1. DEFINITIONS
1.1. “Company” means Condio Proprietary Limited with registration number 2002/020069/07, and having its registered address at 53 Killarney Avenue, Killarney Gardens, Cape Town, South Africa;
1.2. “DataBreach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of the Company;
1.3. “DataSubject” has the meaning ascribed there to under POPIA;
1.4. “Employee(s)” means any employee of the Company;
1.5. “Operator”means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;
1.6. “PAIA”means the Promotion of Access to Information Act (Act 2 of 2000);
1.7. "Personal Information" has the meaning ascribed to it under POPIA and specifically includes any form of information that can be used to identify a Data Subject;
1.8. “Policy”means this website privacy policy;
1.9. “POPIA”means the Protection of Personal Information Act (Act 4 of 2013);
1.10. “Processing”has the meaning ascribed to it under POPIA and “Process” has a corresponding meaning;
1.11. “Regulator”means the information regulator established in terms of POPIA;
1.12. “RegulatoryAuthority” means any registered regulatory authority established in accordance with the applicable laws of the Republic of South Africa;
1.13. “Responsible Party” means a public or private body or any other person which alone or in conjunction with others determines the purpose of and means for Processing Personal Information;
1.14. "Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, biometric information or criminal behaviour; and
1.15. “ThirdParty” means any independent contractor, agent, consultant, sub-contractor or other representative of the Company.
2. PURPOSE OF THE POLICY
2.1. The Company is sensitive and committed to the Personal Information provided to it.
2.2. The Company in its capacity as a Responsible Party and/or Operator shall observe and comply with its obligations under POPIA when it Processes Personal Information from or in respect of a Data Subject.
2.3. This Policy applies to Personal Information collected by the Company in connection with the services which the Company provides. This includes information collected directly from you as a Data Subject as well as information the Company collects indirectly through its service providers who collect your information on its behalf.
2.4. This Policy does not apply to the information practices of Third Party companies with whom the Company may engage in relation to its business operations (including, without limitation, their websites platforms and/or applications) that the Company does not own or control; or individuals that the Company does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and the Company encourages you, as the Data Subject, to read them before using them.
3. HOW IS DATA RECORDED
3.1. Data is collected once it is shared with the Company. For example, when the Data Subject completes the contact form, the Company stores the information entered.
3.2. When the Data Subject consents to recording of other data it will automatically be stored by the Company’s systems.
4. WHY IS DATA RECORDED
4.1. Usually, data is used to maintain the efficient functioning of the Company's website on the Data Subject's device, but it may also be used to analyse unique user patterns.
4.2. The Company may disclose Personal Information to the Company's group for legitimate business purposes in accordance with the applicable laws.
5. WHAT RIGHTS DOES A DATA SUBJECT HAVE IN RELATION TO THEIR PERSONAL INFORMATION
5.1. A Data Subject is entitled to receive information regarding the recipients, source and purposes of their Personal Data at any time, free of charge.
5.2. A Data Subject may also request that the Company erase any data stored by the Company.
5.3. A Data Subject's consent to allow the Company to process and archive their information may be revoked at anytime.
6. LAWFUL PROCESSING OF PERSONAL INFORMATION
6.1. When using the Company website, the Data Subject may be asked to provide the following Personal Information:
6.1.1. name and surname;
6.1.2. email;
6.1.3. contact telephone number(s); and/or
6.1.4. corporate company details.
6.2. Where the Company is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –
6.2.1. consent of the Data Subject is obtained;
6.2.2. Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
6.2.3. Processing complies with an obligation imposed by law on the Company;
6.2.4. Processing protects a legitimate interest of the Data Subject; or
6.2.5. Processing is necessary to pursue the legitimate interests of the Company or of a Third Party to whom the information is supplied.
6.3. The Company shall only Process Personal Information where one of the legal bases referred to in paragraph 6.2 above are present.
6.4. The Company will make clear to the Data Subject the manner and reason for which the Personal Information shall be Processed.
6.5. Where the Company is relying on the consent of the Data Subject as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to the Company Processing of the Personal Information at any time. Such withdrawal or objection by the Data Subject shall not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or objections, nor any Processing justified by any other legal ground provided under POPIA.
6.6. If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, the Company will ensure that the Personal Information is no longer Processed.
7. SCOPE OF THIS POLICY
7.1. The Data Subject's Personal Data will only be processed if the Data Subject consents to the Personal Data being Processed. The processing of the Personal Data shall be limited to the scope for which it is required.
7.2. By agreeing to the terms contained in this Policy, the Data Subject consents to the use of its Personal Information in relation to:
7.2.1. the performance of the Company's services to it;
7.2.2. marketing related services by the Company to it; and
7.2.3. Processing of any queries which itmay have in relation to the provision of the Company's services.
7.3. The Company has technical and organisational security measures in place to protect the Data Subject's Personal Information and Personal Data. While we cannot guarantee absolute security when using the Company's website, the Company maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.
7.4. The Company will not store your information for longer than the data is required for the purpose(s) as mentioned in clause 7.2 above.
7.5. A Data Subject's Personal Information will only be accessed by the Company's employees or representatives, subject to stringent confidentiality obligations, and will not be disclosed amongst employees unlessit is necessary for the purposes listed in clause 7.2 above.
