ISPA personal information policy

ISPA data collection policy:

  • This data collection policy applies to data collected using the forms on the ISPA website, and to personal information that ISPA may collect through other means (for example, via email).
  • A record of all personal information provided is kept by ISPA. ISPA’s standard retention period for personal information is three years, except when a longer retention period is required by law.
  • The purpose for which the personal information is being collected is indicated on the form where it is collected. ISPA will not use the collected personal information for any purpose other than that stated upon collection, unless required by law. In general:
    • Personal information collected relating to a complaint will be used only for the purpose of attempting to resolve that complaint.
    • Personal information collected relating to a contact request or media query will be used only for the purpose of attempting to resolve that query.
  • It is not mandatory for anyone to provide personal information to ISPA using any of the website forms. However, the consequences of not providing the requested personal information will be that ISPA is unable to assist in resolving the complaint or query.
  • Personal information ISPA collects will be shared with the relevant ISPA member or members if it involves a complaint against them. Collected personal information may also be shared with ISPA’s secretariat, accounts, legal/regulatory, and public relations service providers. Those service providers are contractually bound to treat any personal information shared with them with the same levels of diligence and respect as ISPA itself.
  • Although identifying personal information is redacted from any published ISPA adjudication or appeals panel report, such reports may include such personal information as is necessary for the report to make sense, such as correspondence provided by the parties. ISPA’s archive of reports is retained indefinitely for historical purposes, and so that a full record of precedent is available to ISPA’s adjudicators.

ISPA’s members and personal information:

  • As noted above, ISPA shares personal information it collects with members only for the purpose of resolving complaints involving that member.
  • All ISPA members are required to sign a membership undertaking which confirms that they will comply with all of the provisions of the Protection of Personal Information Act (POPIA) in respect of personal information collected by either ISPA or ISPA’s members.

INX-ZA data collection:

  • ISPA’s INX-ZA division does not collect any data from members of the public. INX-ZA collects only such personal information from networks connecting to the INX-ZA-run Internet exchanges as is necessary for administration and operation of the exchanges and shares only the technical information necessary for interconnection with other connected networks.

ISPA’s website:

  • ISPA may log certain personal information from visitors to the ISPA website, including IP addresses, operating systems and the web browsers used. This personal information is automatically logged, and is not linked to any specific individual.
  • ISPA’s websites contain links to sites that belong to third parties unrelated to us. ISPA cannot be held responsible for any use of your personal information arising from you disclosing personal information on third party sites.

POPIA compliance and your rights:

  • If you have provided personal information to ISPA, you have a right to ask for a copy of the personal information ISPA has stored, to request that ISPA correct any errors in that personal information and the right to object to any further processing of that personal information. For more information please see ISPA’s PAIA Manual.
  • ISPA takes every reasonable step to handle any personal information it is trusted with in a manner consistent with the requirements of the POPIA.
  • If you believe that ISPA has not acted in accordance with POPIA, you have a right to lodge a complaint with the Information Regulator.
  • For the purpose of this notice and POPIA compliance, the identity of the person collecting the personal information is:
    • Internet Service Providers’ Association (ISPA) NPC
      32 George Road
      Glen Austin
      Midrand, 1685
      Republic of South Africa
  • ISPA reserves the right to make changes to this personal information policy. The latest version of the policy will always be available on the ISPA website.