EXTERNAL DATA PRIVACY AND SECURITY POLICY
FIRST TECHNOLOGY INVESTMENTS (PTY) LTD AND ITS AFFILIATES
In accordance with
PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
Copyright © First Technology Investments (Pty) Ltd. All rights reserved.
Copyright in the whole and every part of this document belongs to First Technology Investments (Pty) Ltd (the "Owner") and it may not be used, sold, transferred, copied or reproduced in whole or in part in any manner or form or in or on any media to any person other than to an intended recipient, without the prior written consent of the Owner.
Group Legal Department
External Data Privacy and Security Policy - Revision 6 Effective Date: July 2021
This document (including but not limited to any manuals, policies, procedures, forms, and other documents) (“Policy”) applies to all Affiliates of First Technology Investments (Pty) Ltd (“Company”, “we”, “us” or “our”). Reference to “Company”, “we”, “us” or “our” in this Policy means each Affiliate as applicable.
“Affiliate(s)” means, in relation to First Technology Investments (Pty) Ltd, a subsidiary of this entity, or any division or operating branch of each subsidiary of this entity and all of its subsidiaries. Including but not limited to:
BUI Medical and Technology Suppliers (Pty) Ltd
BUI Security Services (Pty) Ltd
CHM Vuwani Computer Solutions (Pty) Ltd
CHM Vuwani Computer Solutions (KZN) (Pty) Ltd
CHM Vuwani Computer Solutions (Eastern Cape) (Pty) Ltd
Comptronics (Pty) Ltd
First Horizon Technology (Pty) Ltd
First Technology National (Pty) Ltd
First Technology Western Cape (Pty) Ltd
First Technology KwaZulu Natal (Pty) Ltd
First Technology (Central) (Pty) Ltd
First Technology (Pty) Ltd
First Technology Digital (Pty) Ltd
First Technology MPS (Pty) Ltd
First Technology (Audio) (Pty) Ltd
First Technology IT Suppliers (Pty) Ltd
First Technology Security (Pty) Ltd
First Retail (Pty) Ltd
FirstNet Technology Services (Pty) Ltd
EVAR Technology (Pty) Ltd
Galdon Data Computer Services (Pty) Ltd
Galdon Data Services (Pty) Ltd
Marketplace Solutions (Pty) Ltd
Phoenix Distribution (Pty) Ltd
Pylot (Pty) Ltd
The CRM Team (Pty) Ltd
Techsonic (Pty) Ltd
This list is subject to amendment at the sole discretion of the First Technology Investments (Pty) Ltd and will include all Affiliates whether listed or not.
1 "consent" means the voluntary, specific and informed consent, which you in your capacity as Data Subject, may give to us, under certain circumstances, to process your Personal Information for a specified purpose;
2 "Data Subject" means you, the natural/juristic person to whom the Personal Information we process relates;
3 "Operator" is any person who processes your Personal Information on our behalf in terms of a contract or mandate, without coming under our direct authority.
4 "Personal Information" means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:
In the case of an Individual, this may include, but is not limited to:
Name, address, contact details, date and place of birth, ID/passport number, bank details, employment details, tax number and financial information and history;
Vehicle registration and driving-related details;
Information about your next of kin and or dependants;
Information relating to your education or employment history;
Browsing information/history and technical information; and
Special Personal Information including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition.
In the case of a juristic person, this may include, but is not limited to:
Name, address, contact details, registration details, financial and related history, B-BBEE status, registered address, description of operations, bank details, details about your employees, business partners, customers, tax number, VAT number and other financial information.
5 "process" or “processing” means any operation or activity, automatic or otherwise, concerning Personal Information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information.
6 “purpose” means the reason for which your Personal Information needs to be processed by us;
7 "Responsible Party” means us, the person who is processing your Personal Information.
2.1 We respect your privacy and take the protection of Personal Information very seriously. We strive to deliver excellent service every time you engage with us, and to do this, we need to use some of your
Personal Information. This Policy describes how we handle and process the Personal Information we collect about you and/or receive from you. By engaging with us and/or providing us with Personal Information, you agree to the processing of your Personal Information as set out in this Policy
2.2 We, in our capacity as a Responsible Party, will have to process your Personal Information in order to engage with you, and in doing so, are required to comply with POPIA, which regulates and controls the processing Personal Information of a natural or juristic person in South Africa (also referred to as the “Data Subject”), which processing includes the collection, use, and transfer of a Data Subject’s Personal Information.