8. APPLICATION OF THE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT 25 OF 2002 ("ECTACT")
8.1. The Data Subject agrees that, when using the Company website, electronic signatures, encryption and/or authentication are not required in order to establish a valid electronic communication between it and the Company.
8.2. The Data Subject warrants, by agreeing to this Policy, the information sent to the Company from any electronic device which is owned by the Data Subject was sent and/or authorised by the Data Subject.
8.3. In the event of a legal dispute, a Data Subject or their legal representative may address service of legal documents to:
8.3.1. Physical address: 53 Killarney Avenue, Killarney Gardens, Cape Town, South Africa;
8.3.2. Email address: info@condio.co.za
8.3.3. Contact Number: 021 556 9950
9. STORAGE AND PROCESSING OF INFORMATION BY THIRD PARTIES
9.1. The Company may store the Data Subject’s Personal Information in hardcopy format and/or in electronic format using the Company’s own secureon-site servers or other internally hosted technology. The Data Subject’s Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom the Company has contracted with, to support the Company’s operations
9.2. The Company’s Third Party service providers, including datas torage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
9.3. The Company will ensure that such Third Party service providers will Process the Personal Information in accordance with the provisions of this Policy and all other relevant internal policies and procedures and POPIA.
9.4. The Company will ensure that such Third Party service providers do not use or have access to the Personal Information of the Data Subject except for the purposes specified by the Company, and the Company requires such parties to employ at least the same level of security that the Company uses to protect the Personal Data of the Data Subject.
9.5. Personal Information may be Processed in South Africa or another country where the Company, its affiliates and their Third Party service providers maintain servers and facilities and the Company will take steps including by way of contracts to ensure that Personal Information continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under applicable law, including POPIA.
10. INFORMATION DISCLOSURE
10.1. Not with standing anything to the contrary in this Policy, the Company reserves the right to disclose any Personal Information about a Data Subject if the Company is required to do so by law, and/or if the Company believe that such action is necessary to:
10.1.1. fulfil a Regulatory Authority request;
10.1.2. conform with the requirements of the applicable law or legal process;
10.1.3. protect or defend the Company’s legal rights or property, its website, or other users; or
10.1.4. in an emergency to protect the health and safety of its website’s users or the general public.
11. LOG FILES
11.1. When the Data Subject visits the Company website, information such as its IP address, the name of its Internet Service Provider, its browser and other information concerning its computer's operating system, language settings, and broad demographic information may be collected. The information does not specifically identify the Data Subject.
11.2. The information referred to in 12.1. may be used to identify the Data Subject if it is aggregated with other Personal Information provided to the Company by the Data Subject. This information will not be shared outside of the Company and those employees working with the information will do so subject to strict confidentiality obligations.
11.3. Any individually identifiable information related to this data will never be used in any way different to that stated above in 9.2., without your explicit consent.
12. COOKIES
12.1. The Company website uses cookies to process the Data Subject's information.
12.2. Cookies are data packages that process the storage of data and do not cause damage to a device. The Company website uses both "Session" cookies and "Permanent" cookies. Session cookies are used to store information for the duration of the Data Subject's use of the Company website and are automatically deleted when one leaves the website. Permanent cookies store Data on the Data Subject's device permanently until it deletes them, or their web browser automatically deletes them. There are also "Required" cookies which are used for optimization of the Company website.
12.3. You may be notified when cookies are being used on the website and will be required to give your consent. However, you may also decline cookies.
13. PROCEDURE IN THE EVENT OF A DATA BREACH
13.1. A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person.
13.2. A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; or (g) alteration of Personal Information without permission and loss of availability of Personal Information.
13.3. The Company will address any Data Breach in accordance with the terms of POPIA.
13.4. The Company will notify the Regulator and the affected Data Subject (unless the applicable law or a Regulatory Authority requires that the Company delays notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of the Personal Information of the Data Subject.
13.5. The Company will provide such notification as soon as reasonably possible after it has become aware of any Data Breach in respect of the Personal Information of the Data Subject.
13.6. Where the Company acts as an ‘Operator’ for purposes of POPIA and where any Data Breach affects the data of the Data Subject whose information the Company Processes as an Operator, the Company shall (in terms of POPIA) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the Personal Information of the relevant Data Subject has been accessed or acquired by any unauthorised person.
14. REQUEST BY E-MAIL OR TELEPHONE
14.1. When contacting the Company via e-mail or telephone, the Data Subject's query together with resulting Personal Data will be processed and stored by the Company pursuant to addressing the Data Subject's query. The Company will not share this information without the requisite consent from the Data Subject.
15. CHANGES TO THIS POLICY
15.1. The Company reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify the Data Subject of such amendments.
15.2. The current version of this Policy will govern the respective rights and obligations between the Data Subject and the Company each time that the Data Subject accesses and uses the Company’s site.
16. CONTACT DETAILS
16.1. Any queries pertaining to this Policy may be directed to the following address: info@condio.co.za
17. GOVERNING LAW
17.1. This Policy shall be governed and interpreted in accordance with the laws of the Republic of South Africa and you submit yourself to the jurisdiction of the courts of the Republic of South Africa.
17.2. The terms and conditions of this Policy are severable, in that if any provision is determined to be illegal or unenforceable by any court of competent jurisdiction, then such provision shall be deemed to have been deleted without affecting the remaining provisions of the terms and conditions.