What is Personal Information
“Personal information” is as defined in the Protection of Personal Information Act, 4 of 2013 (“POPI“), and “personal data” as per the General Data Protection Regulation 2016/679 (“the GDPR“). Personal information includes any information about a person that can be used to identify a person directly or indirectly. It includes information like a name, an identification number, location information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. POPI includes the personal information of juristic persons in its ambit.
For any comments or queries relating to this policy, please contact our information officer Sonel Pienaar at email@example.com.
The personal information we collect
We collect, amongst others, the following personal information:
- personal details, such as your name, email address or telephone number;
- billing information, such as relevant payment information and VAT registration number; and
- legally required information, which includes any additional information that the law requires from us to verify your identity.
How we collect personal information
- Directly from you if we request it from you.
- We will only collect personal information from third parties where such information is publicly available or for legitimate business purposes.
Use of your personal information
We may use your personal information for any legitimate business purposes relating to our services and/or business activities. Some of the purposes for which we use your personal information include:
- responding to your queries posted on our website or emailed to us;
- onboarding you as a client and verifying your identity (as required by law);
- providing you with our services;
- referring you to other service providers with your consent;
- improving our website and services by analysing certain information collected, including cookies and other related information;
- sending you information (in the form of our newsletter) and inviting you to events; and/or
- complying with our regulatory or other obligations.
Sharing of personal information
We will only share your personal information for purposes of providing services to you or any other legitimate business purpose relating to our business activities, including but not limited to, the protection of our or your rights, complaints, marketing, or enforcing any agreement between us.
Where required for our business operations, we may share your personal information with our service providers. We only share information with service providers after we enter into an agreement with the service provider to regulate the way in which the personal information will be secured.
Where the law requires us to do so, we may also share your personal information with third party service providers, agents, contractors, employees, law enforcement agencies or business affiliates. We will only share your personal information in these instances where it is necessary for us to do so and only to the extent that your personal information is needed for such third parties to perform their services or obligations.
Transborder sharing of information
We may transfer your information cross border for our legitimate business purposes, such as for cloud storage and for our billing practices. All information transfers will comply with the applicable laws.
Security and Storage
We will take all reasonable steps to ensure that your personal information is protected. We protect and manage personal information that we hold about you by using electronic and computer safeguards like firewalls, data encryption, and physical and electronic access control to our buildings. We only authorise access to personal information to those employees who require it to fulfil their designated responsibilities.
We keep personal information for as long as we need to achieve the purpose for which it was collected and any other permitted linked purpose (for example your personal information which is relevant to a transaction may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such information). If personal information is handled for 2 purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period once that period expires.
Personal information is destroyed or irreversibly anonymised when no longer needed or when we are no longer required by law to retain it (whichever is the later). We restrict access to the personal information to those authorised persons who need to use it for the relevant purpose(s).
Links on our website
We may include links to other third party websites which do not fall under our supervision. We cannot accept any responsibility for your privacy or the content of these websites, but we display these links to make it easier for you to find information about specific subjects.
Right to object
You have the right to contact us at any time requesting:
- confirmation that we have your personal information;
- access to the records containing your personal information or a description of the personal information that we hold about you; and
- the identity or categories of third parties who have had, or currently have, access to your personal information.
You also have the right to object to our handling of your personal information on reasonable grounds where our justification for doing so is our or your legitimate interests. When making a request we require adequate proof of identity which will include providing a certified copy of your identity or registration document/s.
If you believe that any personal information that we hold about you is inaccurate, irrelevant, outdated, incomplete or misleading, you may request us to correct it. If you believe that any personal information that we hold about you is excessive or has been unlawfully obtained or that we are no longer authorised to retain the information, you may request that we destroy or delete it. We will consider if the information requires correction, deletion or destruction and if we do not agree that there are grounds for action, you may request that we add a note to the personal information stating that you disagree with it.
Lodging a complaint
If you believe we are using your personal information unlawfully, please let us know first (on firstname.lastname@example.org or 051 444 2256). You may lodge a complaint to the Information Regulator (South Africa) with the following contact details:
- Website: https://www.justice.gov.za/inforeg/index.html.
- Address: SALU Building, 316 Thabo Sehume Street, Pretoria.
- Contact number: 012 406 4818.
- Fax number: 086 500 3351.
- Email: email@example.com.
Children’s personal information and special personal information
We do not intentionally collect or use personal information of children (persons under the age of 18 years), unless with express consent of a parent or guardian or if the law otherwise allows or requires us to process such personal information.
Changes to personal information
We are required to take steps to ensure that the personal information we hold is accurate, complete, relevant, not misleading and up to date. Should your personal information (or the personal information you provide) change, you must inform us and provide us with all changes as soon as reasonably possible to enable us to update the personal information.
We will report any security breach to the Information Regulator and to the individuals or companies involved. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, kindly notify us by sending an email to firstname.lastname@example.org.