2.3 In terms of POPIA, Personal Information must be processed in a lawful, legitimate and responsible manner.
2.4 In order to comply with POPIA, a Responsible Party who processes a Data Subject’s Personal Information must:
2.4.1 Provide the Data Subject with details pertaining to the processing of the Personal Information; and
2.4.2 Get permission or consent, explicitly or implied, from the Data Subject, in order to process the Personal Information, subject to certain exclusions, such as:
a. In fulfilment of a contractual or legal obligation;
b. For a legitimate purpose or as is necessary to protect the legitimate interest(s) and/or for pursuing the legitimate interests of i) the Data Subject; ii) the person processing the Personal Information ; or iii) that of a third party to whom the Personal Information is supplied; or
c. Is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.
2.5 We are committed to ensuring that at all times we comply with the 8 conditions for lawful processing of Personal Information, and as such we ensure that at all times Personal Information is:
2.5.1 processed fairly and lawfully, in accordance with legal standards applicable to such Personal Information;
2.5.2 obtained only for specific lawful purposes;
2.5.3 adequate, relevant and not excessive;
2.5.4 accurate, and kept up to date;
2.5. 5 held for no longer than necessary for the purpose it was obtained for;
2.5.6 processed in accordance with the rights of the Data Subject;
2.5.7 is protected in appropriate ways, methodologies and procedures and according to suitable methods, both organisationally and technologically;
2.5.8 is not disclosed or transferred or exported illegally, or in breach of any agreement with you.
3.1 This Policy applies to any natural/juristic persons who directly or indirectly shares Personal Information us, and/or (where applicable) with whom we share Personal Information.
4. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION
4.1 Your Personal Information will be processed by us for the following purposes:
4.1.1 Due diligence/legitimate purpose: to carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials/information.
4.1.2 Contract purposes/assessment and conclusion of a contract: to investigate and determine whether we are able or willing to conclude a contract with you based on the findings of any abovementioned due diligence, and, if appropriate, to conclude a contract with you.
4.1.3 To process transactions and render/provide/receive goods and services, or for the conclusion of a contract/s: to perform under any contract which has been concluded with you, including any action reasonable, necessary or incidental to fulfilling any contractual obligations, or exercising any contractual rights.
4.1.4 Attending to administrative and financial matters pertaining to any transaction: to administer accounts or profiles related to you or your organization, including but not limited to registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general.
4.1.5 Communications: to make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.
4.1.6 Risk assessment and anti-bribery and corruption matters: to carry out vendor, organizational and enterprise-wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with all applicable laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons, and/or to exercise our rights and to protect our and others’ rights and/or property.
4.1.7 Legal obligations, litigation, insurance and public duties: to comply with the law and our legal obligations, including the requirements to register with Regulators, obtain and hold permits and certificates, register for, or verify details relating to, VAT, Tax, PAYE, SDL, COIDA and UIF, customs and excise etc, to submit legal or statutory reports or provide various regulatory or statutory notices or returns, to litigate and/or to pursue or defend legal claims or collections, to attend to insurance claims and related procedures, to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority.
4.1.8 Operational issues – compliance with laws and manage contracts: to communicate, enforce and ensure that compliance with any applicable laws, contracts or policies, including in relation to legal obligations, claims or actions or legal requirements and conducting investigations and incident responses, including reviewing your communications in these situations in accordance with any applicable laws, contracts or policies.
4.1.9 Travel: to facilitate business travel, travel-related support including conference attendance, bookings and emergency support services.
4.1.10 B-BBEE – legal compliance with laws: to comply with B-BBEE and to monitor or report B-BBEE requirements, opportunities and related diversity issues, including using your details in B-BBEE reports and score cards.
4.1.11 Security purposes: to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.
4.1.12Internal research and development purposes: to conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.
4.1.13 Sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings): to proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings).
4.1.14 Marketing and electronic communications related thereto: To provide you with communications regarding us, our goods and services and or other notifications, programs, events, reminders, or updates that might be applicable to you or that you register or ask for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.
4.1.15 Events, advertising and public relations materials and publications: for the purposes of making contact with you and or attending to your enquiries and requests in relation to our advertising and public relations materials and publications and or events and functions and for providing you from time to time with information pertaining to the us, or our subsidiary businesses’ advertising and public relations materials and publications, and or events and functions and to invite you to attend functions and events or our request for your appearance in advertising and public relation materials and publications.
5. PERSONAL/OTHER INFORMATION WE COLLECT FROM YOU
5.1. In order to engage and/or interact with you, for the purposes described above, we will have to process certain types of your Personal Information, including but not limited to:
5.1.1 Your or your employer or organization’s contact information, such as name, alias, address, identity number, passport number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and/or lawful reasons.
