PERSONAL DATA PROTECTION POLICY
- INTRODUCTION
This is the Personal Data Protection Policy of Briskflow (Pty) Ltd (Registration Number 2015/438600/07) (herein after Briskflow / we ) which sets out how we will process personal information. We respect the privacy of data subjects and seek to balance the use personal information with the legal obligation to protect it. The policy, compiled in accordance with the provision of the Protection of Personal Information Act (POPIA), describes the principles governing our processing of personal data.
- APPLICATION OF THIS POLICY
This policy applies to a) all personal data processed in the course of our business (including customers, natural and juristic persons); b) and to all persons employed or engaged (including juristic persons); c) any other data subjects as well as any third party engaged by us who process personal data.
- DATA PROTECTION LAWS
We are committed to protecting and respecting the privacy of our data subjects in accordance with national data protection laws such as the Protection of Personal Information Act, 4 of 2013 (POPIA), Promotion of Access to Information Act, subsequent amendments as well as Regulations issues in terms of legislation. We are committed to doing what is reasonably practicable to comply with those aspects of data protection legislation that apply to our business. If we are required to comply with any other data protection laws (such as the General Data Protection Regulation 2016/679 (European Union)) we will ensure due compliance as required.
- PERSONAL INFORMATION
4.1 Description and Exclusions of Personal Information
Personal information includes information a) that we collect automatically when you visit our website; b) collected for services or other purposes and in as far as may be applicable; c) information collected on submission; and d) optional information that you provide to us voluntarily.
Personal Information excludes information that a) has been made anonymous so that it does not identify a specific person; b) permanently de-identified information that does not relate or cannot be traced back to you specifically; c) non-personal statistical information collected and compiled by us; and d) information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy).
- Examples of Personal Information
Common examples of the types of personal information which we may collect and process include your a) identifying information (name, date of birth, or identification number of any kind); b) contact information ( phone number or email address); c) address information (physical or postal address); or d) demographic information (gender or marital status).
- Sensitive Personal Information
Depending on the personal information submitted to us by yourself, we may also collect sensitive personal information including your such (but not limited to) as a) financial information (bank account details); b) sensitive demographic information (race or ethnicity); c) medical information (physical or mental health); d) sexual information (sex life or sexual orientation); e) criminal information (commission or alleged commission of any offence or about any related legal proceedings); f) employment information (including membership of a trade union); and g) beliefs (political or religious beliefs).
4.4 Personal Information of Children
We do collect personal information of children, but only with the consent of a competent person.
- DATA PROTECTION REQUIREMENTS
- In applying the relevant data protection laws, we will ensure that we a) enable data subject rights; b) adhere to our data protection obligations as controller or processor; and c) apply the data protection principles.
5.2 In terms of data subject rights, we will ensure that our data subjects can:
- know when and why we process their personal data;
- request access to their personal data that we process;
- object to our processing of their personal data;
- rectify any personal data of theirs that is incorrect;
- erase their personal data from our systems;
- restrict our processing of their personal data, where required;
- transfer their personal data from us to another controller in a structured and accessible format;
- be protected from us making automated decisions about them.
5.3 In terms of our obligations as controller, we will ensure that we:
- implement appropriate and reasonable technical and organisational measures to protect personal data;
- control our processors through a written contract;
- keep records of our processing activities;
- co-operate with the relevant data protection authorities;
- conduct data protection impact assessments, where required;
- consult with the relevant data protection authorities, where required.
5.4 In terms of our obligations as processor, we will ensure that we:
- enter into a contract with the relevant controller;
- appoint sub-processors only with the controller’s written authorisation;
- process personal data only on the instructions of the controller;
- keep records of our processing activities done on behalf of the controller;
- inform the relevant data protection authorities of irregularities, where required.
5.5 In terms of the data protection principles, we will ensure that we process personal data:
- lawfully, fairly and transparently;
- only for a specific purpose that is explicit and legitimate;
- only as necessary for that purpose;
- accurately, and is kept up to date;
- for no longer than necessary to achieve the purpose; and securely.
- ACCEPTANCE
6.1 Acceptance required
You must accept all the terms of this policy when you use our services. If you do not agree with anything in this policy, then you may not request our services. By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms. You may only send us your own personal information or the information of another data subject where you have their permission to do so.
6.2 Legal capacity
You may not access our website or request our services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.
- COLLECTION OF PERSONAL INFORMATION
7.1 Submission of Personal Information
Once you interact with us and submit any personal information to us, you will no longer be anonymous to us. In these circumstances, you may provide us with certain personal information as defined above.
We will use this personal information for the purposes that it was provided for, for providing services to you and for any other purposes set out in this policy or as allowed in terms of legislation. You may also provide additional information to us on a voluntary basis (optional information). This includes content that you decide to upload or download from our website or respond to surveys, obtain certain services, or otherwise use the optional features and functionality of our website.We will obtain your consent to collect personal information in accordance with applicable law when you provide us with any information.
7.2 Information collected from the website
We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information). Please note that other websites visited before entering our website might place personal information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal information. Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal information. We merely use them to compile anonymous information about our website.
7.3 Recording Telephonic Calls
We may monitor and record any telephone calls that you make to us, unless you specifically request us not to.
