POPIA PRIVACY POLICY OF REMAX 2000

DEFINITIONS

MASTER REALTORS (PTY) LTD t/a REMAX 2000

REGISTRATION NUMBER: 1995/013053/07

(hereinafter referred to interchangeably as either RE/MAX2000, "our", "us", or "we ")

"You" and/or "your" means you, the clients and prospective clients of RE/MAX 2000. "RE/MAX 2000 staff" means any of RE/MAX 2000 's directors, employees, agents, contractors and/or consultants, as the case may be.

Protection of Personal Information Act 4 of2013 is hereinafter referred to as POPIA. This POPI privacy policy covers our corporate web sites at www.remax2000.co.za.

1. YOUR RIGHT TO PRIVACY AND SECURITY IN TERMS OF POPIA

We value your right to privacy and security. Through your use of our professional realty services, your personal information is treated as private and confidential. We are and remain committed to providing you with secure access to our services. We want you to engage our professional realty services with complete confidence in the knowledge that your personal information is kept confidential.

We gather information from you, Deeds Registries, and local authorities. We utilize this information primarily to market immovable property for the selling and/or letting thereof. We only, with your knowledge and consent, disclose personal information to third parties in line with the provision of the services we provide.

2. INFORMATION COLLECTED

We are acutely aware of and sensitive nature to the right to privacy of our clients. We do not collect personal information without your knowledge and consent.

There are 5 ways in which you provide us with your personal information:

email,

WhatsApp,

hand collection and hand delivery, (iv) courier services and

(v) telephone instruction.

2.1 PREPARATION OF DOCUMENTS

When we are instructed by you to market or find immovable properties to prepare marketing mandates, lease agreements, sale agreements, advertisements and other related documents, the personal information requested from you includes your identity, address (postal and residential), telephone number, email address, bank account to be debited/credited. This personal information is used to enable us to meet our obligations to you, follow your instructions, and ensure our services meet your needs. Verifying and confirming your identity requires us to compare the personal information submitted by you with information known to a third party (e.g. Banks, SARS, Deeds Registries, local authorities and the like). This allows us to prevent identity theft.

2.2 ACCOUNT / BANK INFORMATION

This personal information is only used to complete documents relating to immovable property, including documents such as lease agreements, sale agreements, bond applications, credit checks and mandates.

2.3 EMAIL REQUEST- RESPONSE / FEEDBACK/ SUPPORT

Your email communication to us is retained for realty purposes, and will not be used for any secondary purpose, e.g. sending unsolicited email.

3. DISCLOSURE OF PERSONAL INFORMATION

Please be assured that if you are contacted by any of our staff, they have agreed to keep your personal information private and confidential. This is in accordance with strict confidentiality agreements signed with RE/MAX 2000 staff.

We will not disclose your personal information to any person without your permission unless (i) we are compelled by law or in terms of a court order to do so, or

(ii) it is in the public interest to do so, or (iii) it is necessary to protect our rights.

4. LAWFUL PURPOSES

Preventing exposing others to material which is offensive, harmful to minors, indecent or otherwise objectionable is especially important to us. It is our policy to ensure that we comply with all applicable laws in this regard.

5. SECURITY

Personal information collected by us is stored in a secure environment. We use technology that complies with international standards to protect storage and transmission of your personal information. Our web servers have firewall protection and intrusion detection systems. Access to information on these web servers is restricted to authorised RE/MAX 2000 staff only.

6. DATA RETENTION

We will not retain your personal information longer than is necessary for the purpose for which it was collected.

6.1 This data privacy/information security policy must be communicated to all staff members and is applied by us and our Sub-Contractors, Agents, Correspondents and Software Providers. Non-compliance by our staff members constitutes a dismissible offence. Non-Compliance by our Sub-Contractors, Agents, Correspondents and Software Providers shall constitute a material breach of the relevant agreements between them and us. All documentation prepared by us is monitored by Derek Ravenscroft to ensure accuracy and completeness. Our clients sign documentation to confirm knowledge and consent.

6.2 Derek Ravenscroft and 2 nominated staff members constitute the Data Privacy Committee.

The directors are accountable for data privacy. The committee shall provide knowledge of the location of all personally identifiable information and how it is used and disclosed. Monthly meetings shall be held to increase employee awareness of our data privacy / information security policy and responsibilities.

6.3 Staff employment contracts shall include data privacy and information security requirements as well as clauses relating to consequences of non-compliance.

6.4 The directors of the firm shall investigate criminal records, credit records and employment records prior to employing new staff. Prior permission to do so shall be obtained from possible applicants.

6.5 Specific rules applied to emails. Staff shall be trained regularly to familiarise them with our email security rules and arrangements. We prohibit the use of web-based emails, automatic forwarding and opening of attachments from unknown sources. Legal disclaimers and warnings at the end of emails shall be inserted on all e-mails sent to our clients.

