We act in accordance with the “‘POPIA” Act – Protection of Personal Information Act, 2013, which regulates and controls the processing of a person’s Personal Information. This includes the collection, storage, dissemination, use and transfer of a person’s Personal Information, which must be done in a lawful and transparent manner.
1. PURPOSE OF THIS STATEMENT
1.1 We, Switches International (Pty) Ltd, in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (“POPIA”), which regulates and controls the processing of a person’s Personal Information in South Africa, which processing includes the collection, use, and transfer of a person’s Personal Information.
1.2 For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:
1.2.1 “consent” means the consent, which you give to us to process your Personal Information. This consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied; implied meaning that consent may be demonstrated by way of your actions;
1.2.2 “Data Subject” means you, the person who owns and who will provide us with your Personal Information for processing, which reference is found under POPIA;
1.2.3 “Operator” means any person who processes your Personal Information on our behalf as a sub-contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centres, service providers, auditors, legal practitioners, organs of state, government, provincial and municipal bodies;
1.2.4 “Personal Information” means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:
(a) your name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;
(b) vehicle registration; (c) dietary preferences; (d) financial history;
(e) information about your next of kin and or dependants;
(f) information relating to your education or employment history; and
(g) Special Personal Information including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition;
1.2.5 “processing” / “process” or processed”, means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing;
1.2.6 “Purpose” means the reason why your Personal Information needs to be processed by us; 1.2.7 “Responsible Party, means us, the person who is processing your Personal Information;
1.2.8 “You” means you, the Data Subject under POPIA, who will be providing us, the Responsible Party with your Personal Information, for processing.
1.3 In terms of POPIA, where a person processes another’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.
1.4 In order to comply with POPIA, a person processing another’s Personal Information must:
1.4.1 provide the Data Subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; and
1.4.2 get permission or consent, explicitly or implied, from the owner / Data Subject, to process the Personal Information, unless such processing:
(a) is necessary to carry out actions for the conclusion or performance of a contract to which the owner / Data Subject of the Personal Information is a party;
(b) is required in order to comply with an obligation imposed by law; or
(c) is for a legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interests of i) the owner / Data Subject of the Personal Information; ii) the person processing the Personal Information ; or iii) that of a third party to whom the Personal Information is supplied; or
(d) is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.
1.5 In accordance with the requirements of POPIA, and because your privacy and trust is important to us, we set out below how we, FFS Refiners collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.
2.1 This Privacy Statement applies to the following persons:
2.1.1 Interactors: persons who interact with us, physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, or who come onto our sites and / or who enter our offices or facilities;
2.1.2 Users of our Sites: persons who use our websites, applications, mobile applications, or social media portals or platforms whether in order to find out more about us, to make enquiries about us, or our products or services or where persons want to do business with us be it providing or selling to us or receiving or buying from us, certain goods and services, etc;
2.1.3 Applicants: persons who wish to apply for a bursary, funding, enterprise/supplier development opportunity or a sponsorship from us;
2.1.4 Customers and Clients: persons who are desirous of, or who do use and or purchase our products or services, who receive marketing communications and / or who communicate with us physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices;
2.1.5 Contractors, Vendors and Service Providers: persons who are desirous of, or who do provide us with goods, and services, or who we provide goods and services to, including consultancy and infrastructure related services and who we interact and communicate with, either physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices;
2.1.6 Regulators and Public Bodies: persons who we engage with in order to discharge legal and public duty obligations, including SARS, National Treasury, Department of Labour,etc;
2.1.7 Business partners: whether in their capacity as operators or not, who provide services, goods and other benefits to us, our employees or to our customers, clients and service providers, such as medical aids, pension or provident funds, administrators, financial service providers, advertising, marketing or PR agencies, wellness or health and medical providers.
3. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION
3.1 Your personal information will be processed by us for the following purposes:
3.1.1 Due diligence purposes – legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, including your business details, medical status, health history and related records, education and employment history and qualifications, credit and financial status and history, tax status, B-BBEE status, and or any performance or vendor related history;
3.1.2 Contract purposes -assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you;
3.1.3 To process transactions and render or provide or receive goods and services – conclusion of a contract: To perform under any contract which has been concluded with you, including carrying out all contractual obligations, exercising all contractual rights, assessing or communicating requirements, manufacturing, packaging, ordering, delivering, and / or responding to, or submitting queries, complaints, returns or engaging in general feedback, or acting in such a manner as to personalize any goods or services, and to make recommendations related to us or our or your operations;
3.1.4 Attending to financial matters pertaining to any transaction- conclusion of a contract: To administer accounts or profiles related to you or your organization including registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general;
3.1.5 Communications- legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions;
3.1.6 Risk assessment and anti- bribery and corruption matters-legitimate purpose: To carry out vendor, organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with all applicable laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and operations or facilities and / or to exercise our rights and to protect our and others’ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable;
3.1.7 Legal obligation and public duties: To comply with the law and our legal obligations, including to register with Regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority;
3.1.8 Security purposes: legitimate purpose and to comply with laws: to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes;
3.1.9 Internal research and development purposes – consent required: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services;
3.1.10 Sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings) – our Legitimate interest- To proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings);
3.1.11 Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and/or other notifications, programs, events, or updates that you may have registered or asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity;
3.1.12 Events, advertising and public relations materials and publications: for the purposes of making contact with you and or attending to your enquiries and requests in relation to our advertising and public relations materials and publications and or events and functions and for providing you from time to time with information pertaining to Switches International advertising and public relations materials and publications, and or events and functions and to invite you to attend functions and events or our request for your appearance in advertising and public relation materials and publications.
4. WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?
4.1 In order to engage and / or interact with you, for the purposes described above, we will have to process certain types of your personal information, as described below:
4.1.1 Your or your employer or organization’s contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons;
4.1.2 Specific identifiers, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race (B-BBEE related), religion (correct and fair treatment related), sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters ( to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history ( to protect our legitimate interests and to perform risk assessments), as well as children’s details (benefits related);
4.1.3 Account Information, including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and / or in order to provide you access to services;
4.1.4 User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries;
4.1.5 Device & Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place;
4.1.6 Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place;
4.1.7 Location Data, such as the location of your device, your household, and similar location data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place;
4.1.8 Demographic Information, such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, personal or household/familial financial status and metrics, military status, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place;
4.1.9 Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place;
4.1.10 Identity Information, such as government-issued identification information, tax identifiers, social security numbers, other government-issued identifiers, and similar data, which are required to comply with laws and public duties;
4.1.11 Financial Information, such as billing address, credit card information, billing contact details, and similar data., tax numbers and VAT numbers, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place and / or which are required to comply with laws and public duties;
4.1.12 Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, status as a veteran, nationality and immigration status, demographic data, disability-related information, application information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties;
4.1.13 Health records such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties;
4.1.14 Social Media and Online Content, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries and generally for the purposes of advertising, marketing and related communications.
5. SOURCES OF INFORMATION – HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
5.1 Depending on your requirements, we will collect and obtain personal information about you either directly from you, from certain third parties (such as your employer or regulators), or from other sources which are described below:
5.1.1 Direct collection: You provide personal information to us when you:
(a) Use our websites, applications, mobile applications, or social media portals or platforms; (b) Interact with us;
(c) Enquire about, or search for our goods or services;
(d) Create or maintain a profile or account with us;
(e) Conclude a contract with us;
(f) Purchase or subscribe to our goods or services;
(g) Use our goods or services;
(h) Purchase, use, or otherwise interact with content, products, or services from third party providers who have a relationship with us;
(i) Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms;
(j) Register for or attend one of our events, functions or locations;
(k) Request or sign up for information, including marketing material;
(l) Communicate with us by phone, email, chat, in person, or otherwise;
(m) Complete a questionnaire, survey, support ticket, or other information request form;
(n) When you submit a quotation, or offer to do business with us, a tender or when you conclude a contract with us;
(o) Express an interest in a bursary or sponsorship.
5.1.2 Automatic collection: We collect personal information automatically from you when you:
(a) Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms;
(b) Use our goods or services (including through a device);
(c) Access, use, or download content from us;
(d) Open emails or click on links in emails or advertisements from us;
(e) Otherwise interact or communicate with us (such as when you attend one of our events, functions or locations, when you request support or send us information, or when you mention or post to our social media accounts).
5.1.3 Collection from third parties: We collect personal information about you from third parties, such as:
(a) Your organization and others with whom you have a relationship with that provide or publish personal information related to you, such as from our customers or from others when they create, post, or submit user content that may include your personal information;
(b) Regulators, professional or industry organizations and certification / licensure agencies that provide or publish personal information related to you;
(c) Third parties and affiliates who deal with or interact with us or you;
(d) Service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services or to enhance your experience;
(e) Marketing, sales generation, and recruiting business partners;
(f) SAP, Home Affairs, Credit bureaus and other similar agencies;
(g) Government agencies, regulators and others who release or publish public records;
(h) Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.
6. HOW WE SHARE INFORMATION
6.1 We share personal information for the purposes set out in this Privacy Statement and with the following categories of recipients:
6.1.1 Switches International and our employees. We may share your personal information amongst our employees for business and operational purposes.
