This Website Privacy Notice applies to personal information that the Company collects through this website: www.ttctrials.co.za.
Cookies means A small text file (up to 4KB) created by a website that is stored in the user’s computer either temporarily for that session only or permanently on the hard disk (persistent cookie). Cookies provide a way for the website to recognize you and keep track of your preferences,
Data means information in electronic form;
Data subject means the person to whom personal information relates;
IP address means a unique address that identifies a device on the Internet or a local network; Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
POPIA means the Protection of Personal Information Act 4 of 2013;
Company means the Information Company;
Traffic data means any data processed for the purpose of the conveyance of a communication on an electronic communications network in respect of that communication and includes data relating to the routing, duration or time of a communication;3
User means a person who uses a computer or other device to access this website; and
Web browser means an application used to access and view this website. Well know web browsers include Internet Explorer, Google Chrome and Safari.
2. PERSONAL INFORMATION
The Company does not collect personal information on this site unless you provide the Company with your personal information. If you provide personal information through this site, it will be held by the Secretariat of the Company.
There are places on the site where you can provide personal information, such as:
• emailing an enquiry to the Company
• registering for an event
• making a submission to the Company on a proposed code of practice, regulations or other public consultation
If you lodge a complaint, make a comment, or give feedback through the website, the Company will process your email address and other contact details, if provided.
3. USE AND DISCLOSURE
The Company will only use personal information that you provide through this website for the purposes for which you provided it.
The Company will not make your personal information available to any third party unless this is necessary for the purpose for which you provided the information (for instance to investigate a complaint).
The Company may use your personal information for the purposes of administering and improving the site, improving our services or communicating with you. The personal information you provide to us may be shared with operators to the extent necessary for them to administer and improve the website on our behalf.
The Company will only disclose your personal information to third parties in limited circumstances where authorised by POPIA (for instance to enable the South Africa Police Service to investigate a criminal offence).
4. WEBSITE ANALYTICS
You may visit the website without providing any personal information. The website servers will in such instances collect the IP address used by the data subject to access the website, but not the e-mail address or any other personal identifiable information. The information on IP addresses is aggregated to measure the number of visits, the average time spent at the website, pages viewed, etc. The Company analyses non identifiable traffic data to improve our services, via a third (3rd) party programme, namely Google Analytics.
The Company may collect, hold, and use statistical information about website visits to help us improve the website. Such information includes:
• Your IP address;
• The search terms you used;
• The pages accessed on the Company’s website and the links visitors clicked on
• The date and time you visited the website;
• The referring website (if any) through which you clicked through to the Company’s website; and
• The type of web browser you use (eg Internet Explorer, Mozilla or Firefox).
The traffic data is aggregated and is not personally identifiable. Our website analysis will also respect any “do not track” setting you might have set on your web browser.
6. LINKS TO SOCIAL NETWORKING SERVICES
The Company uses social networking services such as Twitter and Facebook and network sharing services such as ShareThis to communicate with the public about its work. When you communicate with the Company through these services, that social networking service may collect your personal information for its own purposes.
These services may track your use of the Company’s website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using the Company’s website, their tracking will be associated with your profile with those service providers.
7. YOUR RIGHT TO ACCESS AND CORRECT PERSONAL INFORMATION
The Company will provide you with access to any personal information that The Company holds about you. You may also request the Company to correct your personal information. Kindly contact the Company’s Information Officer to request access to your personal information or the correction of your personal information. You can ask to be removed from any of the Company’s subscription lists at any time.
PROTECTION OF PERSONAL INFORMATION AND THE RETENTION OF DOCUMENTS
PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT OF 2013
1. PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013, TTC, POPI POLICY
- 1.1 TTC is a company functioning within the Clinical Trial environment that is obligated to comply with The Protection of Personal Information Act 4 of 2013.
- 1.2 POPI requires TTC to inform their clients, employees and trial subjects as to the manner in which their personal information is used, disclosed and destroyed.
- 1.3 TTC is committed to protecting its client’s and trial subject’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.
- 1.4 The Policy sets out the manner in which TTC deals with their client’s, employee and trial subjects’ personal information as well as stipulates the purpose for which said information is used.
