EXTERNAL PRIVACY POLICY
1. DEFINITIONS
In this policy, unless the context clearly indicates otherwise:1.1. “applicable laws” means all laws and regulations that the company is required to comply with;
1.2. “company” means SMD Technologies Proprietary Limited, a private company with registration number 2015/107801/07, duly incorporated in accordance with the laws of the RSA and “we” or “us” shall have a corresponding meaning;
1.3. “data subject” means the natural or juristic person to whom personal information relates;
1.4. “PAIA” means the Promotion of Access to Information Act, 2 of 2000 as amended from time to time;
1.5. “personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
1.5.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth;
1.5.2. information relating to the education or the medical, financial, criminal or employment history;
1.5.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular;
1.5.4. biometric information;
1.5.5. personal opinions, views or preferences;
1.5.6. correspondence that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
1.5.7. the views or opinions of another individual about the data subject; and
1.5.8. the name of the data subject if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the data subject;
1.6. “POPIA” means the Protection of Personal Information Act, 4 of 2013, together with any regulations published thereunder;
1.7. “processing” means any activity that involves use of personal information. It includes any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
1.7.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
1.7.2. dissemination by means of transmission, distribution or making available in any other form; or
1.7.3. merging, linking, as well as restriction, degradation, erasure or destruction of Personal Information;
1.8. “record” means any recorded information:
1.8.1. regardless of form or medium, including any of the following:
1.8.1.1. writing on any material;
1.8.1.2. information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
1.8.1.3. label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
1.8.1.4. book, map, plan, graph or drawing;
1.8.1.5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
1.8.2. in the possession or under the control of the company;
1.8.3. whether or not it was created by the company; and
1.8.4. regardless of when it came into existence;
1.9. “special personal information” means personal information concerning the:
1.9.1. religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or biometric information of a data subject; or
1.9.2. the criminal behaviour of a data subject to the extent that such information relates to:
1.9.2.1. the alleged commission by a data subject of any offence; or
1.9.2.2. any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings;
1.10. “policy” means this external privacy policy.
2. PURPOSE OF THIS POLICY
2.1. This policy explains how the company obtains, uses, processes and discloses your personal information and special personal information.
2.2. It is important that you read this policy carefully before submitting any personal information to us.
2.3. By submitting any personal information to us, you provide consent to the processing of your personal information as set out in this policy.
2.4. Please do not submit any personal information to us if you do not agree to any of the provisions of this policy. If you do not consent to the provisions of this policy, or any part of this policy, we may not be able to engage in business transactions with you or consider any job applications from prospective employees.
2.5. We will only use your personal information in accordance with this policy and any applicable laws. The onus is on you to take all necessary and appropriate steps to protect your personal information.
3. INFORMATION WHICH THE COMPANY MAY COLLECT FROM YOU
3.1. We may collect the following information from you:
3.1.1. personal information and special personal information;
3.1.2. records of correspondence;
3.1.3. details of transactions that you carry out with us;
3.1.4. terms and conditions of trade and other legal agreements that you conclude with us;
3.1.5. financial information;
3.1.6. credit bureau information;
3.1.7. sensitive or special categories of personal information, including biometric information;
3.1.8. device and online identifiers and related information;
3.1.9. internet, application and network activity, such as cookies, browser visits and use of our networks;
3.1.10. any records generated by or within the company;
3.1.11. any records and information provided to us by a third party.
3.2. If you provide the company with any personal information of a third party, we assume that you have obtained the necessary consent from the third party. It is your obligation to obtain consent and inform the third party that you need to disclose their personal information to us and that we will process the personal information in accordance with the provisions of this policy.
4. HOW WE COLLECT INFORMATION
4.1. We collect your personal information and special personal information as follows:4.1.1. directly or indirectly from you, including through the use of our websites and other online platforms; and/or
4.1.2. from third parties.