5.1.2 Specific identifiers, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or financial and credit history.
5.1.3 Account Information, including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and/or in order to provide you with goods and/or services.
5.1.4 User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and/or in order to provide you with goods and/or services or attend to queries.
5.1.5 Device and Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you with goods and/or services or attend to queries or to ensure that security safeguards are in place.
5.1.6 Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and/or in order to provide you with goods and/or services or attend to queries or to ensure that security safeguards are in place.
5.1.7 Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and/or in order to provide you with goods and/or services or attend to queries or to ensure that security safeguards are in place.
5.1.8 Financial Information, such as billing address, credit card information, billing contact details, and similar data., tax numbers and VAT numbers, which are required to perform contractual matters and/or in order to provide you with goods and/or services or attend to queries or to ensure that security safeguards are in place and/or which are required to comply with laws and pubic duties.
5.1.9 Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, status as a veteran, nationality and immigration status, demographic data, disability- related information, application information, professional
licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters, or which are required to comply with laws and public duties;
5.1.10 Social Media and Online Content, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and/or in order to provide you with goods and/or services or attend to queries and generally for the purposes of advertising, marketing and related communications.
6. SOURCES OF INFORMATION: HOW AND WHERE WE COLLECT YOUR PERSONAL INFORMATION
6.1 Depending on your requirements, we will collect and obtain Personal Information about you either directly from you, from certain third parties (such as your employer or regulators), or from other sources which are described below:
6.1.1 Direct collection: you provide Personal Information to us when you, for example:
a. Use our websites, applications, mobile applications, or social media portals or platforms.
b. Interact/engage with us, or otherwise contact/attempt to contact us.
c. Enquire about, or search for our goods or services.
d. Create or maintain a profile or account with us.
e. When you submit a request for quotation or tender or when you conclude a contract with us.
f. Purchase or subscribe to our goods or services.
g. Use our goods or services.
h. Purchase, use, or otherwise interact with content, products, or services from third party providers who we have a relationship with.
i. Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms.
j. Register for or attend one of our marketing or other events, functions, meetings, consultations, or locations.
k. Request or sign up for information, including marketing material.
l. Communicate with us by phone, email, chat, in person, or otherwise.
m. Complete a questionnaire, survey, support ticket, or other information request form.
n. Express an interest in a bursary or sponsorship.
6.1.2 Automatic collection: we collect your Personal Information automatically from you when you:
a. Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms.
b. Use our goods or services (including through a device).
c. Access, use, or download content from us.
d. Open emails or click on links in emails or advertisements from us.
e. Otherwise interact or communicate with us (such as when you attend one of our events, functions or locations, when you request support or send us information, or when you mention or post to our social media accounts).
6.1.3 Collection from third parties: we collect your Personal Information from third parties, such as:
a. Your organization and others with whom you have a relationship with that provide or publish Personal Information related to you, such as from our customers or from others when they create, post, or submit user content that may include your Personal Information.
b. Regulators, professional or industry organizations and certification / licensure agencies that provide or publish Personal Information related to you.
c. Third parties and affiliates who deal with or interact with us or you.
d. Service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services or to enhance your experience.
e. Marketing, sales generation, and recruiting business partners.
f. SAPS, Home Affairs, Credit bureaus and other similar agencies.
g. Government agencies, regulators and others who release or publish public records.
6.2. Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.
7. HOW WE SHARE INFORMATION
7.1 We share Personal Information for the purposes set out in this Policy and with the following categories of recipients:
7.1.1 Us, our employees and our affiliates: we may share your Personal Information amongst our employees and affiliates for business and operational purposes. Our employees and affiliates will process your Personal Information in accordance with this Policy and our Internal Data Privacy and Security Policy, a copy of which can be provided on written request.
7.1.2 Your Organization and Contacts: we may share your Personal Information with your organization and others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provides you with access to our goods or services and who pay us in connection with such access. We may also share your Personal Information with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s).
7.1.3 Business Partners: we may share your Personal Information and requests with our business partners to jointly offer, provide, deliver, analyze, administer, improve, and personalize products or services.
7.1.4 Third Party Service Providers: we may share your Personal Information and requests with our third party service providers to perform tasks on our behalf and which are related to our relationship with you, including but not limited to financial, management and general operational or organisational service providers, and to assist us in offering, providing, delivering, analyzing, administering, improving, and personalizing such services or products; as well as those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behaviour, and other products or services. These third party service providers may also collect Personal Information about or from you in performing their services and/or functions in relation to our Services.
