PRIVACY POLICY

Last Updated: December 2024

Compliant with the Protection of Personal Information Act (POPIA), South Africa

1. Introduction

ClarionCall ("we", "our", or "us") is committed to protecting your personal information and respecting your privacy in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our emergency response coordination platform.

2. Information We Collect

We collect the following categories of personal information:

  • Identity Information: First name, last name, email address
  • Contact Information: Cell phone number
  • Employment Information: Company name, section/department, team assignment, shift assignment, role within emergency response structure
  • Availability Information: Leave dates, training schedules, unavailability records
  • Activity Data: Login times, response to emergency alerts, incident participation records
  • Technical Data: Session information for authentication purposes

3. Purpose of Processing

We process your personal information for the following lawful purposes:

  • Emergency Response Coordination: To enable rapid deployment and coordination of emergency response teams in industrial facilities
  • Team Management: To assign you to teams, shifts, and emergency response duties
  • Incident Tracking: To record your responses to emergency incidents for reporting and compliance purposes
  • Availability Planning: To track leave and unavailability for emergency coverage planning
  • Authentication: To verify your identity and provide secure access to the platform
  • Compliance: To meet obligations under the Occupational Health and Safety Act (OHSA) 85 of 1993

4. Legal Basis for Processing

We process your personal information based on:

  • Your Consent: You provide explicit consent when registering for the platform
  • Legitimate Interest: Emergency response coordination serves the legitimate safety interests of your employer and co-workers
  • Legal Obligation: Compliance with OHSA requirements for emergency preparedness
  • Contract Performance: Provision of emergency response services as agreed with your employer

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encrypted password storage using industry-standard bcrypt hashing
  • Secure session management with HTTP-only cookies
  • Database encryption for data at rest
  • Role-based access controls to limit data access
  • Regular security reviews and updates

6. Data Retention

We retain your personal information for:

  • Active Users: For the duration of your employment or association with the registered company
  • Incident Records: As required by OHSA regulations (minimum 3 years)
  • Deactivated Accounts: Records may be retained in deactivated state for compliance purposes

You may request deletion of your data at any time, subject to legal retention requirements.

7. Data Sharing

Your personal information may be shared with:

  • Your Employer: Company administrators and managers have access to your profile and emergency response records
  • Team Leaders: Have access to team member information for coordination purposes
  • Emergency Services: Contact information may be shared during emergency incidents if required
  • Legal Authorities: When required by law or court order

We do not sell your personal information to third parties.

8. Your Rights Under POPIA

You have the following rights regarding your personal information:

  • Right to Access: Request a copy of your personal information
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your personal information
  • Right to Object: Object to processing of your information
  • Right to Data Portability: Receive your data in a portable format
  • Right to Withdraw Consent: Withdraw your consent at any time

To exercise these rights, please use the data management features in your account settings or contact your company's Information Officer.

9. Account Deletion

You may request deletion of your account at any time through the platform. Upon receiving a deletion request:

  • Your account will be deactivated immediately
  • Your personal data will be deleted within 30 days
  • Incident response records may be retained in anonymized form for compliance
  • You will receive confirmation of deletion

10. Cross-Border Transfers

Your data is stored on servers that may be located outside South Africa. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with POPIA requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the platform or via email. Your continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact:

  • Information Officer: Your company's designated Information Officer
  • Email: Contact your company administrator

You also have the right to lodge a complaint with the Information Regulator of South Africa:

  • Website: www.justice.gov.za/inforeg/
  • Email: complaints.IR@justice.gov.za

This Privacy Policy was last updated in December 2024 and is compliant with POPIA.