This policy details how we collect, store, protect and use personal information – that is information that can be used to identify an individual or a company (juristic person) – in connection with the services we may offer through our website (referred to as the “Site”) and through your dealings with us (referred to as the “Services”).
As the Operator or Processor
As the Controller or Responsible Party
What is personal information?
Personal information includes:
certain information that is collected automatically when you visit our website,
certain information collected on engaging our Services;
certain information collected on submission; and
optional information that you provide to us voluntarily.
Additional information captured on the website that does not classify as personal information may also be collected and processed, including but not limited to:
de-identified information that cannot be associated with an individual,
information that is public knowledge, which has been publicly and voluntarily disclosed.
Who is processing your data?
In the case that we are the Data Controller or Responsible Party, then data processing is processed by us, an entity incorporated within the laws of South Africa, registration number [reg], with the following contact details:
What are we processing and why?
There are various ways in which we may process your data. This section details our purposes for processing, our legal basis for the processing, and our storage periods.
In certain cases, we will process your data after obtaining your consent. You are free to withdraw your consent at any time. We may process your data with your consent for the following purposes:
Electronic communications, such as subscribing to our mailing list or by contacting us via a form or email address upon the Site.
Cookies, in order to grant you a personalised experience when dealing with us. You may decline the installation of cookies; however, this may affect the functionality of our website or prevent you from using the Site entirely. If you opt-out of using cookies, we may store a single cookie in order to remember this preference.
For website analytics, storing details such as your IP address, bounce rate, page time, cost per click, most visited pages, and device information. These tracking cookies may be declined at any time.
For promotional campaigns, in which case, additional information may be volunteered by you in order to participate in the promotion or to receive a delivery.
We will process your data when we have to perform a contract; for as long as the contractual relationship is in place, and for all statutory data retention requirements following the end of the relationship. In order to fulfil our obligations to you in terms of the Services you have engaged us for, we will need to process your data.
We may also process your data in terms of legitimate interest, as long as the data being processed is strictly necessary, proportional, and does not infringe on your individual rights to privacy. Processing may take place in terms of the following necessary scenarios:
To monitor and analyse how to improve our Service and/or our Site, as well as to keep the same secure and free from abuse. This may include communications such as surveys or direct electronic communications.
To keep active communications with you while you are our contracted client. Certain communications are necessary during delivery of our Services, and we have a legitimate interest in keeping you informed about our Services.
Where is your data processed?
In some cases, your information may be stored and processed outside of the country or region where it was originally collected in order to complete our obligations to you. In some of these countries, you may have fewer rights in respect of your information than you do in your country of residence.
Our primary region for storing and processing data is South Africa.
We shall enter into written agreements with any sub-processors engaged in the provision of the Services including the safeguards and guarantees required by the General Data Protection Regulation (EU Regulation no. 679\2016, the “GDPR”), particularly in respect of implementing the security measures required in the GDPR. Where necessary, Standard Contractual Clauses (SCCs) may be used.
Who else will have access to your personal information?
When you authorise us to do so, we may also share your data with other companies so that they can process the data for other purposes, as explained in more detail when we request your prior consent. In addition, if you provide consent for the installation of cookies, your data may be processed by third parties. These cookies are subject to the third parties' respective Privacy Policies.
Where necessary and compelled by authorities to do so, we may share your information with law enforcement and competent courts. We may also share your information where we have to take legal action to protect our, or third-party rights.
We will not sell your information. Our contracts dictate that third-party service providers may not use your information for their own benefit or for any services other than those requested by us.
How are we processing your data?
We will only process personal data as a result of the provision of our Services, or in operating our Site. These instructions are included in our standard Terms and Conditions and engagement contracts. Should we have reason to believe that your instructions infringe on data protection regulation, we will inform you promptly.
We will ensure that our employees are subject to confidentiality agreements and any statutory privacy obligations.
In the event that we should change upstream service providers that are involved in providing you with Services, or where we may need to hire additional companies to provide the Services, you have the right to reasonably oppose such an appointment. Such opposition shall be addressed on a case-by-case basis in accordance with the appropriate data protection regulation.
We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. At your request and expense and taking into account the nature of processing and the information available to us, we shall reasonably assist you in compliance with the security obligations set forth by data protection regulation.
A list of our sub-processors (and their respective processing regions) is available on request and is included in our Data Processing Agreements.
What happens in the event of a breach?
In the event of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we shall promptly assess the risk to people’s rights and freedoms and without undue delay report this breach to the appropriate authorities, controllers, responsible parties, and subjects as required by law.
We will cooperate with you and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such data breach.
You have the right to request access to, and rectification or erasure of your personal information. You may also restrict process, or object to processing in accordance with relevant data protection regulation.
In cases where consent was given, you have the right to withdraw consent at any time.
If you do request that your information is deleted, all information will be permanently erased, except for information that we are required to keep by law. You may exercise your rights at any time by lodging a request with our Information Officer at firstname.lastname@example.org.
Updating your information
You may update your information in writing at any time by submitting a support request or sending an email to our Information Officer at email@example.com. Please remember that it is your duty to keep information updated so we can correctly provide you with the Services, and you undertake to verify the information you have handed us from time to time to make sure that it is accurate.
Changes to this policy