Registration Number: 2013/088663/07
This document should be read in conjunction with:
- The Companies Act 71 of 2008
- The Protection of Personal Information Act 4 of 2013
- The Promotion of Access to Information Act 2 of 2000
TABLE OF CONTENTS
- PURPOSE OF THIS POLICY
- THE PERSONAL INFORMATION WE MAY COLLECT
- HOW A DATA SUBJECT’S PERSONAL INFORMATION IS COLLECTED
- HOW AND WHY WE PROCESS A DATA SUBJECT’S PERSONAL INFORMATION
- WHO WE SHARE A DATA SUBJECT’S PERSONAL INFORMATION WITH
- DATA SECURITY
- HOW LONG A DATA SUBJECT’S PERSONAL INFORMATION WILL BE KEPT
- INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
- DATA SUBJECT RIGHTS
- HOW TO CONTACT US
Some of the key terms we use in this Policy are defined below:
“Company” means [dot]GOOD Sponsorship and Marketing (Company Registration no. 2013/088663/07) and “we”, “us” or “our” means the Company.
“Data Subject” has the meaning ascribed thereto under POPIA and, for the purposes of this Policy, means [dot]GOOD’s clients or suppliers, who may be natural or juristic persons, or any other person(s) in respect of whom [dot]GOOD Processes Personal Information.
“[dot]GOOD” is as per the Company definition.
“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, names, designations, symbol, e-mail address, physical or postal addresses, telephone numbers, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
“POPIA” means the Protection of Personal Information Act 4 of 2013, as amended from time to time.
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information.
“Responsible Party” means a public or private body or any other person who alone or in conjunction with others determines the purpose of and means for Processing Personal Information.
1. PURPOSE OF THIS POLICY
- This Policy regulates the use and protection of Personal Information that [dot]GOOD Processes.
- [dot]GOOD is committed to ensuring, to the best of its ability, that Personal Information is handled with care and is Processed in compliance with the Protection of Personal Information Act 4 of 2013.
- The purpose of this Policy is to inform Data Subjects about how and why we collect, collate, store, use, update, share or otherwise Process their Personal Information. It also explains a Data Subject’s rights in relation to their Personal Information and how to contact us if they have a question or complaint.
- Please note that we may update this policy from time to time. The latest version of this policy is available on request.
2. THE PERSONAL INFORMATION WE MAY COLLECT
- We may collect and Process the following Personal Information from Data Subjects:
- names and contact information, including e-mail addresses, telephone numbers, physical addresses, postal addresses and other location information;
- dates of birth, age, gender, race, nationality, title and language preferences;
- identity number and photograph;
- certain biometric information;
- verified banking details;
- medical details;
- employment details; and
- such other Personal Information as is reasonably required by us to engage with Data Subjects so as to provide the services to that we offer.
3. HOW A DATA SUBJECT’S PERSONAL INFORMATION IS COLLECTED
- We may collect or obtain Personal Information on Data Subjects in the following ways:
- directly from the Data Subject;
- during the course of our interactions with the Data Subject;
- when a Data Subject visits our office;
- when a Data Subject visits and/or interacts with our website or any other social media platforms or IT services;
- from publicly available sources;
- from a third party who is authorised to share a Data Subject’s information; and
- via a mobile or other software app developed for [dot]GOOD.
4. HOW AND WHY WE PROCESS A DATA SUBJECT’S PERSONAL INFORMATION
- The Personal Information we collect from Data Subjects and why and how we use and Process it is in accordance with the services which we offer and provide, and in terms of POPIA “is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the Responsible Party”.
- Further, [dot]GOOD will only Process a Data Subject’s Personal Information where:
- the Data Subject, or a competent person where the Data Subject is a child, consents to the Processing;
- Processing is necessary to carry out actions for the conclusion or performance of a contract to which the Data Subject is party;
- Processing complies with an obligation imposed by law on the Responsible Party;
- Processing protects a legitimate interest of the Data Subject;
- Processing is necessary for the proper performance of a public law duty by a public body; or
- Processing is necessary for pursuing the legitimate interests of the Responsible Party or of a third party to whom the information is supplied.
