19. We secure the integrity and confidentiality of your Personal Information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of Personal Information, and unlawful access to or processing of Personal Information.
20. In order to implement and maintain such measures, we have in place policies, controls and related processes, which are reviewed and updated on a regular basis.
21. Where there are reasonable grounds to believe that your information has been accessed, altered, deleted or acquired by any unauthorised person, we will notify the Information Regulator and yourself in cases where your identity can be established. This notification will be done in accordance with the provisions of POPIA as soon as reasonably possible after the discovery of the compromise.