Privacy Policy

Website Privacy and Data Protection Policy

1. BACKGROUND

1.1 This privacy and data protection policy (“DP Policy”) sets out a framework for us to comply with POPIA’s requirements in the processing of your personal Information (“PI”).

1.2 Where reference is made to the “processing” of PI, this has the meaning ascribed thereto in POPIA and will include any activity in which the PI is worked with, from the time that the PI is collected, up to the time that the PI is destroyed.

1.3 By accessing our website and using any of our services through it, you agree that we may process your PI as explained in this DP Policy.

2. PROCESSING OF PI

2.1 Depending on the type of business we conduct with you or the relationship you have with  us, we may process your PI, including the following: name, race (for employment purposes  or as otherwise required by applicable law), gender, marital status, nationality, age,  language preference, date of birth, information relating to education, financial, criminal or  employment history of a person, identifying numbers such as identity or passport number,  tax identification numbers or tax, reference numbers, email address, physical address and  telephone number.

2.2 We undertake to comply with POPIA at all relevant times and to process your PI lawfully  and reasonably, so as not to infringe unnecessarily on your privacy.  

2.3 We undertake to process your PI only for the purpose for which it is intended, to enable  us to conduct our business, affairs and activities, as may inter alia be contractually  determined.  

2.4 Whenever necessary, we shall obtain the voluntary, specific and informed consent as  defined in POPIA (“Consent”) from you to process your PI.  

2.5 Where we do not expressly seek your Consent, the processing of your PI may be done in  terms of another legitimate ground, such as a legal obligation placed on us, to protect a  legitimate interest that requires protection, done solely for permitted journalistic/literary  expression, or be permitted under a Code of Conduct that we ascribe to.  

2.6 We shall stop processing your PI as soon as the required Consent to do so is withdrawn  by you or if a legitimate objection thereto is raised by the you. 

2.7 We shall collect PI directly from the you, unless: the PI is of public record, you have  Consented to the collection your PI from an Affiliate of the Organisation, the PI to be  collected is necessary for the maintenance of law and order or national security, the PI is  being collected to comply with a legal obligation, including an obligation to SARS, the PI  collected is required for the conduct of proceedings in any court or tribunal, where these  proceedings have commenced or are reasonably contemplated, or the PI is required to  maintain our legitimate interests.  

2.8 We shall retain records of your PI that we have collected for the minimum period as  required by law unless you have given your Consent or instructed us to retain the records  for a longer period. 

2.9 We shall destroy or delete records of your PI (so as to de-identify your PI) as soon as  reasonably possible after the time period for which we are entitled to hold the records,  has expired or you withdraw your Consent.  

2.10 We undertake to ensure that your PI which we collect, and processes is complete,  accurate, not misleading and up to date. 

2.11 Where relevant, we undertake to take special care with your bank account details and are  not entitled to obtain or disclose or procure the disclosure of such banking details unless  it has your specific Consent or is legally obliged to disclose it. 

3. YOUR RIGHTS

3.1 In cases where your Consent is required to process your PI, this Consent may be  withdrawn by you (otherwise than where there is an existing obligation to process it, e.g. under a contractual relationship).  

3.2 You are entitled to lodge a complaint regarding our application of POPIA to your PI with  the Information Regulator (“IR”).  

3.3 The prescribed forms for the exercise of these rights are attached to the 2018 regulations  passed in terms of POPIA (“Regulations”) and can be obtained from our duly appointed  Information Officer (“IO”).  

4. REQUESTS FOR PI RECORDS

4.1 On production of proof of identity, you are entitled to request that we confirm, free of  charge, whether or not we hold any PI relating to you in our records.  

4.2 If we indeed holds such PI, on request, and upon payment of a fee of R500,00 plus VAT,  we shall provide you with the record, or a description of the PI, including information about  the identity of all third parties or categories of third parties who have or have had access  to the PI. We shall do this within a reasonable period of time, in a reasonable manner and  in an understandable form. 

