the protection of personal information. It regulates the “processing” of personal information. “Processing” includes collecting, receiving, recording, organising, retrieving, or using such information; or disseminating, distributing or making such personal information available. The Act will also relate to records which you already have in your possession.
The purpose of this public corporate statement is to highlight and demonstrate to our customers the measures we have put in place to ensure compliance with PoPI where we hold or process personal data on your behalf.
Personal information can only be processed:
A Responsible Party has to collect personal information directly from the “data subject”, unless:
This information is contained in some public record or has been deliberately published by the data subject.
collecting the information from another source does not prejudice the subject;
it is necessary for some public purpose; or to protect your own interests;
obtaining the information directly from the subject would prejudice a lawful purpose or is not reasonably possible.
Lumi is;
As part of our preparation process for PoPI, we continue to review and update all of our internal processes, procedures, policies, documentation and systems. We will be complying with PoPI as a data processor and controller and we have been working with our suppliers and third party vendors to ensure that collectively we can meet our obligations and your requirements.
Throughout our journey to PoPI compliance we have been working closely with independent experts and advisors to ensure we have the expertise needed to comply with the regulation. We view PoPI as a continual project which will require monitoring, improvement and management over time.
At Lumi we treat information security with the utmost importance and we are already aligned with a number of industry best practice standards that concentrate on cyber security such as ISO/IEC 27001 and PCI-DSS.
With regards to our customers, third party suppliers or vendors and any sub-processors - We have been working closely with all parties to ensure their compliance too. Contracts and agreements have been reviewed and we ensure that the necessary organisational and technical controls, policies and procedures are in place so that we are satisfied with the confidentiality, integrity and availability of your data.
A ‘data breach’ is not defined in PoPI, but it generally refers to the access or acquisition of personal information by an unauthorised person. Where a data breach occurs, there exists an obligation on the responsible party to report the breach to (i) the Information Regulator; and (ii) the affected data subject (subject to certain limitations).
The notification must be made in writing as soon as reasonably possible after the discovery of the data breach. The notification must provide the data subject with sufficient information to allow the data subject to take protective measures against the potential consequences of the data breach.
Apart from any data breach notification obligations set out in PoPI, there may be additional contractual obligations regarding what an organisation must do in the event of a data breach as set out in agreements with its suppliers, customers, or set out in its privacy policy.
Non-compliance with the obligation to notify is a breach of PoPI and may, upon conviction of certain offences, lead to imprisonment, a fine, or both. To the extent that there are notification or other obligation in contract, an organisation must ensure adherence thereto to avoid a contractual breach.
In the event of a data breach, we would aim to provide our customer with the following;
Everyone has the right to be informed if someone is collecting their personal information, or if their personal information has been accessed by an unauthorised person. In addition, they have the right of access to their personal information and to require that personal information be corrected or destroyed, or they may object to their personal information being processed.. Lumi is committed to working closely with its customers on whose behalf we hold and process data. Through this collaboration we can best determine how to manage;
For more detailed information about these rights, please review our global Privacy Policy.
As mentioned above, we now treat PoPI as an everyday part of Lumi life. In this section we’ve included some of the measures we have already taken or continue to take and the work we have completed on our road to compliance.
Information Officer, South Africa:
Andrej Vladar
Andrej.vladar@lumiglobal.com
Deputy Information Officer, South Africa:
Karmen Vladar
Karmen.vladar@lumiglobal.com
For more information about how we handle personal information, please review our Privacy Policy, https://www.lumiglobal.com/privacy-policy.
To keep you updated on how we comply with legislation, we may update this statement from time to time, which will always be published here on our website.
This Lumi document has been classified as ‘Public’. This means that Lumi has deemed that the information contained herein is freely available outside of the business or is intended for public use.