7.1.5 Trade References: we may share your information for the purposes of listing you as a trade reference with an actual/potential customer or for providing trade references to your potential suppliers.
7.1.6 Advertisers: we may share your Personal Information with third parties that we engage for advertising services, to deliver advertising, and to assist us in advertising our brand and products and services. Those advertising services may also target advertisements on third party websites based on cookies or other information.
7.1. 7 Users: we may aggregate information from any publicly-available records/information, such as phone books, social networks, marketing surveys, business websites, reviews, and comments, for our business, operational, research, statistic, advertising, marketing, or general purposes.
7.1.8 In the Event of Merger, Sale, or Change of Control: your Personal Information may be transferred to a third party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of ownership/control (such as the result of a bankruptcy proceeding).
7.1.9 Regulators and law enforcement agencies: we may share your Personal Information in order to comply with any applicable law or regulation, to comply with or respond to a legal process, or upon request from law enforcement or government.
7.1.10 Other Disclosures: we may disclose your Personal Information to third parties if we reasonably believe that disclosure of such information is helpful to enforce/reasonably in pursuit of enforcing our terms and conditions or other rights, such as to detect, prevent, or address fraud or security issues, violations of our rights, or to protect against harm to our rights, property, or safety, our employees, affiliates, business associates, any users, or the public.
8. SECURITY OF INFORMATION
8.1 The security of your Personal Information is important to us. We secure the integrity and confidentiality of your Personal Information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of Personal Information; and unlawful access to or processing of Personal Information.
8.2 The physical security of your Personal Information is managed by the implementation of practical physical safeguards, such as accessed controlled premises, and ensuring sensitive documents are stored in locked cabinets.
8.3 Our employees that may have access to Personal Information receive structured training on how to deal with that Personal Information in a way that complies with our contractual and legal obligations, and internal controls help to ensure that these rules and laws are adhered to.
8.4 In order to implement and maintain such measures, we have put in place policies, controls and related processes, which are reviewed, assessed and updated on a regular basis. Our policies, controls and procedures include the following:
8.4.1 physical, technical and network security.
8.4.2 access controls and monitoring of access.
8.4.3 secure storage, destruction and encryption of records of Personal Information.
8.4.4 Personal Information breach reporting and remediation.
8.5.5 by way of written agreements, imposition of security and confidentiality obligations on third parties (based within or outside the borders of South Africa) who process Personal Information as part of rendering services to us or (where applicable) you.
8.5 Your Personal Information may also be stored electronically and/or in a hard copy format, and will be accessible to persons employed or contracted by us, as is reasonably necessary for operational and business-related reasons.
8.6 Once your Personal Information is no longer required due to the fact that the purpose for which the Personal Information was held has come to an end, such Personal Information will be retained for a duration of time which ensures compliance with the following requirements:
8.6.1 Adhere to the terms and conditions of this Policy;
8.6.2 Fulfil the purposes described in this Policy, and our general business-related purposes;
8.6.3 Conduct business/engage with existing/potential customers in relation to business or potential future business or the solicitation thereof;
8.6.4 Meet the timelines determined or recommended by regulators, professional bodies, or associations;
8.6.5 Comply with legal and contractual obligations; and
8.6.6 Comply with your requests.
8.7 Please note that no method of transmission over the Internet or electronic/physical storage is 100% secure. Although we strive to use commercially accepted measures and standards to protect Personal Information, we cannot guarantee its absolute security, and cannot accept liability therefor, however we do at all times ensure that we have adequate security measures in place across all our IT systems and that such IT systems are maintained. Specific details of our security measurescan be provided on request by emailing us on email@example.com. Kindly make the subject line, “POPIA Request: Details of IT Security Measures”.
9. ACCESS BY OTHERS AND CROSS-BORDER TRANSFER
9.1 We may disclose your Personal Information to other parties, including our holding company or subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and/or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be in terms of an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with conditions relating to confidentiality, data security, and privacy law.
9.2 Where Personal Information and related data is transferred to a country which is situated outside of the Republic of South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with conditions relating to confidentiality, data security, and South African privacy law.
10. YOUR RIGHTS
10.1 As a Data Subject, you have certain rights, such as:
10.1.1 The right of access: you may ask us, free of charge, to confirm that we hold your Personal Information, or ask us to provide you with details, at a fee, of how we have processed your Personal Information, which can be done by emailing us on firstname.lastname@example.org. Kindly make the subject line, “POPIA Request: Access to Information”.
10.1.2 The right to rectification: you have the right to ask us to update or rectify any inaccurate Personal Information, which can be done by emailing us on email@example.com. Kindly make the subject line, “POPIA Request: Rectification of Info”.
