Monthly Archives: January 2015

  • 0

National Credit Act

Like the National Credit Act established the National Consumer Tribunal, the CPA establishes the National Consumer Commission which enforces the provisions of the CPA and protects consumers.

Who does the CPA protect?
Any person acting personally or in a representative may approach a court, the National Consumer Tribunal or the National Consumer Commission to allege that a consumer right entrenched in the CPA has been infringed.

What does the CPA Regulate?
The CPA regulates the goods and services industries.
Goods include anything marketed for human consumption, a tangible object including any medium on which anything is or may be written or encoded, any literature, music, photograph, motion picture, game, information, data, software, code or other intangible product written or encoded on any medium, or a licence to use any such intangible product and a legal interest in land or any other immovable property.

Services include any work or undertaking performed by one person for the direct or indirect benefit of another, the provision of any education, information, advice or consultation, any banking services, or related or similar financial services, or the undertaking, underwriting or assumption of any risk by one person on behalf of another, the transportation of an individual or any goods and the provision of any accommodation or sustenance and other similar services.

Cancellation of Advance Bookings, Orders & Reservations
Essentially, consumers have the right to cancel a reservation or pre-booking for any goods or services and to cancel any order for any goods or services.

Expiry and Renewal of Fixed-Term Agreements
Consumers may cancel a fixed-term agreement (of any term) at any time, provided written notice is given to the supplier at least 20 business days prior to the intended date of cancellation. Where the consumer prematurely cancels the agreement, the consumer remains liable to the supplier for any amounts owed to the supplier in terms of that agreement up to the date of cancellation and the supplier may impose a reasonable cancellation penalty.

Quotes and Estimates
Suppliers may not charge consumers for repairs, maintenance work or any other diagnostic work unless the charge was previously disclosed to the consumer and the consumer subsequently accepted the charge. Therefore, suppliers must provide a quote or estimate prior to working on any goods.

The Right to Quality Service
Where a supplier undertakes to perform any service for or on behalf of a consumer, the consumer has the right to the timely performance and completion of those services. The rendering of services or the goods required to perform any service must therefore be in a manner and of a quality that persons are generally entitled to expect and be free of any defect.

The Issue of Strict Liability
The CPA imposes strict liability on producers, importers, distributors or retailers to supply safe goods and imposes strict liability in respect of product failure, defective and hazardous goods.

Warranty on Repaired Goods
A mandatory three-month warranty period is imposed on service providers who install any new or reconditioned part during repair or maintenance work. This three-month period is calculated from the date of installation of the new or reconditioned part. Service providers include persons who promote, supply or offer to supply any service.

Right to Return Goods
A consumer is entitled to return unsafe or defective goods, including goods that are not of a good quality. This right is enforceable for a period of six months, calculated from the date of the delivery of the goods to the consumer. Where the goods are so returned, the consumer does so without penalty and at the supplier’s risk and expense.

Unsolicited Goods or Services
A consumer who is the recipient of unsolicited goods or services is not obliged to pay for such goods or services. Goods or services shall be said to have been unsolicited if the consumer did not implicitly or expressly request the goods or services. The only exception is where the consumer has an agreement with the supplier that goods or services shall be supplied from time to time without further approval or request. However, in the latter instance, any goods or services that materially differ from that agreed upon shall be deemed to be unsolicited.

Right to Cancel a Transaction or Agreement emanating from Direct Marketing
Direct marketing means approaching someone (in person or by mail or electronic communication, phone, fax, SMS, email, etc) to try to sell goods or services to that person or to ask him or her to make a donation of any kind. Where a transaction resulted from direct marketing, the consumer to such a transaction may rescind the transaction without reason or penalty. To do so, the consumer must give written notice to the supplier of his intention to cancel the transaction in question. This notice must be given within five business days of the transaction or agreement being concluded or, within five business days of the goods having being delivered to the consumer.

Marketing Standards for Goods & Services
Goods or services must not be promoted in a misleading, fraudulent or deceptive manner. Thus, the nature and the use of the goods or services cannot be distorted nor may a manufacturer, producer, importer, distributor or supplier promote or supply goods or services that are unlawful. Promotion of goods or services must so be done in a manner that does not violate the dignity of any person or is based on a ground of unfair discrimination.

Direct Marketing, Installation and Delivery
Any person who directly markets any goods or services and subsequently concludes a transaction or agreement with a consumer must inform the consumer of the right to rescind the agreement.

Catalogue or Electronic Marketing
The requirements regarding catalogue or electronic marketing apply where an agreement for the supply of goods or services is not concluded in person, but is concluded telephonically at the request of the consumer, by postal order, fax or internet transaction or in any other instance where the consumer does not inspect the goods before concluding the agreement. The requirements do not extend to an agreement or transaction that ensued from direct marketing.