- 1.5 The Policy is made available on the TTC company website www.ttctrials.co.za and by request from their office.
PERSONAL INFORMATION COLLECTED
2. Section 9 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
3. TTC collects and processes personal information pertaining to the actual needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, TTC will inform the employee, client and study participant as to the information required and the information deemed optional. Examples of personal information we collect include, but is not limited to:
i. The Identity number, name, surname, address, postal code, marital status, and number of dependants;
ii. Residence and business address
iii. Medical history
iv. Any other information required by TTC or Contractors in order to provide an accurate analysis of the suitability for any specific role profile.
4. TTC aims to have agreements in place with all product suppliers, clinical trial subjects and third party service providers to ensure a mutual understanding with regard to the protection of personal information. TTC suppliers will be subject to the same regulations as applicable to TTC. For purposes of this Policy, it refer to potential and existing contractors, employees and trial subjects’.
THE USAGE OF PERSONAL INFORMATION
5. The Personal Information will only be used for the purpose for which it was collected and as agreed.
6. This may include:
i. Providing services to sponsors/third parties;
ii. Applications for open job opportunities;
iii. Confirming, verifying and updating client or trial subject details;
iv. Conducting market or customer satisfaction research;
v. For audit and record keeping purposes;
vi. In connection with legal proceedings;
vii. Providing TTC services to clients, to render the services requested and to maintain and constantly improve the relationship;
viii. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
7. According to section 10 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for TTC processing of Personal Information:
i. The contractors, employees and trial subjects’, consents to the processing: – consent is obtained from contractors, employees and trial subjects’, during the introductory, appointment and needs analysis stage of the relationship;
ii. The necessity of processing: in order to conduct an accurate analysis of the contractors, employees and trial subjects’ needs for purposes of the relationship.
iii. Processing complies with an obligation imposed by law on TTC;
iv. Processing protects a legitimate interest of the candidate — it is in the candidate’s best interest to have a full and proper needs analysis performed in order to provide them with an applicable and beneficial product or service.
v. Processing is necessary for pursuing the legitimate interests of TTC or of a third party to whom information is supplied — in order to provide TTC clients (sponsors) with services both TTC and any of our clients require certain personal information from the contractors, employees and trial subjects in order to make an expert decision on the unique and specific product and or service required.
DISCLOSURE OF PERSONAL INFORMATION
8. TTC may disclose personal information to any of the TTC subsidiaries, joint venture companies and or sponsors or third party service providers whose services require use of TTC has agreements in place to ensure compliance with confidentiality and privacy conditions.
9. TTC may also share personal information with, and obtain information from parties for the reasons already discussed above.
10. TTC may also disclose information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary in order to protect TTC rights.
11. It is a requirement of POPI to adequately protect personal information. TTC will continuously review its security controls and processes to ensure that personal information is secure.
12. The following procedures are in place to protect personal information:
i. TTC INFORMATION OFFICER is _______________ whose details are available below and who is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI.
ii. THIS POLICY has been put in place throughout TTC and training on this policy and the POPI Act will be conducted during May and June 2021 by TTC
iii. Each new employee will be required to sign an EMPLOYMENT CONTRACT containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
iv. Every employee currently employed within TTC will be required to sign an addendum to their EMPLOYMENT CONTRACTS containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;
v. TTC archived study information is stored off site at Metrofile which is also governed by POPI, access to retrieve information is limited to authorised personell.
vi. TTC product suppliers, insurers and other third party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information; this is however an ongoing process that will be evaluated as needed.
vii. Hard copies of personal information is stored in a lockable cabinet or rooms.
viii. Soft copies of information is stored on password protected servers and computers with access control and internal computer and IT policies.
ACCESS AND CORRECTION OF PERSONAL INFORMATION
13. Employees, clients, study subjects and contractors have the right to access the personal information TTC holds about them. They also have the right to ask TTC to update, correct or delete their personal information on reasonable grounds. Once someone objects to the processing of their personal information, TTC may no longer process said personal information. TTC will take all reasonable steps to confirm identity and access before providing details of their personal information or making changes to their personal information.
