Private Policy

PURPOSE AND OVERVIEW

As a business, ONQ Accounting is committed to the highest standards of professionalism, ethics, and service delivery. We are dedicated to upholding every person’s constitutional right to privacy and ensuring that any personal information we process is done in a lawful and transparent manner. We maintain a strict standard of confidentiality with our clients and never share personal information with third parties unless required by law or with the express consent of our clients.

Any personal information processed by ONQ Accounting is done in accordance with the provisions of the Protection of Personal Information Act 4 of 2013 (“POPI”), and, where applicable, the General Data Protection Regulation 2016/679 (“GDPR”).

POPI

ONQ Accounting has taken comprehensive steps to ensure that its staff processes any personal information in accordance with the provisions of POPI. Personal information is defined in section 1 of POPI to mean:

“information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to— (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.”

Depending on who determines the purpose of and means for processing personal information in a particular instance, ONQ Accounting acknowledges that it may act as either a “responsible person” or “operator” as defined in section 1 of POPI. Where a client is also the “data subject” as defined in section 1 of POPI and has not mandated ONQ Accounting to process personal information on the client’s behalf, this puts ONQ Accounting in the role of a responsible party. Where ONQ Accounting processes personal information for a responsible party under a contract or mandate, without coming under the direct authority of that party, ONQ Accounting acts as an operator. Whether acting as a responsible party or operator, ONQ Accounting will process personal information in accordance with the applicable provisions of POPI.

General Data Protection Regulation 2016/679 (GDPR)

ONQ Accounting acknowledges that it offers its goods and/or services to persons domiciled in the European Union, which requires that data processing activities for such persons be conducted in accordance with GDPR. Depending on who determines the purpose of and conditions for processing personal information in a particular instance, ONQ Accounting may act as either a “controller” or “processor” as defined in the GDPR. Where a client is the “data subject” as defined in GDPR and has not mandated ONQ Accounting to process personal information on the client’s behalf, this places ONQ Accounting in the role of a controller. Where ONQ Accounting processes personal information for a controller under a contract or mandate, it acts as a processor. Whether acting as a controller or processor, ONQ Accounting will process data in respect of persons in the European Union in accordance with the applicable provisions of GDPR.

PRIVACY AND DATA PROTECTION OBLIGATIONS

ONQ Accounting acknowledges its privacy and data protection obligations and adheres to the highest standards possible to ensure legal and safe processing of data, including personal information. ONQ Accounting remains accountable to ensure compliance with POPI and/or GDPR and has implemented measures and procedures to give effect to such compliance. In this regard, ONQ Accounting has registered its designated Information Officer with the Information Regulator, established in terms of section 39 of POPI, as well as its Deputy Information Officers to whom the Information Officer has delegated duties. ONQ Accounting regularly trains its staff on their obligations under POPI, GDPR, and general best practices for privacy and data protection. We also maintain an expert Information Technology team, which oversees the security of our information systems. In addition to this Policy, ONQ Accounting has published various other policies to enforce privacy and data protection measures by its staff.

The measures and procedures implemented by ONQ Accounting extend to the fulfilment of the following obligations in relation to privacy and data protection. The client or person whose data/personal information is processed is referred to as the “data subject.”

Processing Limitation

  • Personal information must be processed lawfully and in a reasonable manner that does not infringe the privacy of the data subject.
  • Personal information may only be processed if, given the purpose for which it is processed, it is adequate, relevant, and not excessive.
  • Personal information may only be processed if:
    • The data subject or a competent person where the data subject is a child consents to the processing;
    • Processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is a party;
    • Processing complies with an obligation imposed by law on ONQ Accounting;
    • Processing protects a legitimate interest of the data subject;
    • Processing is necessary for the proper performance of a public law duty by a public body; or
    • Processing is necessary for pursuing the legitimate interests of ONQ Accounting or of a third party to whom the information is supplied.

    • The data subject or competent person may withdraw his, her or its consent, provided that the lawfulness of the processing of personal information before such withdrawal or the processing of personal information will not be affected.
      A data subject may object, at any time, to the processing of personal information—
      on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
      for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications.
      If a data subject has objected to the processing of personal information, ONQ Accounting may no longer process the personal information.

      Personal information must be collected directly from the data subject, except if—

      • The information is contained in or derived from a public record or has deliberately been made public by the data subject;
      • The data subject or a competent person where the data subject is a child has consented to the collection of the information from another source;
      • Collection of the information from another source would not prejudice a legitimate interest of the data subject;
      • Collection of the information from another source is necessary—
        • To avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution, and punishment of offences;
        • To comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue;
        • For the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated;
        • In the interests of national security; or
        • To maintain the legitimate interests of ONQ Accounting or of a third party to whom the information is supplied;
        • Compliance would prejudice a lawful purpose of the collection; or
        • Compliance is not reasonably practicable in the circumstances of the particular case.

