// SA-Gateway
INTRODUCTION
This is SA-Gateway’s Privacy Policy. We respect your privacy and your personal information. The Privacy Policy together with the SA-Gateway PAIA Manual aims to let you know how SA-Gateway will treat any personal information that it may have about you and how you can access such personal information held. SA-Gateway will take all reasonable measures, in accordance with this Policy, to protect your personal information and to keep it safeguarded and confidential.
DEFINITION OF PERSONAL INFORMATION
Personal information is “personal information” as defined in terms of section 1 of the Protection of Personal Information Act 4 of 2013 (“POPIA”). This is information relating to an identifiable, living natural person or existing juristic person. Please refer to POPIA for a detailed definition and various types or categories of personal information.
CATEGORIES OF DATA SUBJECTS AND PERSONAL INFORMATION COLLECTED
SA-Gateway only collects general personal information (some of which may be publicly available) and aims to only collect that personal information which is necessary for it to carry out its services and other facilities provided to you. SA-Gateway collects the following categories of personal information:
Prospective Clients – who contacts us via telephone or email and provides us with personal information such as name, contact details, email, physical and postal addresses or company details.
Clients – who have procured goods or services we render, and provide us with personal information such as name, contact details, email, physical and postal addresses, company details or banking details.
Suppliers / Service Providers – such as company name, address and contact details, banking details, VAT number and BEE certificate/level information.
Reseller – When you become one of our resellers, you will be required to provide us with personal information such as name, contact details, email, physical and postal addresses, company details or banking details.
Employees – all applicable employee information required to be kept from a labour law perspective and running of the business. Such information relates to internal employees and not external clients. As such, this Policy will not cover employee information, as this is dealt with in SA-Gateway internal Human Resources Policies. Furthermore, external parties (unless with applicable court orders or legal reasons) shall not have access to such employee information.
HOW PERSONAL INFORMATION IS COLLECTED
Your personal information is obtained directly from you either via our website, email communications, requests for proposals, hard copy forms submitted to SA-Gateway and on occasion, telephonically. In instances where clients require services, the client representative may provide individual personal information to SA-Gateway. It is the responsibility of the client to ensure the representative has consent from such individuals to share their general personal contact information.
PURPOSE FOR COLLECTING PERSONAL INFORMATION
SA-Gateway collects personal information for the following purposes:
To provide you with services offered and requested.
To understand your specific needs and requirements, and in order to improve our service and value offering.
To provide you with communication in relation to the services being rendered, and keeping you informed of industry specific developments.
To provide you with SA-Gateway related marketing material due to your past interaction and use of our services.
To ensure payment to suppliers for services procured.
For health and safety purposes.
For statistical, historical and/or reporting purposes.
SA-Gateway will always ask for your permission before it processes your personal information for any purpose not disclosed above or unrelated to the operations or services of SA-Gateway and its use in the ordinary course of business.
RECIPIENTS OF PERSONAL INFORMATION
The personal information collected is used only by SA-Gateway and its employees in the rendering of our services. Only in instances where the sharing of personal information to recipients outside of SA-Gateway is necessary, in order to fulfil an obligation or service, will such information be provided.
PERSONAL INFORMATION SHARED WITH THIRD PARTIES
As part of the services we provide to our clients, SA-Gateway may be required to provide third party service providers with minimal client personal information (such as for example: your name and contact details) in order to render our services. Personal information provided to third party service providers for such purposes, will be limited to only that information which is absolutely necessary in order for the client to enjoy such benefit which it is entitled to. No further information will be provided and third party service providers are prohibited from using client details for any other purpose other than providing the service or for statistical and historical purposes.
Your privacy is important to us. SA-Gateway will therefore not sell, rent nor provide your personal information to unauthorised entities or to third parties for their independent use without your consent. SA-Gateway will release your personal information to a third party only if we believe that it is required by law or by a court or statutory body to do so. SA-Gateway will also disclose your personal information if we believe that it is necessary to prevent or lessen any unlawful or harmful actions and to protect and defend legitimate business interests, rights or property of SA-Gateway.
PROTECTION OF PERSONAL INFORMATION
SA-Gateway values the information that you choose to provide to us and will therefore take all reasonable steps to protect your personal information from loss, misuse or unauthorised alteration. We conduct regular security testing of our servers to ensure that our employees are trained around protection of personal information to ensure that your personal information is used correctly and protected at all times.
When you use the services or facilities provided by SA-Gateway, you may be given a username, and password. You must always keep your username and password a secret and ensure that you do not disclose it to anyone. SA-Gateway shall not be held responsible for personal information accessed as a result of you providing someone your SA-Gateway profile username and password.
Upon your request SA-Gateway will provide you with its records of the personal information you provided to us. For security reasons, this information will only be sent to the e-mail address on file.
If you wish to object to SA-Gateway processing your personal information, kindly complete Form 1 (Annexure A) in terms of POPIA and send same to the Information Officer at SA-Gateway or to informationofficer@sagateway.com.
Note: Objecting to the processing of your personal information, may result in services being terminated, access or implementation issues and/or other service inefficiencies and communications.
STORAGE OF PERSONAL INFORMATION AND RETENTION THEREOF
Personal information is stored on the SA-Gateway servers located onsite and, in the cloud, (which in this case may be hosted outside of South Africa, see Clause 10 below) which is accessed by SA-Gateway’s internal employees only. Personal information will only be retained for so long as necessary to carry out the services required by you as our client and/or for historical and statistical use by SA-Gateway.
Personal information no longer required for the purposes of rendering services to you or after completion of services, will be destroyed. SA-Gateway undertakes to ensure that personal information shall not be stored for longer than 5 years, unless required to do so by law or other regulatory obligations and/or for historical record purposes. SA-Gateway may however maintain de-identified information for statistical purposes.
