Compliant with the Protection of Personal Information Act (POPIA), South Africa
1. Introduction
ClarionCall ("we", "our", or "us") is committed to protecting your personal information and respecting your privacy in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African laws.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our emergency response coordination platform.
2. Information We Collect
We collect the following categories of personal information:
Identity Information: First name, last name, email address
Contact Information: Cell phone number
Employment Information: Company name, section/department, team assignment, shift assignment, role within emergency response structure
Availability Information: Leave dates, training schedules, unavailability records
Activity Data: Login times, response to emergency alerts, incident participation records
Technical Data: Session information for authentication purposes
3. Purpose of Processing
We process your personal information for the following lawful purposes:
Emergency Response Coordination: To enable rapid deployment and coordination of emergency response teams in industrial facilities
Team Management: To assign you to teams, shifts, and emergency response duties
Incident Tracking: To record your responses to emergency incidents for reporting and compliance purposes
Availability Planning: To track leave and unavailability for emergency coverage planning
Authentication: To verify your identity and provide secure access to the platform
Compliance: To meet obligations under the Occupational Health and Safety Act (OHSA) 85 of 1993
4. Legal Basis for Processing
We process your personal information based on:
Your Consent: You provide explicit consent when registering for the platform
Legitimate Interest: Emergency response coordination serves the legitimate safety interests of your employer and co-workers
Legal Obligation: Compliance with OHSA requirements for emergency preparedness
Contract Performance: Provision of emergency response services as agreed with your employer
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
Encrypted password storage using industry-standard bcrypt hashing
Secure session management with HTTP-only cookies
Database encryption for data at rest
Role-based access controls to limit data access
Regular security reviews and updates
6. Data Retention
We retain your personal information for:
Active Users: For the duration of your employment or association with the registered company
Incident Records: As required by OHSA regulations (minimum 3 years)
Deactivated Accounts: Records may be retained in deactivated state for compliance purposes
You may request deletion of your data at any time, subject to legal retention requirements.
7. Data Sharing
Your personal information may be shared with:
Your Employer: Company administrators and managers have access to your profile and emergency response records
Team Leaders: Have access to team member information for coordination purposes
Emergency Services: Contact information may be shared during emergency incidents if required
Legal Authorities: When required by law or court order
We do not sell your personal information to third parties.
8. Your Rights Under POPIA
You have the following rights regarding your personal information:
Right to Access: Request a copy of your personal information
Right to Rectification: Request correction of inaccurate information
Right to Erasure: Request deletion of your personal information
Right to Object: Object to processing of your information
Right to Data Portability: Receive your data in a portable format
Right to Withdraw Consent: Withdraw your consent at any time
To exercise these rights, please use the data management features in your account settings or contact your company's Information Officer.
9. Account Deletion
You may request deletion of your account at any time through the platform. Upon receiving a deletion request:
Your account will be deactivated immediately
Your personal data will be deleted within 30 days
Incident response records may be retained in anonymized form for compliance
You will receive confirmation of deletion
10. Cross-Border Transfers
Your data is stored on servers that may be located outside South Africa. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with POPIA requirements.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the platform or via email. Your continued use of the platform after changes constitutes acceptance of the updated policy.
12. Contact Information
For questions about this Privacy Policy or to exercise your rights, please contact:
Information Officer: Your company's designated Information Officer
Email: Contact your company administrator
You also have the right to lodge a complaint with the Information Regulator of South Africa:
Website: www.justice.gov.za/inforeg/
Email: complaints.IR@justice.gov.za
This Privacy Policy was last updated in December 2024 and is compliant with POPIA.