- We may collect other Personal Information from time to time from Data Subjects where it is provided to us, as is necessary to achieve our business requirements, or in order to comply with applicable laws.
5. WHO WE SHARE A DATA SUBJECT’S PERSONAL INFORMATION WITH
- Depending on the circumstances, we may disclose a Data Subject’s Personal Information to the following categories of persons:
- auditors, legal and other professional advisers and consultants of the Company or other third parties who help us deliver our services;
- information technology and other service providers who help us run the Company or otherwise manage or store the Personal Information;
- government and law-enforcement authorities;
- financial institutions;
- other third parties where disclosure is required by law or otherwise required for us to perform our obligations and provide our services; and
- to any other person with your consent to the disclosure.
- We take reasonable steps to protect the confidentiality and security of a Data Subject’s Personal Information when it is disclosed to a third party and seek to ensure that such third party deals with such information in accordance with our instructions and applicable privacy laws, and only for the purpose for which it is disclosed.
6. DATA SECURITY
- We hold a Data Subject’s Personal Information in electronic or in hard copy form. We may keep this information at our own premises.
- We are committed to keeping a Data Subject’s Personal Information safe.
- We use a range of physical, electronic and procedural safeguards to do this. We update these safeguards from time to time in order to address new and emerging security threats. We also train our people on privacy matters and seek to limit access to Personal Information to certain of our people who need to know that information.
- We implement appropriate security measures to protect a Data Subject’s Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure and unauthorised access, in accordance with applicable law.
- Where there are reasonable grounds to believe that a Data Subject’s Personal Information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and the Data Subject, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying a Data Subject will impede a criminal investigation.
7. HOW LONG A DATA SUBJECT’S PERSONAL INFORMATION WILL BE KEPT
- We retain Personal Information we collect from a Data Subject only where we have an ongoing legitimate business need to do so (for example, to provide you with a service) or to comply with applicable legal, tax or accounting requirements.
- We shall only retain and store your Personal Information for the period for which the information is required to serve the purpose for its collection, or a legitimate interest or the period required to comply with applicable legal requirements, whichever is longer.
- In terms of the provisions of the Companies Act 71 of 2008.
8. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
- In some cases, the third parties to whom we may disclose a Data Subject’s Personal Information may be located outside your country of residence (for example, in a cloud service, system or server), and may be subject to different privacy regimes.
- When we disclose Personal Information overseas, we will take appropriate safeguards to protect a Data Subject’s Personal Information to ensure that the recipient will handle the information in a manner consistent with this policy and the level of protection provided for in POPIA.
9. DATA SUBJECT RIGHTS
- Data Subjects have the right to:
- ask what Personal Information we hold about them;
- request access to the Personal Information that we hold about them – this access is dictated by our PAIA Manual, available on our website at www.dotgood.co.za;
- ask us to update, correct or delete any out-of-date or incorrect Personal Information we hold about them;
- unsubscribe from any direct marketing communications we may send them; or
- object to the Processing of their Personal Information.
- If a Data Subject wishes to exercise any of these rights or has any queries regarding the Personal Information that we hold about them, they can contact us at the details provided below.
- To protect the integrity and security of the information we hold, we may ask that Data Subjects follow a defined access procedure, which may include steps to verify their identity.
- If a Data Subject wants us to delete all Personal Information that we have about them, we may need to terminate any agreements or contracts of service we have with them. We can refuse to delete a Data Subject’s information if we are required by law to retain it or if we need it to protect our rights.
10. HOW TO CONTACT US
- If you have a question, concern or complaint regarding the way in which we handle a Data Subject’s Personal Information, or if you believe that we have failed to comply with this policy or breached any applicable laws in relation to the management of that information, you, as a Data Subject, can make a complaint.
- Any question, concern or complaint should be made in writing to: email@example.com
- If you wish to make a request to access your Personal Information in terms of Section 23 of POPIA, please follow the procedure described in our PAIA Manual accessed on our website at http:www.dotgood.co.za
- This Policy was published on 20 August 2021
- We may change this privacy notice from time to time. When we do, we will inform you via e-mail.