OPERATOR AGREEMENT IN TERMS OF POPI

EXECUTIVE SUMMARY:
FutureSoft is a leader in the software development industry, specialising in debt recovery- and financial management software. FutureSoft officials are experienced in legal matters and the relevant legislation applicable to the industries in which FutureSoft’s customers operate. The Excalibur Debt Collection Management System is FutureSoft’s South African developed and maintained debt collection software used by banks, law firms, debt recovery agents, debt counsellors, financial institutions, corporates and educational institutions in South Africa, Africa and the United Kingdom. FutureSoft ensures that Excalibur complies with the relevant legislation applicable in South Africa. Excalibur enables its users (i.e., the customers of FutureSoft), to comply with such relevant legislation and this specific document relates to Excalibur’s enablement to comply with the Protection of Personal Information Act, and in particular, the data retention and data destruction aspects thereof.

THE FUTURESOFT COMMITMENT:
FutureSoft is committed to the protection of personal information, including the prevention of personal data breaches. FutureSoft commitment includes:
The commitment to comply with all regulatory obligations under the country’s data protection laws.
The commitment to deliver products and services to our clients that comply with all relevant data protection laws.
The commitment to take all reasonable, practical and appropriate steps to ensure that good business practices with regard to the protection of personal data is applied in the FutureSoft operations environment, if and when FutureSoft needs to assist its clients with data management.

THE FUTURESOFT INFORMATION PROTECTION GOVERNANCE STRUCTURE:
The senior management at FutureSoft are all aligned with the importance of the protection of personal data and, as such, the following Information Protection Governance Structure has been established and the officers identified are appointed:
The Information Security Officer: Peter Rafferty, Chief Executive Officer, FutureSoft, peter@futuresoft.co.za
The Internal Risk Audit Officer: Rob Rafferty, Chief Financial Officer, FutureSoft, rob@futuresoft.co.za
The Control Implementation Officer: JP Sonnekus, Chief Operations Officer, FutureSoft, jp@futuresoft.co.za
The above FutureSoft officials can be reached on 012 640 0000.

POLICY STATEMENT:
FutureSoft guarantees its commitment to the protection of personal information of its customers and consumers alike. FutureSoft’s top management is committed to ensure the implementation of information security controls and awareness regarding the protection of information.

RIGHTS OF DATA SUBJECTS: Data subjects have the right to
– Object to the processing of personal information
– Be notified when personal information is processed
– Confirmation that FutureSoft holds personal information
– To have personal information corrected
– To refuse the processing of personal information
– To complain to the Information Regulator
– To institute civil proceedings

CONDITIONS OF LAWFUL PROCESSING:
FutureSoft will obtain consent from its customers to process personal information. Such consent may be withdrawn by the customer. FutureSoft is committed to its duty of care to ensure the protection of data. The personal data will only be used for the specific purpose set out below.

SPECIFIC PURPOSE:
The purpose of collecting and retaining personal information is to enable FutureSoft:
– With regard to personal information of the Customer to:
o Maintain a secure register of its customers
o Manage the client relations with its customers
o Manage invoicing to customers
– With regard to personal information in possession of the Customer, which FutureSoft may from time to time be required to access in order to:
o Provide technical and system support to the Customer
o Execute the instructions received from the Customer

MANDATE:
The Customer hereby grants to FutureSoft a mandate to process certain Personal Information, as is referred to in the previous paragraph, titled SPECIFIC PURPOSE.

RECORDS RETAINED:
Records will be retained for
– The duration of the contractual relationship between FutureSoft and the Customer; plus
o a period of 5 years following the termination of the contractual relationship between FutureSoft and the customer; or
o a period required for FutureSoft to comply with other legislation, like SARS and tax legislation, or
o a period specified by the customer at the time of termination of the contractual relationship between FutureSoft and the customer

SAFEGUARDS:
FutureSoft will ensure that all necessary safeguards are implemented to ensure that personal information is protected and that only the officials necessary to have access to personal information, will have such access.

RISK MITIGATION:
FutureSoft has implemented the following risk mitigation procedures in its commitment to protection of personal information:
– A comprehensive risk identification process
– A risk assessment process
– The establishment of risk management and control procedures
– Information security incident management procedures
– Information security awareness program

REVIEW OF THIS POLICY:
This policy will be reviewed on an annual basis or whenever necessitated by legislation or other change in the business environment.

INFORMATION REGULATOR:
The Information Regulator can be contacted in the following methods:
Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017
e-Mail address: complaints.IR@justice.gov.za

CONFIDENTIALITY STATEMENT:
This document contains proprietary information belonging to ExcalSoft Development (Pty) Ltd trading as FutureSoft and is only available to Customers and approved third parties who this has been supplied to, with the express consent from FutureSoft.

GENERAL:
All correspondence between the Customer and FutureSoft with regard to this agreement, will be sent to the chosen domicilium citandi et executandi as indicated on the first page hereof. This document is the entire agreement between the Customer and FutureSoft with regard to the Protection of Personal Information. No changes to this agreement will be deemed valid, unless it has been reduced to writing and has been signed by the Customer and FutureSoft and is dated subsequent to the date of this agreement.