Note: Client records, Service Level Agreements, training records, reports or deliverables provided to our clients in terms of specific scope of work and personal information related thereto shall be kept indefinitely. The purpose of which is to ensure a continuous and accurate records of our clients, training history and reports or advice provided by SA-Gateway.
TRANS-BORDER FLOW OF PERSONAL INFORMATION
Your personal information may be stored on servers located outside of South Africa. SA-Gateway however undertakes to ensure that service providers used for such cloud servers and/or services are obliged to comply with the highest standards of data protection to ensure the security of your personal information.
Only in instances where the sharing of personal information to recipients outside of SA-Gateway is necessary, in order to fulfil an obligation or service, will such information be provided.
LINKS ON THE SA-GATEWAY WEBSITE OR EMAIL COMMUNICATIONS
SA-Gateway is not responsible for the content or the privacy policies of websites of other institutions or companies to which we may link you to. The use of third-party websites and content is at your sole discretion. This Policy applies solely to information collected by SA-Gateway.
SA-Gateway is not responsible for any representations or information or warranties or content on any website of any third party (including websites linked to SA-Gateway’s website). SA-Gateway does not exercise control over third parties’ privacy policies, and you should refer to the privacy policy of any third party to see how such party protects your privacy.
PERSONAL INFORMATION HELD BY OR DISCLOSED BY YOU TO THIRD PARTIES
If you disclose any personal information to a third party, such as one of our business partners or anyone other than SA-Gateway, you must be aware that SA-Gateway does not regulate or control how that third party uses your personal information. You should always ensure that you read the privacy policy of any third party.
CORRECTION OF PERSONAL INFORMATION
It is your responsibility to ensure that the personal information provided to SA-Gateway is true, correct and accurate at all times. You may update and correct your personal information at any time either via your own online SA-Gateway profile, via email communication to SA-Gateway, telephonically by calling your SA-Gateway representative or through completing and sending Form 2 (Annexure B) in terms of POPIA to the Information Officer at SA-Gateway or to informationofficer@sagateway.com
SA-Gateway does not verify or check the information provided to it, and thus will not be held responsible for any incorrect or outdated information it may have and which may be used to provide you with relevant and important communications.
If you would like your personal information to be deleted by SA-Gateway, kindly also use Form 2 (Annexure B) and send same to the Information Officer at SA-Gateway or to informationofficer@sagateway.com. Deleting your personal information may impact the services being used, offered or access thereto.
ACCESS TO PERSONAL INFORMATION HELD BY SA-GATEWAY
See the SA-Gateway PAIA Manual for detailed information around your rights to access information held by SA-Gateway and applicable steps to follow to obtain access thereto.
CHANGES TO THIS POLICY
SA-Gateway may amend this Policy at any time. The most current version of this Policy will be displayed on the SA-Gateway website. If you use this website or any of the services or facilities offered by SA-Gateway after we have displayed a change to this Policy, you will be deemed to have read and agreed to the change.
APPLICABLE LAWS
This Policy will be governed by the laws of the Republic of South Africa and more specifically, we undertake to comply with the provisions of POPIA and the Promotion of Access to Information Act No.2 of 2000 (“PAIA”).
In so far as SA-Gateway collects and processes personal information relating to European Citizens (who may elect to be SA-Gateway clients), SA-Gateway undertakes to uphold and comply with the data protection obligations in terms of the General Data Protection Regulation (GDPR) (EU) 2016/679 so far as it applies to SA-Gateway and in a proportionally manner based on the type and amount of information held. For more information on the GDPR see The European Commission website.
JURISDICTION
You consent to the jurisdiction of the South African courts for any dispute which may arise out of this Privacy Policy.
ANNEXURE A
FORM 1: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION
FORM 1
OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO.4 OF 2013)
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
[Regulation 2]
Note:
1. Affidavits or other documentary evidence as applicable in support of the objection may be attached.
2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
3. Complete as is applicable.
A | DETAILS OF DATA SUBJECT |
Name(s) and surname or registered name of data subject | |
Unique identifier / identity number | |
Residential, postal or business address | |
Postal code | |
Contact number | |
Email address | |
B | DETAILS OF RESPONSIBLE PARTY |
Name(s) and surname or registered name of responsible party | |
Residential, postal or business address | |
Postal code | |
Contact number | |
Email address | |
C | REASONS FOR OBJECTION IN TERMS OF SECTION 11(1)(d) to (f) (Please provide detailed reasons for the objection) |
__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ |
Signed at …………………………………… this …….. day of …………………………………20…………
______________________________________
Signature of data subject/designated person
ANNEXURE B
FORM 2: REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION
FORM 2
REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO.4 OF 2013)
REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018
[Regulation 3]
Note:
1. Affidavits or other documentary evidence as applicable in support of the request may be attached.
2. If the space provided for in this Form is inadequate, submit information as an Annexure to this Form and sign each page.
3. Complete as is applicable.
Mark the appropriate box with an “x”:
Request for: | |
Correction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party. | |
Destroying or deletion of a record of personal information about the data subject which is in possession or under the control of the responsible party and who is no longer authorised to retain the record of information. |
A | DETAILS OF DATA SUBJECT |
Name(s) and surname or registered name of data subject | |
Unique identifier / identity number | |
Residential, postal or business address | |
Postal code | |
Contact number | |
Email address | |
B | DETAILS OF RESPONSIBLE PARTY |
Name(s) and surname or registered name of responsible party | |
Residential, postal or business address | |
Postal code | |
Contact number | |
Email address | |
C | |
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ | |
D | REASONS FOR CORRECTION / DELETION / DESTRUCTION |
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ |
Signed at …………………………………… this …….. day of …………………………………20…………
______________________________________
Signature of data subject/designated person