  • 0

M-Files Document Management

M-Files Document Management -M-Files enterprise content management (ECM) solutions transform how businesses manage, secure and share information with a unique metadata-driven approach that organizes and processes content based on what it is, rather than where it resides. Thousands of businesses in over 100 countries use M-Files on-premise, in the cloud or in hybrid environments to improve productivity and quality, and to ensure compliance with industry regulations and standards, including companies such as AstraZeneca, Parker Hannifin, EADS and Elekta. For more information, visit, email us at or call us directly at 972-516-4210.

  • 0

Popi to change the way SA firms handle your data

Tags :

Category : Popi

Cape Town – Personal data has become a must-have commodity and a new Act seeks to limit just how much personal data companies may share or retain.

The scenario is a common one that many South Africans experience: You get a call at the most inappropriate time; the caller knows your name and proceeds to try and sell you something.

When asked about where your details were obtained, the answers are often vague at best – usually citing some database of a company – one that you usually can’t check while you’re on the phone.

One of the responses to this kind of invasion has been the Protection of Personal Information Act, signed into law after several delays as industry players negotiated what constituted personal information.

Generally the act seeks to protect privacy as guaranteed in the South African Constitution, and the law notes that “the right to privacy includes the right to the protection against the unlawful collection, retention, dissemination and use of personal information” in its preamble.

Loyalty programmes

One of the most common ways that companies have been collecting personal data is by way of loyalty programmes, but the law prescribes that a clear distinction should be made on how this information should be secured.

“What Popi is aiming to achieve is for companies to classify their data and determine those elements that would fall into the Popi category. They would then need to go through the process of protecting or securing that data to meet this regulation,” Andrew Kirkland, regional director for Trustwave Africa told News24.

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

The act prohibits the collection of information for the purposes of resale or trade, and also instructs those with access to personal data to ensure that the subject is aware thereof.

“Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party,” the law says.

This would, for example, prohibit so-called raffles that record personal data which is then sold to third parties who can call or e-mail people with “special offers” or insurance products.

However, while different company departments may share data, the law takes a dim view on sharing data between subsidiaries.


“If by divisions you mean subsidiaries then this may be more of a challenge since I would expect that you would still need to get permission to use this information from the customer. I suspect the regulator will have to make a call on this if it’s not that clear,” Kirkland explained.

However, the regulator has not yet been appointed in terms of the legislation and it is therefore unclear how companies that flout the law will be penalised.

The act requires that personal data be deleted once the objective has been achieved and if statistical information of the data is required, the subjects must be informed and their consent requested.

Kirkland said that the appointment of a regulator to manage the compliance is key to ensuring that Popi pay more than lip service to the protection of personal information in SA.

“We are waiting for the regulator to be appointed to get a better understanding of this [company accountability]. Non-compliance will at some point be penalised but to what extent can only be speculated at this point.”

  • 0

Your personal data

Category : Personal Data

Cape Town – It’s a case of individual responsibility with regard to protecting your personal data despite the Protection of Personal Information Act (Popi) because it only has force with companies operating in South Africa.

Popi was promulgated in 2013 after several delays and is meant to regulate how companies can collect, retain and disseminate personal information.

However, the global internet environment renders geographic borders null and void as many South Africans willingly hand their personal data over to international companies not bound by South African law.

“If you are a company operating in South Africa – either locally owned or internationally owned – you’d have to abide by the local laws which are associated with local data,” Andrew Kirkland, regional director for Trustwave Africa told News24.

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

Specific consent

The law specifies that specific consent must be obtained if companies would like to collect and process personal data.

“Personal information may only be processed if, given the purpose or which it is processed, it is adequate, relevant and not excessive,” says the act.

The lines become blurred when one introduces popular social networking platforms like Facebook, which operate under US law, but have a worldwide audience.

Data uploaded to the giant company’s servers are not subject to Popi, and though Facebook promises privacy, it is not an absolute.

The company warns that some data uploaded may become public domain, meaning that it can be disseminated without specific user consent.

“Because Pages are public, information you share with a Page is public information. This means, for example, that if you post a comment on a Page, that comment may be used by the Page owner off Facebook, and anyone can see it,” Facebook says in its terms and conditions.

Facebook also says that liking a company page on the network is public information and liking a corporate page may mean that content the company creates on its Facebook page may give it access to personal information.


“Because this content comes directly from the Page owner, that Page may be able to collect information about you, just like any website,” said Facebook.

Also, personal data of South Africans on Facebook may be given to US authorities. The social network revealed on Monday that between 9 000 and 12 000 demands for information were made in the year ended June 2013.

Microsoft and Yahoo also had to hand over personal data relating to 15 000 and 30 000 accounts respectively.

However, the act specifies that personal data may not be transferred to international parties unless specific permission has been obtained.

“A responsible party in the Republic may not transfer personal information about a data subject to a third party who is in a foreign country…” the law says, adding that it is subject to a range of provisions and consent by the affected party.

These matters indicate that the appointment of a regulator is critical to ensure that the prescriptions of the act, as well as remedies, can be applied for companies who may flout the law.

“We are waiting for the regulator to be appointed to get a better understanding of this [company accountability]. Non-compliance will at some point be penalised but to what extent can only be speculated at this point,” said Kirkland.

January 2015
« Oct