5. PURPOSE OF PROCESSING PERSONAL INFORMATION
5.1. The company processes personal information and special personal information, where applicable, to inter alia:5.1.1. transact and communicate with you;
5.1.2. create and maintain your account;
5.1.3. market our products;
5.1.4. resolve complaints and/or queries;
5.1.5. conduct criminal, employment history, qualification and reference checks on prospective employees;
5.1.6. develop, monitor and improve our systems, processes and service delivery;
5.1.7. comply with regulatory and contractual obligations;
5.1.8. monitor and control access to the company premises.
6. RETENTION OF YOUR INFORMATION
6.1. We may retain your personal information indefinitely, unless you object, in which case we will only retain it if we are permitted or required to do so in terms of any applicable laws. However, as a general rule, we will retain your information in accordance with retention periods set out in the applicable laws, unless we deem it necessary to retain it for longer for a lawful purpose.7. SHARING OF PERSONAL INFORMATION
7.1. We may disclose your personal information to third parties in the following circumstances:
7.1.1. statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data;
7.1.2. any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules;
7.1.3. South African Revenue Services, or another similar authority;
7.1.4. South African Police Services and South African Qualifications Authority;
7.1.5. cloud-based services such as data storage, network, email and security services;
7.1.6. third party organizations providing legal services;
7.1.7. auditing and accounting bodies;
7.1.8. to a prospective purchaser of any of the company, including its business and/or assets;
7.1.9. anyone making a successful application for access in terms of POPIA or PAIA; and
7.1.10. subject to the provisions of POPIA and other relevant legislation, we may share information about your creditworthiness with any credit bureau or credit providers industry association or other association for an industry in which the company operates.
7.2. If you do not consent to the company disclosing any personal information to third parties, please contact us. We may, however, not be able to transact with you if such disclosure is necessary.
8. TRANSBORDER FLOWS OF PERSONAL INFORMATION
8.1. We may need to transfer your personal information to our related parties and service providers in countries outside of the RSA; these countries may not have data-protection laws which are similar to those of the RSA. Where this is done, we will transfer this personal information in accordance with the provisions of POPIA.9. INFORMATION SECURITY MEASURES
9.1. The security and confidentiality of your personal information is important to us. We have implemented reasonable technical, administrative, and physical security measures to protect personal information from unauthorised access or disclosure and improper use. We are committed to ensuring that our security measures which protect your personal information are continuously reviewed and updated where necessary.
9.2. Personal information is stored on secured servers, personal computers and mobile devices and in secure manual record-keeping systems.
9.3. In processing any personal information, we have deployed a range of physical, electronic, and other security measures to protect the security, confidentiality and integrity of the personal information that we hold. These measures include, inter alia:
9.3.1. access control: access to our information systems is controlled through identity and access management controls and personal information is only made available to personnel who require the personal information to perform a specific job/task;
9.3.2. internal policies and training: employees are bound by internal information security policies and must process information securely. All employees must complete training about privacy and information security;
9.3.3. third party agreements: any third party who processes personal information on behalf of the company are bound to implement appropriate safeguards and comply with POPIA;
9.3.4. information technology safeguards: the company has implemented firewalls and malware protection to safeguard against security breaches;
9.3.5. ongoing monitoring: we regularly monitor and review our compliance with internal policies and industry best practice.
10. YOUR RIGHTS
10.1. You have the right to make a request to access the information we hold on you and correct, amend or delete (subject to all applicable laws) your personal information, or object to how your personal information is processed. Please refer to our PAIA manual here on how to make such a request.
10.2. We will take reasonable steps to ensure that all personal information is kept as accurate, complete and up to date as reasonably possible but may not always expressly request you to verify and update your personal information, unless this process is specifically necessary. We expect that you will notify us from time to time in writing of any updates required in respect of your personal information.
10.3. In addition, you may object to, cancel, correct or modify the email or telephonic communications that you have chosen to receive from us. If you have any questions concerning your personal information or how to exercise the abovementioned rights, contact us at PAIA@smdtechnologies.com.
10.4. You have the right to lodge a complaint with the information regulator. You can email the office of the information regulator with your complaint/query at inforeg@justice.gov.za or contact the office telephonically on 012 406 4818. Visit their website for more details: here.