5. CORRECTION OF PI

5.1 You are entitled to require us to correct or delete PI that we have, which is inaccurate,  irrelevant, excessive, out of date, incomplete, misleading, or which has been obtained  unlawfully.  

5.2 You are also entitled to require us to destroy or delete records of your PI that we are no  longer authorised to retain.  

5.3 Any such request must be made on the prescribed form (Form 2 of the Regulations),  obtainable from our IO.  

5.4 We undertake, upon receipt of such a lawful request, to comply as soon as reasonably  practicable.

5.5 In the event that a dispute arises regarding your rights to have your PI corrected, and in  the event that you so require, we shall attach to your PI, in a way that it will always be read  with your PI, an indication that the correction of your PI has been requested but has not  been made.  

5.6 We shall notify you of the action that we have taken as a result of such request.

6. SPECIAL PI

6.1 Special rules apply to the collection and use of PI relating to a person’s religious or  philosophical beliefs, their race or ethnic origin, their trade union membership, their  political persuasion, their health or sex life, their biometric information, or their criminal  behaviour.  

6.2 We shall not process any of your special PI as defined in POPIA (“Special PI”), without  your Consent, or such processing is necessary for the establishment, exercise or defence  of a right or an obligation in law.

7. THE PROCESSING OF PI OF CHILDREN

We may only process the PI of a child if we have the written Consent of the child’s parent  or legal guardian.  

8. PI SECURITY BREACHES

Should it appear that your PI has been accessed or acquired by an unauthorised person,  we shall as soon as reasonably possible, notify the IR and yourself, unless we are no longer  able to identify you from the information in our possession.  

9. INFORMATION OFFICER

Should you have any questions or wish to lay any complaint in regard the processing of  your PI you may contact our IO.  

10. DIRECT MARKETING

10.1 We may contact you from time to time to inform you of our additional services or products. 

10.2 We may also provide you with newsletters and promotions as part of our value-added  client experience. 

10.3 We may share your PI with our Affiliates (subject to applicable law and our indicated  marketing preferences) so that they may offer you their products and services. 

10.4 You may at any time object to us processing your PI for marketing purposes. You can  unsubscribe from direct marketing by following the steps set out in the direct marketing  material you received or by contacting us. 

10.5 All direct marketing communications will disclose our identity and contain an address or  other contact details to which you may send a request that such communications cease.

11. PRESCRIBED FORMS AND DETAILS OF THE INFORMATION REGULATOR

11.1 The prescribed Forms in terms of POPIA are available on the website of the Information  Regulator: https://www.justice.gov.za/inforeg/docs.html 

11.2 The contact details of the Information Regulator are as follows:  

12.1.1 Physical Address: JD House, 27 Stiemens St, Braamfontein, Johannesburg  2001; 

12.1.2 Postal Address: PO BOX 31533, Braamfontein, Johannesburg 2017;

12.1.3 Complaints email: complaints.IR@justice.gov.za;  

12.1.4 General enquiries email: inforeg@justice.gov.za;  

12.1.5 Website address: https://www.justice.gov.za/inforeg/index.html    

12. COOKIES

12.1 “Cookies” are small pieces of information that are stored by your browser on your  computer’s hard drive. We use cookies on certain pages of our website to, among other  things, analyse our web page flow, measure promotional effectiveness, deliver you a more  customized shopping experience, track visits from our affiliates and partners and allow  the use of our shopping cart (if applicable). We shall not use cookies to store or collect  any PI. You are always free to decline our cookies if your browser permits, although by  declining the use of cookies you may not be able to use certain features on our website. 

12.2 Data Collection Devices, such as Cookies: In some instances, The Organisation may  collect non-personal data through cookies and web logs and other monitoring  technologies.

13. UPDATES TO THIS PRIVACY STATEMENT

This privacy statement is dated as of 1 July 2021. We may update the privacy statement  from time to time. Please check our website on a regular basis.