1.1 Digitata Networks Proprietary Limited (“Digitata”), as a responsible party, is committed to complying with its obligations in terms of the Protection of Personal Information Act, No. 4 of 2013 (“POPI”), the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”), as well as other relevant data protection legislation.
1.2 We respect the privacy rights of our customers, service providers and other third parties (including prospective customers and service providers) and we are committed to handling personal information responsibly and in accordance with applicable law.
1.3 If you have any questions regarding this data protection policy (“Policy”), the applicable law, or have any comments or questions about this Policy, please contact us at the contact details in paragraph 12 below.
1.4 If you would like to learn more about how we process the personal information of visitors to our website, please visit: digitatanetworks.com
2 WHO DOES THIS POLICY APPLY TO?
2.1 This Policy applies to our contractors, consultants, customers, service providers and suppliers and to prospective service providers and suppliers responding to bids and requests for proposals, as well as any other party/ies who are our agents or are working on our behalf or in our name, whether it be through the outsourcing of services, processes or any business activity (collectively referred to as “you”, or “your”).
2.3 This Policy applies where we process your personal information in any form – whether oral, electronic or written.
3 WHAT TYPE OF PERSONAL INFORMATION DO WE PROCESS?
3.1 Most of the personal information we process is information that you knowingly provide to us i.e. where we collect personal information directly from you. However, in some instances, we process personal information that we are able to infer about you based on other information you provide to us (such as supporting documents) or on our interactions with you, or personal information about you that we receive from a third party using a process that we have told you about. For example, we may contract with third parties to support us to do credit and background checks.
3.2 We collect personal information inter alia in the following instances –
3.2.1 to enter into contracts with you (whether oral or written);
3.2.2 in the course of executing our statutory functions and to comply with our statutory obligations;
3.2.3 via our website;
3.2.4 in connection with business transactions and services you initiate with us, such as through services requests, credit verification or other processes related to the transaction;
3.2.5 when you are requesting access to information on our record; and/or
3.2.6 where we are legally obliged to as part of a contractual agreement, statutory measure or as otherwise required by law.
3.3 We process the following personal information of yours for the following purposes –
Categories of personal information processed by us Purpose of processing
Service providers or suppliers (both current and prospective)
Identity information: Company name, registration number, registered address. To enter into the contract with the supplier or service provider.
Contact information: Contact information of a representative of the service provider or supplier and records of correspondence with the representative of the service provider or supplier. To send notices and information regarding the contract or legal proceedings.
To send direct marketing, where agreed to.
Financial information: Bank account details, taxpayer information. To perform under the contract and make payment to the service provider or supplier
Identity information: Company name, registration number, registered address. To enter into the contract with the customer and to provide services to the customer.
Contact information: Contact information of a representative of the customer and records of correspondence with the representative of the customer. To send notices and information regarding the contract or legal proceedings;
To follow up as part of our customer service;
To send direct marketing where agreed to.
3.4 Unless otherwise stated, all of the information we request from you is obligatory. If you do not provide and/or allow us to process all the obligatory information as requested, we will not be able to keep complete information about you, thus affecting our ability to accomplish the above stated purposes.
3.5 Special personal information
3.5.1 There may be certain limited instances in which the personal information that you provide to us or which we collect is considered “Special Personal Information” under applicable data protection legislation.
3.5.2 Special Personal Information includes, among other things, any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, information about your health, gender and sexual orientation, as well as criminal behaviour related to the alleged commission by you of any offence or any proceedings in respect of any offence allegedly committed by you or the disposal of such proceedings.
3.5.3 As a general rule, we make every attempt to limit the collection and processing of Special Personal Information about you, unless authorised by law or where necessary to comply with applicable laws.
3.5.4 However, in some instances, we may need to collect, or request on a voluntary disclosure basis, Special Personal Information for legitimate purposes including: (i) to comply with Broad-Based Black Economic Empowerment requirements, (ii) for government reporting obligations, and/or (iii) where requesting information about your health to provide work-related accommodations or secure our premises.
3.6 Other data subjects’ personal information
3.6.1 There may be instances in which the personal information that you provide to us or which we collect constitutes personal information of someone other than yourself.