      Purpose specification
      Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of ONQ Accounting.
      Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless—

      • Retention of the record is required or authorised by law;
      • ONQ Accounting reasonably requires the record for lawful purposes related to its functions or activities;
      • Retention of the record is required by a contract between the parties thereto; or
      • The data subject or a competent person where the data subject is a child has consented to the retention of the record.

      Records of personal information may be retained for historical, statistical or research purposes if ONQ Accounting has established appropriate safeguards against the records being used for any other purposes. ONQ Accounting must destroy or delete a record of personal information or de-identify it as soon as reasonably practicable after ONQ Accounting is no longer authorised to retain the record.

      Further processing
      Further processing of personal information must be in accordance or compatible with the purpose for which it was collected.

      Information quality
      ONQ Accounting must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading, and updated where necessary.

      Openness
      ONQ Accounting must maintain the documentation of all processing operations under its responsibility.
      If personal information is collected, ONQ Accounting must take reasonably practicable steps to ensure that the data subject is aware of—

      • The information being collected and where the information is not collected from the data subject, the source from which it is collected;
      • The name and address of ONQ Accounting;
      • The purpose for which the information is being collected;
      • Whether or not the supply of the information by that data subject is voluntary or mandatory;
      • The consequences of failure to provide the information;
      • Any particular law authorising or requiring the collection of the information;
      • The fact that, where applicable, ONQ Accounting intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;
      • Any further information such as the—
        • Recipient or category of recipients of the information;
        • Nature or category of the information;
        • Existence of the right of access to and the right to rectify the information collected;
        • Existence of the right to object to the processing of personal information; and
        • Right to lodge a complaint to the Information Regulator and the contact details of the Information Regulator, which is necessary, having regard to the specific circumstances in which the information is or is not to be processed, to enable processing in respect of the data subject to be reasonable.

      It is not necessary for ONQ Accounting to make the data subject aware of its data processing if—

      • The data subject or a competent person where the data subject is a child has provided consent for the non-compliance;
      • Non-compliance would not prejudice the legitimate interests of the data subject as set out in terms of this Act;
      • Non-compliance is necessary—
        • To avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution, and punishment of offences;
        • To comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue;
        • For the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or
        • In the interests of national security;
      • Compliance would prejudice a lawful purpose of the collection;
      • Compliance is not reasonably practicable in the circumstances of the particular case; or
      • The information will—
        • Not be used in a form in which the data subject may be identified; or
        • Be used for historical, statistical, or research purposes.

      Security safeguards
      ONQ Accounting must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—

      • Loss of, damage to, or unauthorised destruction of personal information; and
      • Unlawful access to or processing of personal information.

      ONQ Accounting must take reasonable measures to—

      • Identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
      • Establish and maintain appropriate safeguards against the risks identified;
      • Regularly verify that the safeguards are effectively implemented; and
      • Ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.

      The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.

      Acting as operator
      Where ONQ Accounting acts as an operator, it must—

      • Process such information only with the knowledge or authorisation of the responsible party; and
      • Treat personal information which comes to their knowledge as confidential and must not disclose it, unless required by law or in the course of the proper performance of their duties.

      A responsible party must, in terms of a written contract between the responsible party and ONQ Accounting (as the operator), ensure that ONQ Accounting establishes and maintains the security measures referred to in POPI. ONQ Accounting (as operator) must notify the responsible party immediately where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person.

      Security compromises
      Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, ONQ Accounting must notify—

      • The Regulator; and
      • The data subject, unless the identity of such data subject cannot be established.

      The notification to a data subject must be in writing and communicated to the data subject in at least one of the following ways:

      • Mailed to the data subject’s last known physical or postal address;
      • Sent by e-mail to the data subject’s last known e-mail address;
      • Placed in a prominent position on the website of ONQ Accounting;
      • Published in the news media; or
      • As may be directed by the Regulator.

      The notification must provide sufficient information to allow the data subject to take protective measures against the potential consequences of the compromise, including—

      • A description of the possible consequences of the security compromise;
      • A description of the measures that ONQ Accounting intends to take or has taken to address the security compromise;
      • A recommendation with regard to the measures to be taken by the data subject to mitigate the possible adverse effects of the security compromise; and
      • If known to ONQ Accounting, the identity of the unauthorised person who may have accessed or acquired the personal information.

      Data subject participation
      A data subject, having provided adequate proof of identity, has the right to—

      • Request ONQ Accounting to confirm, free of charge, whether or not ONQ Accounting holds personal information about the data subject; and
      • Request from ONQ Accounting the record or a description of the personal information about the data subject held by ONQ Accounting, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.

