DAILY ONLINE PTY (Ltd) PRIVACY POLICY
In this policy the following words and expressions shall, in addition to their respective ordinary meanings, bear the following meanings assigned to each of them respectively:
“Act” means the Protection of Personal Information Act, 2013.
“Daily Online PTY (Ltd) means to be determined, registration number 2022/561012/07
“Device” means any computer used to access the Service, including without limitation a desktop, laptop, mobile phone, tablet, or another consumer electronic device;
This Privacy Policy provides the Company’s policies and procedures of for collecting, using, processing and disclosing your information. Users can access the Service through the Company’s website. This Privacy Policy governs the access of the Service, regardless of how it is accessed, and by using the Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy on these terms and conditions. All the different forms of data, content, and information described below are collectively referred to as
“Information”.
- The Information We Collect and Store
We may collect and store the following information when running the Service:
Information Provided by You
When you register on the Website, you are required to provide us with certain personal information, such as your name, phone number, billing information, email address and business postal addresses.
Log Data
When you use the Service, we automatically record information from your Device, its software, and your activity using the Services. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service.
Cookies
We may also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.
- How We Use Personal Information
Personal Information
While using the Service, we may collect personal information that can be used to contact or identify you (“Personal Information”). Personal Information is or may be used:
(i) to provide and improve our services and/or products and/or the website, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, and (v) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us, please follow the “unsubscribe” instructions provided in any of those communications or update your Profile information.
Analytics
We also collect some information (ourselves or using third party services) using logging and cookies, such as IP address, which can sometimes be correlated with Personal Information.
We use this information for the above purposes and to monitor and analyze use of the Service, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
- Information Sharing and Disclosure
Your Use
You can review and revise your information at any time.
Service Providers, Business Partners, and Others
We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations like those in this Privacy Policy.
Compliance with Laws and Law Enforcement Requests; Protection of the Company’s
Rights
We may disclose to third parties’ files stored in your account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary in order to comply with a law, including the Act. in order protect the safety of any person from death or serious bodily injury prevent fraud or abuse; or to protect the Company’s property rights.
Non-private or Non-Personal Information
We may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Service.
- Changing or Deleting Your Information
If you are a registered user, you may review, update, correct or delete the personal information provided in your registration or account profile by changing your “account settings.” If your personally identifiable information changes, or if you no longer desire us service, you may update or delete it by making the change on your account settings. In some cases we may retain copies of your information if required by law. For questions about your Personal Information on our Service, please contact __________________.
- Data Retention
We will retain your information for as long as your account is active or as needed to provide your services. If you wish to cancel your account or request that we no longer use your information to provide you services, you may delete your account. We may retain and use your information to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion.
- Security
We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, contact us at ___________________.
- Contacting Us
If you have any questions about this Privacy Policy, please contact us at:
_____________________________
_____________________________
- Compliance with the Act
The whole of this Privacy Policy is subject to – and shall be interpreted in compliance with the Act.
- Changes to our Privacy Policy
This Privacy Policy may change from time to time. If we make a change to this privacy policy that we believe materially reduces your rights, we will provide you with notice (for example, by email). And we may provide notice of changes in other circumstances as well. By continuing to use the Service after those changes become effective, you agree to be bound. by the revised Privacy Policy.
DAILY ONLINE PTY (Ltd)
PASSWORD POLICY
VERSION NO: to be determined.
DATE:
- Introduction
1.1 The Company has resolved to implement a password policy to ensure the protection of its data and to protect against unauthorized access to its systems.
1.2 Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of the entire network of the Company. As such, all employees (as well as contractors and vendors with access to systems of the Company) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
1.3 Accordingly, the purpose of this policy is to ensure that security practices are introduced and maintained by all employees and third parties with respect to password-protected information infrastructure.
- Scope
2.1 IT Assets covered by this Policy.
The policy is applicable to all IT systems and services.
2.2 Document Control
The Password Policy document and all other referenced documents shall be controlled.
Version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purpose.
2.3 Records
2.3.1 Records being generated as part of the Password Policy shall be retained for a period of two years.
2.3.2 Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.
2.4 Distributions and Maintenance
The Password Policy document shall be made available to all employees. All the changes and new releases of this document shall be made available to the employees concerned. The maintenance responsibility of the document will be with the Information Officer and system administrators.
- Privacy
The Password Policy document shall be considered as “confidential” and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.
- Responsibility
4.1 The Password Policy shall be implemented by the Information Officer.
4.2 The Information Officer shall:
4.2.1 grant access and reviews access every year to determine the continued need for access.
4.2.2 prepare policy guidelines for the creation, safeguarding, and control of passwords.
4.2.3 approve access to supervisor passwords and passwords for similar privileged accounts used on the Company’s network.
4.3 The General Manager shall:
4.3.1 provide management oversight of the process for administering passwords for the Company systems.
4.3.2 publish and maintains policy guidelines for the creation, safeguarding, and control of passwords.
4.4 The IT Manager shall:
4.4.1 communicate to the users of the system access and password requirements outlined in this policy.
4.4.2 inform the Company’s Information Officer when an employee’s access is removed.