3.6.2 Where you provide a third party’s personal information to us, you warrant that the information is accurate and that you have the necessary consent to share the data with us, unless you have another lawful basis for sharing the data with us.
4 PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION
4.1 We may be required to process your personal information for the following purposes –
4.1.1 to identify you;
4.1.2 to send you communication, where required;
4.1.3 to meet our obligations under an agreement with you;
4.1.4 to process your business transactions with us;
4.1.5 to establish and maintain stakeholder accounts;
4.1.6 to register you as a user of our services so that you may access them through our websites (includes any web portals), operational site(s), applications or otherwise;
4.1.7 to communicate with you about updates, maintenance, outages or other technical matters;
4.1.8 to respond to questions or inquiries that you or your company may have about our products and services;
4.1.9 for sending you electronic messages (i.e. SMS and email), newsletters, press releases, event invitations and other similar communications regarding the services that we offer, where you have consented to such communications;
4.1.10 to solicit input from you regarding the improvement of our services; and
4.1.11 for other purposes that we disclose to you at the time we obtain your consent.
4.2 If you have questions about, or need further information concerning, the legal basis on which we rely to collect and process your personal information, please contact us using the contact details provided in paragraph 12 below.
5 LAWFUL BASIS FOR PROCESSING
5.1 There are six available legal (lawful) bases for collecting and processing your personal information. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
5.2 Personal information
5.2.1 The bases on which we rely for the purposes above are –
220.127.116.11 Legitimate interests: In most cases, we process your personal information in line with our legitimate interests, which interest is not overridden by your data protection interests or fundamental rights and freedoms.
18.104.22.168 Contract: We will also process your personal information to the extent that it is necessary to conclude or perform under the contract we have with you.
22.214.171.124 Legal obligation: We have certain legal obligations which require us to process your personal information. This includes processing for tax purposes and know-your-customer purposes.
126.96.36.199 Consent: In certain limited instances, we will only process your personal information with your prior consent.
5.3 Special personal information
5.3.1 We may process your special personal information on the following bases –
188.8.131.52 Consent: In certain instances, we will only process your special personal information with your prior consent.
184.108.40.206 Legal obligation: We have certain legal obligations which require us to process your special personal information. We will do so in line with this policy and applicable law.
6 AUTOMATED DECISION MAKING
6.1 An automated decision takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, and we will notify you by updating this notice if this position changes.
6.2 Any use of automated decision making will not have a significant impact on you and will only be used if we have a lawful basis for doing so in the following circumstances (a) where we have notified you of the decision and given you 21 days to request a reconsideration; (b) where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights; (c) in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
7 DATA RETENTION
7.1 We keep records of your personal information for no longer than necessary for the purpose for which we obtained them and for any other permitted compatible purposes, including compliance with legal obligations.
7.2 Our Data Retention, Storage and Destruction Policy sets out the applicable minimum retention periods required by local laws. We use a Data Retention, Storage and Destruction Policy to establish the retention time periods for various categories of records that contain your personal information.
7.3 If you wish to understand more about the retention periods applicable to your personal information or would like to receive more information about our Data Retention, Storage and Destruction Policy, contact our Information Officer (see paragraph 12 below).
8 SHARING OR TRANSFERRING YOUR PERSONAL INFORMATION
8.1.1 In order to carry out the purposes outlined above, information about you may need to be disclosed to other third parties. When we share your personal information, we require that all third party recipients treat your personal information as confidential and in conformity with this Policy.
8.1.2 In any scenario, we will satisfy ourselves that we have a lawful basis to share the information and we will document our decision making. Should access to your information be requested in terms of the Promotion of Access to Information Act. No. 2 of 2000 (“PAIA”), we will notify you of such request in accordance with the terms of PAIA.
8.2 Centralised Data Processing Activities
Like most large organisations, we have centralised certain aspects of our data processing and administration in accordance with applicable data protection laws and any other applicable laws in order to allow us to better manage our organisation. That centralisation may result in the transfer of personal information from one country to another or from one division in Digitata to another division in Digitata.
8.3 Third party service providers
8.3.1 Like many organisations, from time to time, we outsource the processing of certain functions and/or information to third parties.