AMENDMENTS TO THIS POLICY
14. Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once a year. Employees Clients, contractors ad study subjects are advised to access TTC website periodically to keep abreast of any changes. Where material changes take place, it will be stipulated on the TTC website.
POLICY ON THE RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS
15. To exercise effective control over the retention of documents and electronic transactions:
a. as prescribed by legislation; and
b. as dictated by business practice.
16. Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. Documents are also necessary for defending legal action, for establishing, what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
17. To ensure that the Company’s interests are protected and that the rights to privacy and confidentiality are not breached, queries may be referred to the Information Officer.
SCOPE & DEFINITIONS
18. All documents and electronic transactions generated within and/or received by the Company. a. Definitions:
i. Clients includes, but are not limited to, shareholders, debtors, creditors as
well as the affected personnel and/or departments related to a services of the Company.
ii. Confidential Information refers to all information or data disclosed to or obtained by the Company by any means whatsoever.
iii. Constitution: Constitution of the Republic of South Africa Act, 108 of 1996. iv. Data refers to electronic representations of information in any form.
v. Documents include books, records, accounts and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro- mechanically or optically, or in any other form.
vi. ECTA: Electronic Communications and Transactions Act, 25 of 2002.
vii. Electronic communication refers to a communication by means of data messages.
viii. Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
ix. Electronic transactions include e-mails sent and received.
x. PAIA: Promotion of Access to Information Act, 2 of 2000.
ACCESS TO DOCUMENTS
19. All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances (also see clause 20 b) below):
xi. where disclosure is under compulsion of law;
xii. where there is a duty to the public to disclose;
xiii. where the interests of the Company require disclosure; and
xiv. where disclosure is made with the express or implied consent of the client.
DISCLOSURE TO 3RD PARTIES
20 a. All employees have a duty of confidentiality in relation to the Company, clients and candidates.
xv. Information on clients and candidates: Our clients’ and candidates’ right to confidentiality is protected in the Constitution and in terms of ECTA. Information may be given to a 3rd party if the client or candidate has consented in writing to that person receiving the information.
xvi. Requests for company information:
1. These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural and juristic) that is required for the exercise or protection of rights. Private bodies, like the Company, must however refuse access to records if disclosure would constitute an action for breach of the duty of secrecy owed to a third party.
2. In terms hereof, requests must be made in writing on the prescribed form to the Company Secretary, who is also the Information Officer in terms of PAIA. The requesting party has to state the reason for wanting the information and has to pay a prescribed fee.
xvii. Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial espionage. The affairs of the Company must be kept strictly confidential at all times.
b. The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
STORAGE OF DOCUMENTS
21. Hard Copies
i. Documents are stored in lockable storage at TTC office.
22. The Basic Conditions of Employment Act requires a retention period of 3 years for the documents mentioned below:
c. Section 29(4):
i. Written particulars of an employee after termination of employment;
d. Section 31:
i. Employee’s name and occupation;
ii. Time worked by each employee;
iii. Remuneration paid to each employee;
iv. Date of birth of any employee under the age of 18 years. v. Employment Equity Act, No 55 of 1998:
23. Section 26 and the General Administrative Regulations, 2009, Regulation 3(2) requires a retention period of 3 years for the documents mentioned below:
e. Records in respect of the company’s workforce, employment equity plan and other records relevant to compliance with the Act;
24. The Unemployment Insurance Act, applies to all employees and employers except:
f. Workers working less than 24 hours per month;
h. Public servants;
i. Foreigners working on a contract basis;
j. Workers who get a monthly State (old age) pension;
k. Workers who only earn commission.
25. Section 56(2)(c) requires a retention period of 5 years, from the date of submission, for the documents mentioned below:
l. Employers must retain personal records of each of their current employees in terms of their names, identification number, monthly remuneration and address where the employee is employed.
i. 5.1.12 Tax Administration Act, No 28 of2011:
26. Section 29 of the Tax Administration Act, states that records of documents must be retained to:
m. Enable a person to observe the requirements of the Act;
n. Are specifically required under a Tax Act by the Commissioner by the public notice;
o. Will enable SARS to be satisfied that the person has observed these requirements.
