The reason for this policy is to advise the customer/ user (data subject) of Hexachem’s services, both electronic

and otherwise, why data is gathered and processed, what data is concentrated on as well as how it is

handled. Hexachem is dedicated to full compliance with the POPI Act as far as the utilisation and

disclosure of data subject personal information (PI) is concerned. Therefore, technical and operational

measures have been implemented to safeguard data subject privacy and Hexachem encourages all data

subjects and/ or requesters to engage with its Information Officer (IO) in respect of any matter related to

such.

This policy exercises to data subjects under the POPI Act and its principles expand to the Promotion of

Access to Information Act (PAIA) in respect of requesters of records held by Hexachem. PI applies to both

natural and juristic persons. Data subjects and requesters are invited to engage with the Hexachem IO about

any matter relevant to the POPIA and PAIA, including but not limited to updating PI, deletion of PI,

complaints in respect of how PI is being processed and updating. The “Information Officer” portal

on the website facilitates these types of engagement.

Hexachem is a diversified company, representing various international manufacturers and suppliers,

bringing global offerings of raw materials and ingredients of the highest quality to shores of South Africa.

‘‘Personal information’’ means information relating to an identifiable, living, natural person, and

where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin,

colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience,

belief, culture, language and birth of the person;

(b) information relating to the education or the medical, financial, criminal or employment history of the

person;

(c) any identifying number, symbol, e-mail address, physical address, telephone number, location

information, online identifier or other particular assignment to the person;

(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;

(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or

further correspondence that would reveal the contents of the original correspondence;

(g) the views or opinions of another individual about the person; and

(h) the name of the person if it appears with other personal information relating to the person or if the

disclosure of the name itself would reveal information about the person;

Hexachem processes PI for various purposes including for –

• Facilitating transactions with data subjects
• Collecting data for credit and COD applications
• Collecting data for statistical purposes to improve its services
• Fulfilling its contractual obligations to its clients and client contacts
• Complying with the provisions of statute and regulations
• Attending to the legitimate interests of data subjects
• Identifying prospects for enhanced service delivery and business sustainability
• Confirm and verify data subject identity or to verify that they are authorised users for security
  purposes;
• Audit and record keeping purposes
• In connection with legal proceedings.
  
  

In respect of the processing of PI as provided for above, Hexachem will adhere to the conditions for the

lawful processing of PI, based on its desire to provide data subjects services in their best interests as well as

a legitimate interest of Hexachem to achieve its business objectives.

Hexachem endeavours to provide the most accurate information possible to stakeholders, including data

subjects. Hexachem seeks to verify the accuracy of its information as frequently as possible and to remove

information that it learns to be inaccurate. Thus, Hexachem intends to process the information it has about

data subjects for so long as it is accurate or until the data subject instructs Hexachem to refrain from

processing it – in order to instruct Hexachem to refrain from collecting and/ or processing PI, contact IO.

Notwithstanding the above, Hexachem shall hold PI for such period as may be required in terms of statutes

such as the Companies Act and various labour laws.

Data subjects have the right to request that Hexachem provide them with access to their PI, to rectify or

correct their personal information, erase PI or restrict the processing of PI, including refraining from

sharing it or otherwise providing it to any third parties. Data subjects also have the right to raise

complaints with the Information Regulator. The afore-going rights may be subject to certain

limitations pursuant to applicable law. In order to access any of these rights, contact the IO.

Hexachem gathers PI from several sources, which include directly from data subjects, publicly available

sources such as websites, social media, commercial transactions with Hexachem, referrals, prospects,

partner agreements, training engagements, and the like..

Hexachem collects information about data subjects who may be clients, client contacts, prospective clients

and prospective client contacts. It also collects information on its employees and suppliers as well as third

parties that are part of its scope of operation.

In respect of clients, client contacts, prospective clients and prospective client contacts Hexachem profiles

business organizations and the contacts who work for the said organisations and it may have some or all of

the following categories of personal information on data subjects, historical or current –

• Name and surname
• Identity Number
• Equity, Gender & Disability status
• Contact details (email, mobile)
• Birth date
• Position held and responsibilities
• Areas of interest in respect of Hexachem offerings
• Record of services used
• Email correspondence and attachments
• Organisation details
• Office address
• Office contact details
• Organisation email Address
• Other information that is available in the public domain.
  
  

We collect and process your personal information mainly to contact data subjects for the purpose of

understanding their requirements and delivering services accordingly. Where possible, we will inform data

subjects what information they are required to provide to Hexachem and what information is optional, as

well as the consequences of not providing the said information.

Hexachem may disclose data subject PI to its service providers who are involved in the delivery of products

or services data subjects. Hexachem has agreements in place to ensure that it complies with the privacy

requirements as required by the POPI Act.

hexachem may also disclose data subject PI:

• Where it has a duty or a right to disclose in terms of law and/ or industry codes;
• Where it believes it is necessary to protect its rights.
  
  

Hexachem is legally obliged to provide adequate systems, technical and operational protection for the PI

that it holds and to prevent unauthorized access to as well as prohibited use of PI. Hexachem will therefore

on a regular basis review its security controls and related processes to ensure that the PI of data subjects

remains secure.

Hexachem has conducted an impact assessment across all of its functions and used the findings thereof to

manage risk optimally as well as to provide iterative improvements on an ongoing basis. Hexachem policies

and procedures cover the following aspects -

• Physical security;
• Computer and network security;
• Access to personal information;
• Secure communications;
• Security in contracting out activities or functions;
• Retention and disposal of information;
• Acceptable usage of personal information;
• Governance and regulatory issues;
• Monitoring access and usage of private information;
• Investigating and reacting to security incidents.
  
  

Hexachem also ensures that it contracts with Operators as required by POPI and it requires appropriate

security, privacy and confidentiality obligations of these operators in order to ensure that personal

information is kept secure. The same protocols apply to any party to whom Hexachem may pass PI on to for

the purposes mentioned herein.

Our Head Office physical address is -

74 Old Main Road, Kloof, KwaZulu-Natal Africa

The information officer is –

• Michael van Staden
• Email – michael@hexachem.co.za
•  Mobile – 082 888 2183