1. PURPOSE OF THIS POLICY
This policy explains how Lyners collects, uses, stores, shares, and protects personal information in line with the Protection of Personal Information Act (POPIA). It applies to all employees, service providers, clients, contractors, website users, and any individual whose personal information is processed by Lyners.
2. SCOPE
This policy applies to all Lyners entities, all business operations, systems, and processes where personal information is used and information collected both online and offline.
3. WHAT PERSONAL INFORMATION LYNERS COLLECT
Lyners may collect and process the following categories of personal information where relevant:
3.1 Employees and Prospective Employees
- Identification information
- Contact details.
- Employment history
- Qualifications and professional registrations
- Performance records
- Payroll and banking information.
- Medical certificates where legally required.
3.2 Clients and Consulting Partners
- Names and contact details.
- Company details and VAT numbers
- Project-related correspondence
- Technical information required for service delivery
3.3 Service Providers and Suppliers
- Company registration details
- Contact information.
- Banking information for payments
- Compliance documents
3.4 Website Users
- Contact details provided through forms.
- Basic technical information (browser type, device type, IP address)
- Cookie information where applicable
4. HOW LYNERS COLLECT INFORMATION
Lyners collect information through:
- Direct interactions (emails, contracts, forms, meetings)
- Employment processes
- Supplier onboarding
- Project execution
- Visits to our website
- CCTV footage at our premises
5. WHY LYNERS PROCESS PERSONAL INFORMATION
Lyners process personal information for the following purposes:
- Managing client relationships and project delivery
- Responding to enquiries and service requests
- Managing employment and HR-related obligations
- Safety, security, and access control
- Compliance with legal and regulatory requirements
- Administering payments and financial transactions
- Conducting business operations and internal administration
- Ensuring system security and business continuity
6. LEGAL BASIS FOR PROCESSING
Lyners process personal information under one or more of the following grounds:
- Consent
- Contractual requirements
- Legal obligations
- Legitimate business interests
- Regulatory compliance
7. SHARING OF PERSONAL INFORMATION
Lyners may share information with:
- Approved third-party service providers (IT support, auditors, legal advisers, payroll administrators, software platforms)
- Statutory bodies where legally required.
- Professional partners involved in project delivery
- Security service providers
- Financial institutions for payment processing
All third-party operators are required to protect information and use it only for authorised purposes.
Lyners do not sell personal information.
8. CROSS-BORDER TRANSFERS
Where information is stored on cloud services or accessed by trusted service providers outside South Africa, Lyners ensure that:
- Appropriate safeguards are in place, and
- The receiving country has adequate data-protection measures.
9. INFORMATION SECURITY
Lyners use technical and organisational measures to protect information, including:
- Secure servers and encryption where appropriate
- Access controls and password protection
- Data-loss prevention and backup systems
- Restricted access to personal information
- Secure physical storage
- Staff confidentiality obligations
10. DATA RETENTION
Personal information is kept only for as long as necessary to meet the purpose for which it was collected, including legal, contractual, and operational requirements. Retention periods follow the Lyners Document and Records Control Procedure.
11. YOUR RIGHTS UNDER POPIA
You may:
- Request access to your personal information.
- Ask for corrections or updates.
- Object to certain types of processing
- Request deletion where legally appropriate.
- Withdraw consent (where processing is based on consent)
- Lodge a complaint with the Information Regulator
Information Regulator South Africa:
Complaints.IR@justice.gov.za
www.justice.gov.za/inforeg/
12. COOKIES AND WEBSITE TRACKING
The Lyners website may use cookies or tracking tools to support functionality, improve user experience, or analyse website traffic. You may set your browser to refuse cookies, though some features may not function correctly.
13. DATA BREACHES
If a data breach occurs that exposes personal information, we will:
- Notify affected individuals as required by POPIA.
- Notify the Information Regulator
- Take corrective action to limit risk.
14. UPDATES TO THIS POLICY
This policy may be updated periodically. The latest version will always be available on the Lyners website or on request.
15. CONTACT INFORMATION
For queries regarding this policy or the handling of personal information, contact:
Information Officer
Email: bellville@lyners.co.za
Tel: 021 914 0300
Website: www.lyners.co.za