7.4 Purpose for Collection
We may use or process any information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal information, disclosing it, and combining it with other personal information. We generally collect and process your personal information for various purposes, including a) services purposes (services we may provide); b) business purposes (internal audit, accounting, business planning, and joint ventures, disposals of business, or other proposed and actual transactions); c) legal purposes (handling claims, complying with regulations, or pursuing good governance); d) employment purposes (considering and contacting applicants for interviews, drafting employment agreements and keeping agreements on file); e) administration and maintenance (records relating to our employees); f) management planning, (forecasting, research and statistical analysis); and g) audit and record keeping purposes.
We may use your usage information for the purposes described above and to:
- remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
- monitor website usage metrics such as total number of visitors and pages accessed; and
- track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
- USE OF PERSONAL INFORMATION
8.1 Briskflow obligations
We may use your personal information to fulfil our obligations to you and any obligations that we may have in law. We may send administrative messages and email updates to you about the website. Furthermore, we may communicate with you via email, or other messaging forum, with regards to our services, training offered and any other information that may be relevant to you, and only in accordance with the consent that you have provided.
8.2 Targeted content
In as far as may be applicable, while you are logged into the website, we may display targeted adverts and other relevant information based on your personal information. In a completely automated process, computers process the personal information and match it to adverts or related information. We never share personal information with any advertiser, unless you specifically provide us with your consent to do so. Advertisers receive a record of the total number of impressions and clicks for each advert. They do not receive any personal information. If you click on an advert, we may send a referring URL to the advertiser’s website identifying that a customer is visiting from the website. We do not send personal information to advertisers with the referring URL. Once you are on the advertiser’s website however, the advertiser is able to collect your personal information.
- DISCLOSURE OF PERSONAL INFORMATION
9.1 Sharing of Personal Information
We may share your personal information with:
- other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our services;
- with our Shareholders;
- an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
- our services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit) and those to whom we may provide services;
- credit bureaus to report account information, as permitted by law; and
- other third parties, as well as third parties who provide us with relevant services where appropriate and vice versa.
9.2 Regulators and Law Enforcement
We may disclose your personal information as required by law or governmental audit. We may disclose personal information if required:
- by a subpoena or court order;
- to comply with any law;
- to protect the safety of any individual or the general public; and
- to prevent violation of our customer relationship terms.
9.3 Selling of Personal Information and Marketing Purposes
We will not sell personal information. No personal information will be disclosed to anyone except as provided in this privacy policy. We also do not collect or process the Data Subject’s personal information for marketing purposes.
9.4 Employees
We may need to disclose personal information to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.
9.5 Change of ownership
If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.
- SECURITY
We take the security of personal information very seriously and always do our best to comply with applicable data protection laws. Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. We authorize access to personal information only for those employees who require it to fulfil their job responsibilities. We implement disaster recover procedures where appropriate. We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.
- ACCURACY OF PERSONAL INFORMATION
We will try to keep the personal information we collect as accurate, complete, and up to date as is necessary for the purposes defined in this policy. From time to time we may request you to update your personal information. You are able to review or update any personal information that we hold on you by emailing us, or phoning us. You may also request that we erase the personal information you have submitted to us, by contacting us by phone or email. Please note that in order to better protect you and safeguard your personal information, we take steps to verify your identity before granting you access to your account or making any corrections to your personal information.
- RETENTION
We will only retain your personal information for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless a) retention of the record is required or authorised by law; or b) you have consented to the retention of the record. During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information. We may retain your personal information in physical or electronic records at our discretion.
- TRANSFER TO ANOTHER COUNTRY
We may transmit or transfer personal information outside of the country in which it was collected to a foreign country and process it in that country. Personal information may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal information may not be as stringent as the laws in the country in which it was collected. You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be less stringent.
- BREACH OF PERSONAL INFORMATION
If we suspect or become aware of any unauthorized access to any personal information held by us by any unauthorised person or third party, or if we becomes aware of any other security breach relating to personal information held or stored by Briskflow as envisaged in this Policy, Briskflow shall immediately notify you in writing. In the event of a Personal Information Breach, Briskflow shall fully and immediately comply with applicable laws, and shall take the appropriate steps to remedy such Personal Information Breach.
- INFORMATION OFFICER
We have appointed an Information Officer. The Information Officer is responsible for overseeing the functions and responsibilities as required in terms of section 55 of POPIA and the regulations thereto, including: a) promoting compliance with data protection law within the entity; b) ensuring awareness of data protection law within the entity; c) managing and responding to data subject access requests; d) managing and responding to data breaches or incidents; e) assisting the relevant data protection authorities with their investigations; and f) developing, implementing and monitoring the compliance framework within the entity.
All requests for information must be submitted in writing to the Information Officer. If you have any questions or concerns arising from this privacy policy or the way in which we handle personal information, or if you would like to update your information or request that it be deleted, please contact us. If you object to the terms and conditions of this policy, kindly inform the Information Officer in writing.
The contact details of the Information Officer is:
Name: Victor Spruyt
Email Address: sales@pinionpaperless.co.za
Telephone Number: 010 109 3060
- REVISIONS OF THIS POLICY
We may change the terms of this policy at any time. We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated. If you do not agree with the changes, then you must stop using the website and our services. If you continue to use the website or our services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.
- APPROVAL AND ADOPTION
This policy has been approved and adopted by the following authorised representative:
Version of the Policy : v18.1.1
Date : January 2024