6.6 Process for dealing with complaints about inaccuracies of personal information: Prior to disclosing personal information to a complainant telephonically, we do a security check to verify the identity of the complainant by requesting certain personal information e.g. identity number, e-mail address, physical or postal address and telephone numbers. We verify the accuracy of personal information with information obtained from the Deeds Registry.

6.7 Restriction relating to the printing of client's personal information: Passwords shall be given to the directors and each staff member and only the said people are entitled to print personal information of clients.

6.8 Derek Ravenscroft shall provide regular training to the staff to ensure that we comply with POPIA requirements regarding data privacy and information security and to ensure all employees' understanding thereof. The training shall include lecture style classroom environment and bulletins.

6.9 Measures taken to safeguard client's personal information that is transferred outside our offices including data transferred overseas: The directors and/or staff shall obtain the clients consent to transfer information to them at their chosen destination (including overseas destinations) as well as consent to transfer information to another organization.

6.10 Regulations to protect against the risks associated with remote/mobile working facilities:Our mobile / remote working environment shall be controlled. Directors and staff shall use antivirus updates. We shall make use of secure remote connections. Only authorised contractors may maintain mobile working computers.

6.11 Our continuity plan and IT disaster recovery plan: We shall do regular data backups which must be retained on site in a secured area. Additional backups are stored off site at a secure location.

6.12 The directors and/or staff shall create backups of client's personal information which must be stored on site and locked away in an area where access is restricted to prevent unauthorised access to data backups containing client's personal information.

6.13 Additional controls to protect client's personal information that we store on our systems and applications: We have one network system and it shall be protected by Antivirus Solutions and a Firewall at all times. An intrusion detection / prevention system must be in place to protect client's personal information which is stored on our system.

6.14 Access to our client's personal information shall be restricted to three authorised individuals. They shall be uniquely identified and have their own usernames and passwords. Usernames shall not be shared between individuals. Strict procedures are in place for the issuing of new / changing passwords and usernames. Access shall be promptly revoked when no longer required. For example if a staff member leaves our employ.

6.15 Incident management processes that shall apply to our client's personal information: Our staff shall categorise and prioritise incidents and these incidents shall be reported by our staff to the directors. The directors must monitor incident patterns and identify potential threats. Corrective action must be taken promptly.

6.16 Reporting Mechanisms to record and track security and privacy related incidents/breaches that involve our client's personal information: The directors shall monitor all our client's personal information on a regular basis to ensure the accuracy, quality and privacy of the information. We shall inform our clients of all errors or inaccuracies which occur on the personal information.

6.17 Systems and controls to protect our client's personal information during and after testing are enforced by way of the backing up of such information before testing and checking the accuracy of the information after testing by Derek Ravenscroft in his capacity as Director of RE/MAX 2000 and as Information Officer.

6.18 Physical media containing our client's personal information shall be protected when being transported outside our physical boundaries. We shall use in-house bearers to transport hardcopy materials. Transportation shall take place via approved couriers who shall be tracked from origin to destination through labeling, receipt confirmation and completeness checks at arrival. Our staff shall not transport CD's and/or Flash drives outside the firm's physical boundaries without the prior authorisation by the directors of the firm.

6.19 Physical access shall be restricted to buildings and places that house our client's personal information by the use of locks, alarms and security guards. A clear desk policy and lock cabinets/storage room shall apply when not in use. Our directors and staff who deal with our client's personal information shall sit away from public areas.

6.20 Our staff shall remove all information from hard drives and other data storage devices before such equipment is sold, discarded or passed on to a new user for non-business purposes. This policy governs the reuse / discarding data storage devices. A detailed register must be kept to record this process.

6.21 Confidential waste containing our client's personal information shall be distinguished from non-confidential waste and disposed of accordingly: The directors shall conduct regular training sessions with staff members to raise awareness of the procedures of distinguishing between confidential waste containing our client's personal information from nonconfidential waste. Confidential waste / personal information shall be destroyed in a secure manner by shredding same on site.

6.22 Derek Ravenscroft shall conduct regular training sessions with staff members to raise awareness to our staff members of the need to complete a risk analysis. We shall do regular risk assessments to establish what the risks are relating to our client's personal information. We shall ensure that our clients acknowledge receipt of transported documentation to eliminate risk. Procedures shall be followed to prevent accidental disclosure of confidential information for example we shall verify the identity of clients, their email addresses, physical addresses and postal addresses.

6.23 Systems processing our client's personal information and data privacy / information security controls shall be monitored and reported (audits / compliance reviews). We have an inhouse accountant who assists our staff and their assistants with the auditing of all aspects of data privacy and information security. We shall perform regular risk assessments of our security processes. All risks shall be listed and addressed on a regular basis.

6.24 We only make use of fulltime staff to draft realty documents containing personal information of our clients.

6.25 This policy is drafted to comply with The Protection of Personal Information Act (POPIA). Our staff and directors shall obtain permission from clients to obtain, process and use their personal information. Attached hereto are relevant letters to be signed by our clients prior to obtaining their personal information.

REVISIONS TO THIS POLICY

RE/MAX 2000 reserves the right to change or amend this privacy policy at any time without prior notice.