– PART 3 –
PRINCIPLE #2 – PROCESSING LIMITATION: PART 1
‘Processing’ is defined as to ‘collect, disseminate or merge’ personal information (‘PI’).
POPI applies to collection by whatever means the PI is ‘processed’, i.e. electronically or manually and it applies to the complete lifecycle of the PI.
Limitations are placed on processing is expressed as follows, the primary requirements being that it must be lawful, not infringe the privacy of the data subject (‘DS’) and it must be adequate and relevant to, and not excessive for the purpose of process i.e. not more than required.
Then in addition, one or more of the following requisites must be applicable:
- DS must consent to processing and as such consent is defined as ‘any voluntary, specific and informed expression of will’
- It must be required in order to carry out a contract to which DS is a party;
- It must be required by the responsible person i.e. the person processing the data (‘RP’) to comply with an obligation imposed by law
- It can be shown to be in order to protect a legitimate interest of the DS;
- It is required by public body to carry a public law duty
- It is required by RP or third party (to whom the PI is disclosed) ‘pursuing a legitimate interest’
Disclaimer: This article is intended to provide a brief overview of legal matters pertaining to the travel and tourism industry and is not intended as legal advice. © Adv Louis Nel, BENCHMARK, July 2013.