Website Privacy and Data Protection Policy
1.1 This privacy and data protection policy (“DP Policy”) sets out a framework for us to comply with POPIA’s requirements in the processing of your personal Information (“PI”).
1.2 Where reference is made to the “processing” of PI, this has the meaning ascribed thereto in POPIA and will include any activity in which the PI is worked with, from the time that the PI is collected, up to the time that the PI is destroyed.
1.3 By accessing our website and using any of our services through it, you agree that we may process your PI as explained in this DP Policy.
2. PROCESSING OF PI
2.1 Depending on the type of business we conduct with you or the relationship you have with us, we may process your PI, including the following: name, race (for employment purposes or as otherwise required by applicable law), gender, marital status, nationality, age, language preference, date of birth, information relating to education, financial, criminal or employment history of a person, identifying numbers such as identity or passport number, tax identification numbers or tax, reference numbers, email address, physical address and telephone number.
2.2 We undertake to comply with POPIA at all relevant times and to process your PI lawfully and reasonably, so as not to infringe unnecessarily on your privacy.
2.3 We undertake to process your PI only for the purpose for which it is intended, to enable us to conduct our business, affairs and activities, as may inter alia be contractually determined.
2.4 Whenever necessary, we shall obtain the voluntary, specific and informed consent as defined in POPIA (“Consent”) from you to process your PI.
2.5 Where we do not expressly seek your Consent, the processing of your PI may be done in terms of another legitimate ground, such as a legal obligation placed on us, to protect a legitimate interest that requires protection, done solely for permitted journalistic/literary expression, or be permitted under a Code of Conduct that we ascribe to.
2.6 We shall stop processing your PI as soon as the required Consent to do so is withdrawn by you or if a legitimate objection thereto is raised by the you.
2.7 We shall collect PI directly from the you, unless: the PI is of public record, you have Consented to the collection your PI from an Affiliate of the Organisation, the PI to be collected is necessary for the maintenance of law and order or national security, the PI is being collected to comply with a legal obligation, including an obligation to SARS, the PI collected is required for the conduct of proceedings in any court or tribunal, where these proceedings have commenced or are reasonably contemplated, or the PI is required to maintain our legitimate interests.
2.8 We shall retain records of your PI that we have collected for the minimum period as required by law unless you have given your Consent or instructed us to retain the records for a longer period.
2.9 We shall destroy or delete records of your PI (so as to de-identify your PI) as soon as reasonably possible after the time period for which we are entitled to hold the records, has expired or you withdraw your Consent.
2.10 We undertake to ensure that your PI which we collect, and processes is complete, accurate, not misleading and up to date.
2.11 Where relevant, we undertake to take special care with your bank account details and are not entitled to obtain or disclose or procure the disclosure of such banking details unless it has your specific Consent or is legally obliged to disclose it.
3. YOUR RIGHTS
3.1 In cases where your Consent is required to process your PI, this Consent may be withdrawn by you (otherwise than where there is an existing obligation to process it, e.g. under a contractual relationship).
3.2 You are entitled to lodge a complaint regarding our application of POPIA to your PI with the Information Regulator (“IR”).
3.3 The prescribed forms for the exercise of these rights are attached to the 2018 regulations passed in terms of POPIA (“Regulations”) and can be obtained from our duly appointed Information Officer (“IO”).
4. REQUESTS FOR PI RECORDS
4.1 On production of proof of identity, you are entitled to request that we confirm, free of charge, whether or not we hold any PI relating to you in our records.
4.2 If we indeed holds such PI, on request, and upon payment of a fee of R500,00 plus VAT, we shall provide you with the record, or a description of the PI, including information about the identity of all third parties or categories of third parties who have or have had access to the PI. We shall do this within a reasonable period of time, in a reasonable manner and in an understandable form.
5. CORRECTION OF PI
5.1 You are entitled to require us to correct or delete PI that we have, which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or which has been obtained unlawfully.
5.2 You are also entitled to require us to destroy or delete records of your PI that we are no longer authorised to retain.
5.3 Any such request must be made on the prescribed form (Form 2 of the Regulations), obtainable from our IO.
5.4 We undertake, upon receipt of such a lawful request, to comply as soon as reasonably practicable.
5.5 In the event that a dispute arises regarding your rights to have your PI corrected, and in the event that you so require, we shall attach to your PI, in a way that it will always be read with your PI, an indication that the correction of your PI has been requested but has not been made.
5.6 We shall notify you of the action that we have taken as a result of such request.
6. SPECIAL PI
6.1 Special rules apply to the collection and use of PI relating to a person’s religious or philosophical beliefs, their race or ethnic origin, their trade union membership, their political persuasion, their health or sex life, their biometric information, or their criminal behaviour.
6.2 We shall not process any of your special PI as defined in POPIA (“Special PI”), without your Consent, or such processing is necessary for the establishment, exercise or defence of a right or an obligation in law.
7. THE PROCESSING OF PI OF CHILDREN
We may only process the PI of a child if we have the written Consent of the child’s parent or legal guardian.
8. PI SECURITY BREACHES
Should it appear that your PI has been accessed or acquired by an unauthorised person, we shall as soon as reasonably possible, notify the IR and yourself, unless we are no longer able to identify you from the information in our possession.
9. INFORMATION OFFICER
Should you have any questions or wish to lay any complaint in regard the processing of your PI you may contact our IO.
10. DIRECT MARKETING
10.1 We may contact you from time to time to inform you of our additional services or products.
10.2 We may also provide you with newsletters and promotions as part of our value-added client experience.
10.3 We may share your PI with our Affiliates (subject to applicable law and our indicated marketing preferences) so that they may offer you their products and services.
10.4 You may at any time object to us processing your PI for marketing purposes. You can unsubscribe from direct marketing by following the steps set out in the direct marketing material you received or by contacting us.
10.5 All direct marketing communications will disclose our identity and contain an address or other contact details to which you may send a request that such communications cease.
11. PRESCRIBED FORMS AND DETAILS OF THE INFORMATION REGULATOR
11.1 The prescribed Forms in terms of POPIA are available on the website of the Information Regulator: https://www.justice.gov.za/inforeg/docs.html
11.2 The contact details of the Information Regulator are as follows:
12.1.1 Physical Address: JD House, 27 Stiemens St, Braamfontein, Johannesburg 2001;
12.1.2 Postal Address: PO BOX 31533, Braamfontein, Johannesburg 2017;
12.1.3 Complaints email: complaints.IR@justice.gov.za;
12.1.4 General enquiries email: firstname.lastname@example.org;
12.1.5 Website address: https://www.justice.gov.za/inforeg/index.html
12.2 Data Collection Devices, such as Cookies: In some instances, The Organisation may collect non-personal data through cookies and web logs and other monitoring technologies.
13. UPDATES TO THIS PRIVACY STATEMENT
This privacy statement is dated as of 1 July 2021. We may update the privacy statement from time to time. Please check our website on a regular basis.