27. Section 29(3)(a) requires a retention period of 5 years, from the date of submission for taxpayers that have submitted a return and an indefinite retention period, until the return is submitted, then a 5 year period applies for taxpayers who were meant to submit a return.
28. Section 29(3)(b) requires a retention period of 5 years from the end of the relevant tax period for taxpayers who were not required to submit a return, but had capital gains/losses or engaged in any other activity that is subject to tax or would be subject to tax but for the application of a threshold or exemption.
29. Section 32(a) and (b) require a retention period of 5 years but records must be retained until the audit is concluded or the assessment or decision becomes final, for documents indicating that a person has been notified or is aware that the records are subject to an audit or investigation and the person who has lodged an objection or appeal against an assessment or decision under the TAA. i. Income Tax Act, No 58 of 1962:
30. Schedule 4, paragraph 14(1)(a)-(d) of the Income Tax Act requires a retention period of 5 years from the date of submission for documents pertaining to each employee that the employer shall keep:
p. Amount of remuneration paid or due by him to the employee;
q. The amount of employees tax deducted or withheld from the remuneration paid or due;
r. The income tax reference number of that employee;
s. Any further prescribed information;
t. Employer Reconciliation return.
31. Schedule 6, paragraph 14(a)-(d) requires a retention period of 5 years from the date of submission or 5 years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to:
u. Amounts received by that registered micro business during a year of assessment;
v. Dividends declared by that registered micro business during a year of assessment;
w. Each asset as at the end of a year of assessment with cost price of more than R 10 000;
x. Each liability as at the end of a year of assessment that exceeded R 10 000. i. Value Added Tax Act, No 89 of 1991:
32. Section 15(9), 16(2) and 55(1)(a) of the Value Added Tax Act and Interpretation Note 31, 30 March requires a retention period of 5 years from the date of submission of the return for the documents mentioned below:
y. Where a vendor’s basis of accounting is changed the vendor shall prepare lists of debtors and creditors showing the amounts owing to the creditors at the end of the tax period immediately preceding the changeover period;
z. Importation of goods, bill of entry, other documents prescribed by the Custom and Excise Act and proof that the VAT charge has been paid to SARS;
aa. Vendors are obliged to retain records of all goods and services, rate of tax applicable to the supply, list of suppliers or agents, invoices and tax invoices, credit and debit notes, bank statements, deposit slips, stock lists and paid cheques;
bb. Documentary proof substantiating the zero rating of supplies;
cc. Where a tax invoice, credit or debit note, has been issued in relation to a supply by an agent or a bill of entry as described in the Customs and Excise Act, the agent shall maintain sufficient records to enable the name, address and VAT registration number of the principal to be ascertained.
33. The internal procedure requires that electronic storage of information: important documents and information must be referred to and discussed with IT who will arrange for the indexing, storage and retrieval thereof. This will be done in conjunction with the departments concerned.
34. Scanned documents: If documents are scanned, the hard copy must be retained for as long as the information is used or for 1 year after the date of scanning, with the exception of documents pertaining to personnel. Any document containing information on the written particulars of an employee, including: employee’s name and occupation, time worked by each employee, remuneration and date of birth of an employee under the age of 18 years; must be retained for a period of 3 years after termination of employment.
35. Section 51 of the Electronic Communications Act No 25 of 2005 requires that personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period of 1 year or for as long as the information is used. It is also required that all personal information which has become obsolete must be destroyed.
DESTRUCTION OF DOCUMENTS
36. Documents may be destroyed after the termination of the retention periods listed above. Registration will request departments to attend to the destruction of their documents and these requests shall be attended to as soon as possible.
37. Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis. Files must be checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by the Company pending such return.
38. After completion of the process in 37 above, the Managing Director shall, in writing, authorise the removal and destruction of the documents in the authorisation document. These records will be retained by Registration.
39. The documents are then made available for collection by the removers of the Company’s documents, who also ensure that the documents are shredded before disposal. This also helps to ensure confidentiality of information.
40. Documents may also be stored off-site, in storage facilities approved by the Company.