8.3.2 When we do outsource the processing of your personal information to third parties or provide your personal information to third party service providers, we oblige those third parties to (i) enter into a written contract with us, (ii) protect your personal information in accordance with the terms and conditions of this Policy, (iii) treat the personal information as confidential and not share or transfer your personal information to any other entity without our express written permission, (iv) adopt appropriate security measures, and (v) only use your personal information for the purposes of fulfilling their obligations to us.
8.4 Legal requirements
8.4.1 We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or are requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect our legitimate interests in accordance with applicable laws.
8.4.2 We also reserve the right to retain personal information collected and to process such personal information to comply with accounting rules, tax rules, regulations and any specific record retention laws.
8.5 Business transfers
As we continue to develop our business, we may sell the business, certain assets of the business or receive funding (equity or debt). In such transactions, contracts with you and your personal information is generally one of the transferred business assets. We may share your personal information with any prospective or actual third party buyers (and their advisors) in respect of such transactions.
8.6 Transfers outside of the applicable jurisdiction
8.6.1 Should your personal information move outside of South Africa, we use mechanisms compliant with applicable data privacy law to require that the same level of data protection be applied in the jurisdiction where the data is being processed.
8.6.2 We also ensure that the required data protection clauses are in force in any relevant legal contracts and agreements to ensure that your personal information is treated by third parties in a way that is consistent with and which respects all applicable data privacy law.
8.6.3 An example of where your personal information may be transferred to another country is where a service provider whom Digitata relies on hosts your personal information in a foreign country.
9 WHAT ARE YOUR RIGHTS AND DUTIES?
9.1 As a data subject, you have a number of rights, including –
9.1.1 Access rights: You have the right to access your personal information in many circumstances. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
9.1.2 Right to rectification: You can require us to have inaccurate personal information corrected.
9.1.3 Right to erasure: You can require us to erase personal information in certain circumstances where there is no lawful basis for us to retain such personal information. Please note, however, that in some instances we must retain your personal information for certain periods of time as required by law. We will do so in accordance with our Data Retention, Storage and Destruction Policy. You can request a copy of this policy from our Information Officer.
9.1.4 Right to restrict: You can require us to restrict our processing of your personal information in certain circumstances.
9.1.5 Right to withdraw consent: You can withdraw any consents to processing that you have given us and prevent further processing if there is no other legitimate ground upon which we can rely to process your personal information.
9.1.6 Right to complain: You can raise a complaint about our processing with the data protection regulator in your jurisdiction, or with our Information Officer.
9.2 If you wish to object to the processing of your personal information by Digitata, you may do so in terms of Form 1 downloadable on the Information Regulator’s website: https://www.justice.gov.za/inforeg/. The completed form must be submitted to the Deputy Information Officers, whose names and contact details are contained in paragraph 12 below.
9.3 Your duties
9.3.1 Duty to inform us of changes to your personal information: It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
9.3.2 Duty to adhere to data privacy laws: In terms of our contract or working relationship with you, we may impose certain obligations on you or you may have given certain warranties or undertakings in respect of your compliance with data privacy laws. We expect you to at all times adhere to these terms and abide by applicable law.
10 DATA SECURITY
10.1 The personal information we collect from you is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, information security technology and other appropriate administrative, technical, personnel and physical security measures.
10.2 Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents, to the fullest extent permitted by applicable law.
10.3 Where required under applicable law, we will notify you of any such loss, misuse or alteration of personal information that may affect you, so that you can take the appropriate actions for the due protection of your rights.
11 CHANGES TO THIS POLICY
We will conduct periodic internal and external compliance audits and assessments of our relevant privacy practices to verify adherence to this Policy. We encourage you to raise any questions or concerns that you may have about the way we process your personal information. We reserve the right to update this Policy at any time, without prior notice to you, to the extent permitted by applicable law. To assist you, this Policy has an effective date set out below.
12 REQUEST FOR ACCESS TO PERSONAL INFORMATION/QUESTIONS OR COMPLAINTS
12.1 If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request for access to the personal information that we maintain about you, please contact us by any of the following means –
12.1.1 Information Officer, appointed by virtue of his office: Philippus Korf (CEO) –email@example.com
12.1.3 You have the right to complain to the Information Regulator if you believe that the processing of your personal information is in breach of the applicable data privacy laws:
12.1.4 JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001