      If, in response to a request, personal information is communicated to a data subject, the data subject must be advised of the right to request the correction of information.

      ONQ Accounting may or must refuse, as the case may be, to disclose any information requested to which the grounds for refusal of access to records set out in the applicable sections of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act apply.

      A data subject may, in the prescribed manner, request ONQ Accounting to—

      • Correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully; or
      • Destroy or delete a record of personal information about the data subject that ONQ Accounting is no longer authorised to retain.

      On receipt of a request, ONQ Accounting must, as soon as reasonably practicable—

      • Correct the information;
      • Destroy or delete the information;
      • Provide the data subject, to his or her or its satisfaction, with credible evidence in support of the information; or
      • Where the data subject and ONQ Accounting cannot reach agreement on the request and if the data subject so requests, take such steps as are reasonably practicable in the circumstances to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.

      ONQ Accounting must notify a data subject who has made a request of the action taken as a result of the request. Where ONQ Accounting has taken steps to correct, destroy or delete personal information, it must, where reasonably practicable, inform each person or body or responsible party to whom the personal information has been disclosed of those steps.

For any questions, please contact us at:

The ONQ Accounting (“our”) website uses cookies and similar technologies in order to understand how you use and save your preferences to better navigate our Site and provide you with the best site experience. This Cookie Policy is part of our Privacy Statement. Please read this Cookie Policy carefully and ensure that you understand it. By continuing to use our Site, it is deemed that you accept our Cookie Policy. If you do not agree with our Cookie Policy, please stop using our Site immediately.

WHAT ARE COOKIES
Cookies are pieces of code that are stored in your web browser. These text files are placed on your computer, smartphone, or other device when you visit a website and allow us, or a third-party partner, to recognise you and make operations more efficient when you revisit our site, by allowing us to prioritise your interests.

USE OF COOKIES
We use cookies to obtain information about your visits and the devices you use to access our website. This allows us to tailor the content on our website to fit your specific needs and help us improve your experience. Where available, this includes IP address and pseudonymous identifiers, operating system, and browser type, and depending on the cookie, also includes the reporting of statistical data about our users’ browsing actions and patterns.

We use the following types of cookies:

Cookie type Purpose
Strictly Necessary Cookies Essential to the operation of our Site and its functions.
Analytics Cookies Enable us to gather information that will help us to improve our Site and your experience of it (for example: what features you use, how easily you are able to navigate the site).
Functionality Cookies Enable us to record your use of the Site, such as the choices you have made and remember your preferences to tailor the Site.
Persistent Cookies Persistent cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our Site. Any of the above cookies may be a persistent cookie.
Session Cookies Session cookies are temporary and only remain on your computer or device for the duration you spend on our Site. Session cookies are deleted when you close your browser.

THIRD-PARTY WEBSITES
As our website may link to third-party websites that we do not control, we suggest that you check the policies of those websites for information about the cookies they may be using. ONQ Accounting cannot accept any responsibility for any loss obtained through these third-party websites.

HOW YOU CAN CONTROL COOKIES
Cookies by themselves cannot be used to discover your identity and don’t damage your computer. Internet browsers normally accept cookies by default. You can change these settings if you wish. Your browser can be set to notify you when you receive a cookie, enabling you to decide if you want to accept it or not. If you choose not to accept cookies from the ONQ Accounting website, it may limit the website functionalities or performance.

For more information on how to modify your browser settings to block or filter cookies, see https://www.aboutcookies.org. These are external links, and we are not responsible for its content.

CHANGES TO THIS COOKIE POLICY
We may alter this Cookie Policy from time to time. Any such changes will become binding on you on your first use of our Site after the changes have been made. Please check this website periodically to inform yourself of any changes.

In the event of any conflict between the current version of this Cookie Policy and any previous version(s), the latest version of the Cookie Policy prevails.

FURTHER INFORMATION
If you would like to know more about how we use cookies, please feel free to contact us at:

Phone: +27 79 468 4378
Email: info@onqacc.co.za

For more information about privacy, data protection, and our terms and conditions, please view our Privacy Policy and Terms and Conditions.

The information provided on this website by On Q Accounting and Tax Services (Pty) Ltd is intended for general informational purposes only and should not be considered legal, financial, or professional advice. While we strive to ensure the accuracy of the content, we do not guarantee its completeness or reliability, and users are advised to seek professional advice before making decisions based on this information. On Q Accounting and Tax Services (Pty) Ltd is not liable for any losses or damages arising from reliance on the content of this website. Use of this site does not establish a client relationship, and the content may be updated without notice. For data protection, please refer to our Privacy Policy in line with South African law (POPIA).