Data Protection and Incident Response Policy

Data Protection and Incident Response Policy

Thank you for choosing to be part of our community at AdvanceNet Pty Ltd, doing business as AdvanceNet ("AdvanceNet", "we", "us", "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at


When you visit our website (the "Website"), and more generally, use any of our services (the "Services", which include the Website), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.



  1. Introduction
    1. At the AdvanceNet Group we respect people’s privacy, and we protect the personal information we process. We balance our need to process personal information for our activities with the legal requirements to protect it.


  1. Purpose
    1. This policy describes the principles governing our processing of personal information. It also records our compliance strategy regarding personal information.


  1. Scope
  • This policy applies to all personal information processed in the course of our business and to all persons employed or engaged by us who process personal information.
  • This policy must be read in conjunction with any other compliance policies we may have and adds specific elements regarding our data protection compliance strategy.


  1. Personal information
    • Personal information includes any information about a data subject for example:
      • Identifying information, such as a name, date of birth, or identification number of any kind.
      • Contact information, such as a phone number or email address.
      • Address information, such as a physical or postal address.
      • Company information, such as company incorporation records, tax and VAT records, credit history, invoices and statements, insurance information and partner details.


  1. Sensitive Personal Information
    • Depending on the goods or services, we may also collect sensitive personal information including:
      • Financial information, such as bank account details.
      • Criminal information, in limited circumstances, such as information about commission or alleged commission of any offence or about any related legal proceedings through our external or internal disclosure channels.
  2. Data protection laws
    • We are committed to protecting and respecting the privacy of our data subjects in accordance with the local data protection laws applicable to the jurisdictions in which we operate. As such, we have chosen to adopt a global approach to data protection compliance. This involves an 80% focus on complying with those requirements that are common to most data protection laws globally and a 20% focus on complying with those that are specific to our relevant jurisdictions. The relevant local laws with which we will comply are:
      • General Data Protection Regulation 2016/679 (European Union).
      • Protection of Personal Information Act 4 of 2013 (South Africa).


  1.  Data protection requirements
    • In applying the relevant data protection laws, we will ensure that we:
      • Enable data subject rights.
      • Adhere to our data protection obligations as responsible party or operator.
      • Apply the data protection principles.
  • In terms of data subject rights, we will ensure that our data subjects can:
    • Know when and why we process their personal information.
    • Request access to their personal information that we process.
    • Rectify any personal information of theirs that is incorrect.
    • Erase their personal information from our systems, where required.
    • Restrict our processing of their personal information, where required.
    • Object to our processing of their personal information.
    • Transfer their personal information from us to another responsible party in a structured and accessible format.
    • Be protected from us making automated decisions about them.
  • In terms of our obligations as an operator, we will ensure that we:
    • Enter into a contract with the relevant responsible party.
    • Appoint sub-operators only with the responsible party’s written authorisation.
    • Process personal information only on the instructions of the responsible party.
    • Keep records of our processing activities done on behalf of the responsible party.
    • Inform the relevant data protection authorities of irregularities, where required.
  • In terms of the data protection principles, we will ensure that we process personal information:
    • Lawfully, fairly and transparently.
    • Only for a specific purpose that is explicit and legitimate.
    • Only as necessary for that purpose.
    • Accurately, keeping it up to date.
    • For no longer than necessary to achieve the purpose.
    • Securely.
  • In terms of our obligations as a responsible party, we will ensure that we:
    • Implement appropriate and reasonable technical and organisational measures to protect personal information.
    • Control our operators through a written contract.
    • Keep records of our processing activities.
    • Cooperate with the relevant data protection authorities.
    • Conduct data protection impact assessments, where required.
    • Consult with the relevant data protection authorities, where required.


  1. Compliance strategy
    • Our compliance strategy is reasonable compliance - do what is reasonably practicable to comply with those aspects of data protection that apply to our business, under the applicable data protection law. We will enable data subject rights and adhere to our relevant obligations. We have adopted a risk-based approach to applying the data protection principles. We seek to maintain a balance between what is required by law and what is practical in our specific circumstances.
    • We have identified the following areas as being key priorities in our compliance efforts:
      • Monitoring and applying our data protection activities consistently across our entities and jurisdictions.
      • Adopting privacy by design and by default at a Group level.
      • Managing our responsible party relationships efficiently.
      • Digitising our responsible party processing activities.


  1. Governance of data protection
    • We will appoint and maintain one Information Officer for each of our entities. The Information Officer is responsible for:
  • Promoting compliance with data protection law within the entity.
  • Ensuring awareness of data protection law within the entity.
  • Managing and responding to data subject access requests.
  • Managing and responding to data breaches or incidents.
  • Assisting the relevant data protection authorities with their investigations.
  • Developing, implementing and monitoring the compliance framework within the entity.


  • The Information Officer will report to the Group Managing Director
  1. Policy responsibility and administration
    • The Information Officer is responsible for overseeing data protection in our Group and is responsible for ensuring that the policy is effective and relevant. Their contact information is:


Name: Andy Irving

Email address:

Telephone: +27 11 367 9000


Download- Request for Access to Record

Download-Outcome of Request and of Fees Payable