10.1.3 The right to have your Personal Information deleted: where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period has expired, you may request that we delete the Personal Information, which can be done by emailing us on firstname.lastname@example.org. Kindly make the subject line, “POPIA Request: Deletion of Info”.
10.1.4 The right to object to and restrict further processing: where we do not need your consent to process your Personal Information, but you are not in agreement with such processing, you can object to us processing such Personal Information, which can be done by emailing us on email@example.com. Kindly make the subject line, “POPIA Request: Objection to Processing Info”.
10.1.5 The right to withdraw consent: you have the right to withdraw your consent, which can be done by emailing us on firstname.lastname@example.org. Kindly make the subject line, “POPIA Request: Withdrawal of Consent”.
10.1.6 The right to data portability: should you want your Personal Information to be transferred to another party, you can request same by emailing us on email@example.com. Kindly make the subject line, “POPIA Request: Port Info”.
10.2 You also have the right to request us not to contact you for purposes of direct marketing by any form of electronic communication such as automatic calling machines, email and/or SMS notifications by “opting-out” of any direct marketing communications we may send to you.
11. CHANGES TO THIS POLICY
11.1 As we, societal/industry needs and standards, and the law changes over time, we expect this Policy to change as well. We reserve the right to amend the Policy at any time, for any reason, either with notice to you, alternatively, by posting of the updated Policy on our Website, and in this regard encourage you to visit our Site frequently in order to keep abreast with any changes. A copy of the updated Policy may also be requested at any time by emailing firstname.lastname@example.org. Kindly make the subject line, “POPIA Request: Updated Policy Document”.
12. CONTACT US
12.1 Any comments, questions or suggestions about this Policy or our handling of your Personal Information should be emailed to us at email@example.com. Please make the subject line, “POPIA Request: General Query”.
12.1.1 Please note that any comments/questions/complaints received may be re-directed to the appointed Information Officer of the particular Group entity, Company, affiliate, subsidiary or other party to which the matter may relate and/or in an attempt to accurately, efficiently, and/or timeously respond to it.
12.2 Alternatively, you can contact us telephonically on 0117904400 and ask for the Legal Department.
12.2.1 Our telephone switchboard is open 08:00am – 17:00pm on South African Business Days. If you call within these times, our switchboard team will either direct you to the appropriate person or take a message and ensure the appropriate person responds as soon as is reasonably possible.
13. PROCESSING PERSONAL INFORMATION OF ANOTHER
13.1 If you process another’s Personal Information on our behalf, or which we provide to you in order to perform your contractual or legal obligations or to protect any legitimate interest, you will keep such information confidential and will not, unless authorised to do so by written contract between us, or mandated to do so by application of law, process, publish, share, disseminate, make accessible, store, modify, delete, destroy, merge, link, or use in any other way. Subject to this requirement, you further agree to process such Personal Information only in the course and scope of your services/duties, and only for the purpose for which the information has been received and granted to you and in accordance with this Policy.
13.2 You agree that where you act as an Operator on our behalf (as envisioned above) you will be be required to sign an Operator Agreement with us.
14.1 Should you make a complaint, please feel free to contact us on firstname.lastname@example.org. Please make the
subject line, “POPIA Request: Complaint”.
14.2 Should you feel unsatisfied with our processing of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at www.justice.gov.za/inforeg.
15.1By providing us with any Personal Information as provided for under this Policy:
15.1.1 You acknowledge that you understand that your Personal Information has to be processed, and why.
15.1.2 You accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross-border, the terms contained in this Policy, and the terms contained in our Privacy Statement, accessible on our Website, which must be read as an extension to and part of this Policy. A copy of the updated Privacy Statement may also be requested at any time by emailing email@example.com. Kindly make the subject line, “POPIA Request: Updated Privacy Statement”.
a. Where consent is required for any processing as per the terms and conditions/requirements contained in these sources, you agree that we may process this particular Personal Information.
15.1.3 You confirm that you have shared this Policy and/or its terms and conditions with your employees, contractors and subcontractors and have received from them the required consent in order for you to provide us with their respective Personal Information for processing as provided for and described under this Policy, and where consent is required for any processing as reflected in this Policy, such persons have agreed that we may process their particular Personal Information.
15.2 The rights and obligations of the parties under this Policy will be binding on, and will be of benefit to, each of the parties successors in title and or assigns where applicable.
15.3 Furthermore, should any of the Personal Information concern or pertain to a natural/juristic person whom you represent, you confirm that you have the necessary authority to act on behalf of such person and that you have the required permissions required for the processing of that person’s Personal Information.