Anatolian Trading Pty LTD ("Anatolian"). For the purposes of carrying out its business and related objectives, Anatolian will from time to time, process personal data of individuals and legal entities including public and private entities, such as personal data pertaining to employees and staff, prospective employees and job applicants, students and graduates, service providers and contractors, vendors, clients, customers, and other third parties ("Data").
For the avoidance of doubt, the Sartoria brand principal being Anatolian Treding Ltd with registered offices in South Africa, Shop L73a, Sandtoncity / Johanesburg, does not and will not have any control over the Site (as defined in the standard 'Terms and Conditions') and will accordingly not process, store or manage any Data. Anatolian shall act as the sole controller of the Data.
This Policy seeks to ensure that Anatolian:
- Complies with the South African and international legal standards and best practice for the processing of personal data which includes the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, disseminating and destruction of personal data;
- Protects the rights of its employees and staff, prospective employees and job applicants, students and graduates, service providers and contractors, vendors, clients, customers, and other third parties ("data subjects") in respect of personal data processed;
- Transparently renders how it processes personal data of individuals; and
- Mitigates the risks of data breaches.
- Anatolian processes personal data belonging to data subjects on an ongoing basis to carry out and pursue its business and related operational interests. This may include:
- Recruitment and employment purposes;
- Concluding contracts and business transactions;
- For risk assessments, insurance and underwriting purposes;
- Assessing and processing queries, enquiries, complaints, and / or claims;
- Conducting criminal reference checks and / or conducting credit reference searches or verification;
- Confirming, verifying and updating persons details;
- For purposes of personnel and other claims history;
- For the detection and prevention of fraud, crime, money laundering or other malpractice;
- Conducting market or customer satisfaction research;
- Promotional, marketing and direct marketing purposes;
- Financial, audit and record keeping purposes;
- In connection with legal proceedings;
- Providing services to clients to carry out the services requested and to maintain and constantly improve the relationship;
- Communicating with employees, third parties, customers, suppliers and / or governmental officials and regulatory agencies; and
- In connection with and to comply with legal and regulatory requirements or when it is otherwise required or allowed by law.
- The objective and purpose of this policy is therefore to set out Anatolian’s policy on the processing of personal data and to provide guidelines on how personal data is to be processed and safeguarded.
- This policy will apply to the processing by Anatolian of all and any data subjects’ personal data.
- This policy without exception will apply to:
- Anatolian and its subsidiary companies, including all employees thereof, including permanent, fixed term, and temporary staff, directors and executives, secondees;
- Any entity or person who processes personal data on behalf of Anatolian, whether residing or operating in South Africa, or overseas, who will hereinafter be referred to as an "operator", provided they have been made aware of this Policy.
Data Protection Principles and Conditions
- Personal Data shall always be:
- Obtained and processed fairly and lawfully;
- Obtained only for specific lawful purposes;
- Adequate, relevant and not excessive;
- Accurate, and kept up to date;
- Held for no longer than necessary for the purpose it was obtained for;
- Processed in accordance with the rights of data subjects;
- Be protected in appropriate ways, methodologies and procedures and according to suitable methods, both organisationally and technologically;
- Not be disclosed, transferred or exported illegally, or in breach of any agreement with a data subject.
- All employees and where applicable, operators and persons acting on behalf of Anatolian, shall continually be responsible for ensuring the safeguarding, protection and avoidance of any unauthorised disclosure or breach of personal data in the execution of employment duties and services to Anatolian, or otherwise in the course of rendering services or being associated with Anatolian.
- Where it is necessary to store personal data on portable devices such as laptops, USB flash drives, portable hard drives, CDs, DVDs, employees and where applicable, operators and persons acting on behalf of Anatolian without exception must before storing said personal data ensure that the data is encrypted and is kept secure, and that appropriate measures and safeguards are in place to prevent unauthorised access, disclosure and loss of such personal data.
- Where paper or hard copies of personal data are removed from Anatolian premises, employees, operators and/or persons acting on behalf of Anatolian must ensure that only relevant data is taken. In addition, such data must be kept safe and secure and appropriate measures and safeguards are taken to prevent any unauthorised access, disclosure and loss of such personal data.
- Paper or hard copies of personal data and portable electronic devices housing personal data should be stored in locked units, which should not be left on desks overnight or in view of other employees or third parties. 6 Personal information which is no longer required should be destroyed or securely archived and retained. 7 Personal data shall be deemed confidential information and shall not be disclosed unlawfully to any third party.
- Personal data loss must be reported to the relevant manager of the department from where the information emanates and to the Chief Financial, Risk or Compliance Officer.
- Negligent loss or unauthorised disclosure of personal data, or failure to report such events, may be treated as a disciplinary matter.
- Anatolian will continuously review the security controls and processes to ensure that all personal data is secure.
- Compliance measurement: Group IT will verify compliance to this policy through various methods, including periodic walk-throughs, business tool reports, internal and external audits, and feedback to the policy owner.
- Exceptions: Any exception to the policy must be approved by the Head of Group IT in advance