Question posted in the Landlord Tenant Law category relating to Western Cape
Hi, hope you are doing well.
I would like to get a legal advice in this situation: I am renting a house in one of complexes in capetown. I used to access the complex with the access cards where as they deactivated the cards and enforced the tennats to provide their biometrics only to grant the access as a resident in the complex and to be treated as a visitor in and out each time i leave and access the complex.
The managing board failed to provide a justification nor a reasoning behind such an act and gave the owners only the wireless car tags to be able to access the complex.
In addition, the managing board refused to set nor to share the all data needed to assure the saftey of collected data and whom is able to access it.
Can this be enforced and what is the limit line of the POPIA act where i refuse to consent my special personal information.
Message from the Lawyer
Hi there and thank you for your question,
I am a practicing attorney based in South Africa and I will assist you with your question. Please feel free to ask as many follow up questions in order to clarify your question. If you have a new question, you must please open a new thread.
Please keep in mind that our discussions is for general information purposes only. Our engagement on this website does not create an attorney-client relationship.
At a tenant of the property, and not the owner, you are immediately at a massive disadvantage because you're not a member of the body corporate and technically the body corporate (or the trustees) do not need to deal with you at all. You are simply a tenant of a property owned by somebody else, and your relationship with that other person is governed by the lease agreement.
The body corporate normally only deals with the owner, and it is up to the owner of communicate with the tenant.
If the body corporate changed the method of gaining access to the complex, that would have been decided by the members of the body corporate at an AGM, and it would have been given effect to by the trustees of the body corporate.
I don't know why you say that you are treated as a visitor each time you access the complex. If you are able to access the complex, using your biometrics or any access disc, then you are not a visitor. You're a tenant.
The managing board (the trustees) must have voted on this change in access measure. I think that the situation is that because you're not an owner, you wouldn't have been able to participate in such a meeting/vote.
If you are worried about the security of your biometrics, then ask the owner to request information from the body corporate trustees regarding the saftey of collected data and whom is able to access it.
The POPIA applies and essentially says that the security company is required to collect the information for a specific purpose, and not share that information with anyone else, and delete the information as soon as it is no longer needed. As long as they are doing that, then they are complying with the POPIA.
In my opinion, and having done some work for complexes in the past, I don't see that there is anything wrong with what they are doing and I don't see any basis for challenging the system - unless you are an owner, and then you can ask questions about the meeting, and the voting at the meeting, and what actually happened at the meeting.
Message from the client
- I was able to access the complex using the normal access cards that is appointed to the house number then it was disabled with no other options for the tenants except the bio-metrics to grant the access to the complex, based on that i was requested to every time i access the complex to reach my house to drive through the visitors lane and register my self each time in and out the complex.
Also, the owner was not able to arrange a meeting with the trustees and the owner request was neglected by the managing property to have a meeting to understand the rational behind collecting the bio-metrics and what other alternatives for whom though can not provide finger prints medically or legally. in addition, a request was placed to inquire about how the data is stored and who has the privilege to access such information but nothing was provided " just a claim that it is stored in closed system". so this claim with the absence of true transparency regardless ( the property owner or the tenants) it is out of their rights to enforce such an act.
Message from the Lawyer
It sounds like you're being treated like a visitor because you are refusing to register your biometric information on their security system. Why do you not just do that? They are not going to be able to do anything with the information they will collect from you. The information (i.e fingerprints) just confirms your identity.
Message from the Lawyer
Also, they have an obligation in terms of the Act to store your information safely and securely. They don't have to explain how it is stored. They can also say that only people who need access for a legitimate reason can access it. They don't need to give you a list of who has access. I think that you think that you have massive rights to get answers to all of your questions, whereas you don't really have these rights. Sorry.
Message from the client
My question was clear, do they have the right to limit the options just to bio-metrics and what if i refused to consent collecting me bio-metrics do they have the right to obstruct me from being able to exercise my rights.
Legally assumption is not a case of proof, as an example POPI act is clear::
Personal information can only be processed: (Section 11)
with the consent of the “data subject”; or
if it is necessary for the conclusion or performance of a contract to which the “data subject” is a party; or
if it is required by law; or
if it protects a legitimate interest of the “data subject”; or
if it is necessary to pursue your legitimate interests or the interest of a third party to whom the information is supplied.
Everyone has the right to object to having their personal information processed. They have the right to withdraw their consent, or object if they can show legitimate grounds for their objection.
this is also :
Personal Information may only be collected for a specific, explicitly defined and lawful purpose and the data subject must be aware of the purpose for which the information is being collected. (section 13)
Documentation relating to personal information and how it has been processed must be maintained as referred to in section 14 or 51 of the Promotion of Access to Information Act.
When information is being collected, data subjects must be made aware of: (section 18)
the information that is being collected and if the information is not being collected from the subject, the subject must be made aware of the source from which the information is being collected;
the name and address of the person/organisation collecting the information;
the purpose of the collection of information;
what period the information will be retained for and assurance given that it will be destroyed by given date;
whether the supply of the information by the subject is voluntary or mandatory;
the consequences of failure to provide the information;
whether the information is being collected in accordance with any law;
if it is intended for the information to leave the country and what level of protection will be afforded to the information after it has left South Africa.
who will be receiving the information;
that the data subject has access to the information and the right to rectify any details;
that the data subject has the right to object to the information being processed (if such right exists);
that the data subject has the right to lodge a complaint to the Information Regulator. The contact details of the Information Regulator must also be supplied. (section 18)
These requirements have to be met before the information is collected directly from the subject, or soon as reasonably practicable. If additional information is collected from a subject for a different purpose, the same process must be followed.
This article must be read in conjunction with the POPI Act which can be downloaded from Act No. 4 of 2013 : Protection of Personal Information Act, 2013
Am i getting really professional advice!! I dont have to explain my rights of objection , the one who request such highly sensitive shall justify such an act.
otherwise everyone would claim the compliance even scammers.
Message from the Lawyer
My question was clear, do they have the right to limit the options just to bio-metrics --> Yes, they do.
What if i refused to consent collecting me bio-metrics, do they have the right to obstruct me from being able to exercise my rights --> Yes, they do. The reason being is that the limitation would be a justifiable limitation of your rights. It has to do with security of the complex, and in such a situation, the benefits of secure access for all residents would override your complaint about not wanting to register your biometrics.
If you don't want to consent to your PI being processed, then don't give it to them. But then you need to deal with the consequences. e.g. having to sign in each time.
If you want the security company to answer those questions, before you hand over your biometric PI, that is 100% okay and legally correct. You can definitely do that!