4.4.3 immediately inform the Company’s Information Officer if it is suspected that the Company’s passwords have been compromised.
4.4.4 issue and manage passwords for the Company’s systems and applications under them control in accordance with the Company’s policy described below.
4.4.5 issue passwords for privileged accounts to the primary system administrator and no more than one designated alternate system administrator; these passwords shall be changed at least every [insert number of days] days or when necessary due to employment termination or actual or suspected password compromises of the Company’s system.
4.5 The user shall:
4.5.1 understand their responsibilities for safeguarding passwords.
4.5.2 use the Company’s data in accordance with their job.
4.5.3 understand the consequences of their failure to adhere to statutes and policy governing information resources.
4.5.4 immediately notify their supervisor if it is suspected that their password has been compromised.
- Policy
5.1 General
5.1.1 The Password policy shall ensure that all user accounts are protected by strong passwords and that the strength of the passwords meets the security requirements of the Company’s IT system.
5.1.2 Users shall be educated about password protection and the password policy shall be implemented to ensure that users follow best practices for password protection.
5.1.3 The Company’s IT systems shall be configured to prevent password reuse.
5.2 Access Authorization Requirements
5.2.1 Users shall be granted access only to those information systems necessary for the performance of their official duties.
5.2.2 Users must receive supervisor’s and the IT Manager’s approval prior to being granted access to the Company’s information resources. This requirement includes contracted employees and all other personnel who are not employees of the Company who have been granted access.
5.2.3 Passwords shall be used on all the Company’s automated information systems to uniquely identify individual users.
5.2.4 Passwords shall not be shared with, used by, or disclosed to others. Furthermore, generic or group passwords shall not be used.
5.2.5 To preclude password guessing, an intruder lock-out feature shall suspend accounts after [number of invalid attempts] invalid attempts to log on.
5.3 Password Parameters
5.3.1 All user and system passwords, even temporary passwords set for new user accounts, should meet the following characteristics:
5.3.1.1 Be at least six characters in length.
5.3.1.2 Consist of a mix of alpha, and at least one numeric, and special characters.
5.3.1.3 Not be dictionary words.
5.3.1.4 Not be portions of associated account names (e.g., user ID, log-in name)
5.3.1.5 Not be character strings (e.g., ABC or 123)
5.3.1.6 Not be simple keyboard patterns.
5.3.2 Passwords must be changed at least every [insert number of days] days.
5.3.3 Previously used passwords may not be re-used.
5.4 Password and Account Security
5.4.1 Password accounts not used for 90 days will be disabled and reviewed for possible deletion. Accounts disabled for 60 days will be deleted. Accounts for contractors to the Company shall terminate on the expiration date of their contract.
5.4.2 Administrative account passwords must be changed promptly upon departure of personnel (mandatory or voluntary) or upon suspected compromise of the password.
5.4.3 User accounts will be disabled promptly upon departure of personnel (mandatory or voluntary). Users should immediately change their password if they suspect it has been compromised.
5.4.4 Vendor or service accounts will be removed from computer systems prior to deployment and new passwords are to be implemented on all systems immediately upon installation at the premises of the Company.
5.4.5 Passwords may not be embedded in automated programs, utilities, or applications.
5.4.6 Passwords may be not visible on a screen, hardcopy printouts, or any other output Device.
- Enforcement
6.1 Unauthorized personnel are not allowed to see or obtain sensitive data.
6.2 Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy.
INSTRUCTIONS
- PLEASE PRINT OUT & SIGN THE FORM.
- PROVIDE ANY ADDITIONAL INFORMATION IN ANNEXURE A
- SIGN THE FORM AND EMAIL IT TO THE COMPANY.
FORM 2
REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING , OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO.4 OF 2013)
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
[Regulation 3]
Note:
- Affidavits or other documentary evidence as applicable in support of the request may be attached.
- If the space provided for in this Form is inadequate, submit information as an Annexure to this form and sign each page.
- Complete as is applicable.
Request for:
Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party.
A | DETAILS OF DATA SUBJECT |
Name(s) and surname/ registered/name of data subject: | |
Unique Identifier/Identity Number | |
Residential, postal or business address: | |
Contact number(s): | |
Fax number / E-mail address: | |
B | DETAILS OF RESPONSIBLE PARTY |
Name(s) and surname/ Registered name of responsible party: | |
Contact number(s): | |
Fax number/ E-mail address: | |
C | INFORMATION TO BE CORRECTED/DELETED/ DESTRUCTED/ DESTROYED |
D | REASONS FOR *CORRECTION OR DELETION OF THE PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(a) WHICH IS IN POSSESSION OR UNDER THE CONTROL OF THE RESPONSIBLE PARTY; and or REASONS FOR *DESTRUCTION OR DELETION OF A RECORD OF PERSONAL INFORMATION ABOUT THE DATA SUBJECT IN TERMS OF SECTION 24(1)(b) WHICH THE RESPONSIBLE PARTY IS NO LONGER AUTHORISED TO RETAIN. (Please provide detailed reasons for the request) |
Signed at …………………………………… this …………………. day of ………………………20…………
…………………………………………………………………
Signature of data subject/ designated person