6.1.2 Your Organization and Contacts. We may share your personal information with your organization and others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provides you with access to our goods or services and who pay us in connection with such access. We may also share your personal information with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s);
6.1.3 Business Partners. We may share your personal information with our business partners to jointly offer, provide, deliver, analyze, administer, improve, and personalize products or services or to host events and functions. We may also pass certain requests from you or your organization to these business providers;
6.1.4 Third Party Content Providers. We may share your personal information with our third party content providers to perform tasks on our behalf and to assist us in providing, delivering, analyzing, administering, improving, and personalizing content related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and may to this end pass certain requests from you or your organization to these providers;
6.1.5 Third Party Service Providers. We may share your personal information with our third party service providers to perform tasks on our behalf and which are related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and to assist us in offering, providing, delivering, analyzing, administering, improving, and personalizing such services or products.;
6.1.6 Cyber Third Party Service Providers -We may share your personal information with our third party cyber service providers to perform tasks on our behalf and which are related to our relationship with you, including those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behavior, and other products or services. These third party service providers may also collect personal information about or from you in performing their services and/or functions on our Services. We may also pass certain requests from you or your organization to these third party service providers;
6.1.7 Advertisers. We may share your personal information with advertisers, advertising exchanges, and marketing agencies that we engage for advertising services, to deliver advertising, and to assist us in advertising our brand and products and services. Those advertising services may also target advertisements on third party websites based on cookies or other information indicating previous interaction with us and/or ourselves;
6.1.8 Users. We aggregate information from public records, phone books, social networks, marketing surveys, business websites, and other sources made available to us to create listings and profiles that are placed into user listings and directories. Additionally, if you choose to include your personal information in any reviews, comments, or other posts that you create, then that personal information may be displayed other users as part of your posting;
6.1.9 In the Event of Merger, Sale, or Change of Control. We may transfer this Privacy Statement and your personal information to a third party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control (such as the result of a business rescue proceeding);
6.1.10 Regulators and law enforcement agencies. We may disclose your personal information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request;
6.1.11 Other Disclosures. We may disclose your personal information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the group, our employees, any users, or the public.
7. SECURITY OF INFORMATION
7.1 The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing personal information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of personal information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.
7.2 Your Personal Information will be stored electronically which information, for operational reasons, will be accessible to persons employed or contracted by us on a need to know basis, save that where appropriate, some of your Personal Information may be retained in hardcopy.
7.3 Once your Personal Information is no longer required due to the fact that the purpose for which the Personal Information was held has come to an end, such Personal Information will be retained in accordance with our applicable Group records retention schedules, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Privacy Statement, (b) meet the timelines determined or recommended by regulators, professional bodies, associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.
8. ACCESS BY OTHERS AND CROSS BORDER TRANSFER
8.1 We may from time to time have to disclose your Personal Information to other parties, including our holding company or subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.
8.2 Where Personal Information and related data is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA.
8.3 However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect personal information, we cannot guarantee its absolute security.
9. YOUR RIGHTS
9.1 You as a Data Subject have certain rights, which are detailed below:
9.1.1 The right of access- You may ask us free of charge to confirm that we hold your personal information, or ask us to provide you with details.
9.1.2 The right to rectification- you have the right to ask us to update or rectify any inaccurate personal information
9.1.3 The right to erasure (the ‘right to be forgotten’) – where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period has expired, you may request that we delete the personal information.
9.1.4 The right to object to and restrict further processing- where we do not need your consent to process your personal information, but you are not in agreement with such processing, you object to us processing such Personal Information
9.1.5 The right to withdraw consent – where you have provided us with consent to process your personal information, you have to right to subsequently withdraw your consent
9.1.6 The right to data portability- where you want your Personal Information to be transferred to another party, which can be done under certain circumstances
10. CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to amend the Processing Notice at any time, for any reason, and without notice to you
11. CONTACT US
Any comments, questions or suggestions about this privacy notice or our handling of your Personal Information should be emailed to firstname.lastname@example.org
12. PROCESSING PERSONAL INFORMATION
12.1 If you process another’s Personal Information, you will keep such information confidential and will not, unless authorised to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and related to the duties assigned to you.
12.2 You will also observe the protection of Personal Information relating to Switches International’s and the rules and regulations regarding the processing and protection of Personal Information and/or data to which your Employees have access to in the course and scope of the Employee’s duties, and shall report any infringement relating to the manner in which Personal Information or other data is processed to the Switches International without delay.
13.1 Should you wish to discuss a complaint, please feel free to contact us using the details provided above.
14.1 By providing us with the Personal Information which we require from you as listed under this Processing Notice:
14.1.1 You acknowledge that you understand why your Personal Information needs to be processed;
14.1.2 You accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross border;
14.1.3 Where consent is required for any processing as reflected in this Processing notice, you agree that we may process this particular Personal Information.
14.2 You confirm that you have shared this Processing Notice with employees, contractors and subcontractors and have received from them the required consent to provide us with their respective Personal Information for processing as provided for and described under this Processing Notice, and where consent is required for any processing as reflected in this Processing notice, such persons have agreed that we may process this particular personal information.
14.3 Furthermore, should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and / or the required permissions in respect of the processing of that Organization or entities’ Personal Information.