Smart is Cool (Pty) Ltd recognizes that your privacy is imperative to you and that you care about how your personal information is utilised. We value and respect the privacy of all those that we have dealings with, as such, we use personal information in a manner that is consistent with the Protection of Personal Information Act.
The use as well as the processing of your personal information is described fully below.
Information About Us
Smart Is Cool (Pty) Ltd
- Company registration number- 2017/318535/07
- Place of business – Johannesburg, 2091
- Information officer: Katlego Motlogelwa
- Email address: firstname.lastname@example.org
This privacy note deals with the following
This Privacy Notice explains how we use your personal information: how the information is collected, how the information is held, as well as the processing of such information. We also explain your rights under the law relating to your personal information.
What Is Personal Information?
The Act defines Personal information as ‘any information relating to an identifiable living natural or existing juristic person’.
Personal information is also understood to refer to, any information about you that enables you to be identified. Personal information covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Personal information can be processed by both automated (electronically) and non-automated means (paper based as part of a filing system).
Rights of the data subject
Under POPIA, you have the right to have your personal information processed according to 8 processing conditions that are summarized as follows:
It is our responsibility to ensure that the conditions set out in Chapter 3 of the Act and all the associated measures are complied with. Personal information must be collected and processed lawfully in a reasonable fashion that does not infringe on your rights. Personal information may only be processed if it is adequate, relevant, and not excessive. Personal information may only be processed if you consent thereto, alternatively where it is necessary to do so for the conclusion or performance of a contract, an obligation in terms of law, to protect your legitimate interest/s, or to pursue our legitimate interest/s. Personal information must as far as possible be collected directly from you.
It is a requirement that personal information must be collected for a specific explicitly defined and lawful purpose related to a function or activity of ours. The said personal information may not be retained any longer than necessary for achieving the purposes for which the information was collected and/or subsequently processed. It is prohibited to further processes your personal information unless such processing is compatible with the initial purpose of collecting the information.
it is a requirement that we take reasonable, practicable steps to ensure that your personal information is complete, accurate, and not misleading. Such personal information must also be kept up to date, taking into consideration the purpose of the personal information. The nature and purpose of your personal information will dictate as to how often such information must be updated.
It is a requirement that we must, as far as it is practicable, inform you before your personal information is collected and the purpose of collecting and from where your personal information will be collected. You are entitled to our details and must be made aware of the consequences of not disclosing personal information to us where it is required for a specific purpose. You must also be made aware if your personal information is collected and processed as requirement established in law.
You will be advised if your personal information will be transferred across the borders of South Africa, in accordance with section 72 of the Act. it is a requirement that we must secure the integrity and confidentiality of your personal information by taking appropriate reasonable, technical, and organisational measures, to prevent the loss thereof or unlawful access thereto. You have the right to establish whether your personal information is held by us and to have it corrected or destroyed if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or have been obtained unlawfully
Other applicable rights
Your further have the following rights.
The right to be informed about our or collection and use of your personal information. The right to access the personal information we hold about you. The right to have your personal information rectified if any of your personal information held by us is inaccurate or incomplete. The right to ask us to delete or otherwise dispose of any of your personal information that we hold. The right to restrict (i.e. prevent) the processing of your personal information.
The right to object to us using your personal information for a particular purpose or purposes. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal information, you are free to withdraw that consent at any time. The right to not have your personal information processed for the purposes of direct marketing by means of electronic communication without your consent.
It is important that your personal information is kept accurate and up to date. If any of the personal information we hold about you changes, please keep us informed as long as we have that information.
Further information about your rights can also be obtained from the Information Regulator’s Office at https://www.justice.gov.za/inforeg
If you have any cause for complaint about our use of your personal information, you have the right to lodge a complaint with the Information Regulator’s Office. We would welcome the opportunity to resolve your concerns ourselves, so please contact us first before approaching the Information Regulator.
The type of Personal Information we will collect from you?
While using our services, we may ask You to provide us with certain personal identifiable information that can be used to contact or to identify You. Personal identifiable information may include, but not limited to:
- Email address;
- First name and last name;
- Contact details;
- Address, City/Town, Province, ZIP/Postal Code.
Sensitive Personal Data
Depending on the services that you require, we may also collect sensitive personal information may include, but not limited to:
- Bank account details;
- Health information
- Education and professional qualifications
- Sensitive demographic information – age, gender.
How we will utilize your personal information
The Act requires us to always have a lawful basis for using your personal information. We may use your personal information for one or all of the following purposes:
- The administration of our business.
- Providing products and / or services to you.
- Managing payments / donations.
- Personalising and tailoring our products and / or services for you.
- Communicating with you.
- Supplying you with information by electronic communication if you have agreed thereto.
- With your permission we may also use your personal information for marketing purposes, which may include contacting you by email and / or telephone and / or text message with information, news, and offers on our products and / or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under POPIA, and you will always have the opportunity to opt-out.
We will only use your personal information for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal information for that purpose. If we do use your personal information in this way and you wish us to explain how the new purpose is compatible with the original.
If we need to use your personal information for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so or obtain permission from you to do so.
In some circumstances, where permitted or required by law, we may process your personal information without your knowledge or consent. This will only be done within the bounds of POPIA and your legal rights.
How Long Will You Keep My Personal information?
We will not keep your personal information for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal information will therefore be kept for:
- as long as it serves the purpose it was collected and intended for,
- such periods as prescribed in any legislation applicable to our business,
- any period agreed to in a contract,
- the purposes of fulfilment of a contract, or
- any period you may have agreed to.
- How and Where Do You Store or Transfer My Personal information?
We will endeavour to store your personal information in South Africa. This means that it will be fully protected under POPIA. In the event that we transfer your personal information across the border we will let you know accordingly. We will take additional steps in order to ensure that your personal information is treated just as safely and securely as it would be within South Africa and under POPIA.
The security of your personal information is essential to us, as such, to protect your information, we take a number of important measures, including the following:
- Limiting access to your personal information to those employees, agents, contractors, and other third parties with a legitimate need to know and, where applicable, ensuring that they are subject to duties of confidentiality.
- Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal information) including notifying you and the Information Regulator’s Office where we are legally required to do so.
- We have identified all reasonable and foreseeable internal and external risks and introduced safeguards to mitigate such risks.
- Continuous maintenance and updating of such safeguards to secure your personal information.
- Do You Share My Personal information?
We will not share any of your personal information with any third parties for any purposes, subject to the following exception/s.
- For the purposes of inter aliafulfilment of an application, contract, rendering of a service or goods.
- In the event that we sell, transfer, or merge parts of our business or assets, your personal information may be transferred to a third party. Any new owner of our business may continue to use your personal information in the same way(s) that we have used it, as specified in this Privacy Notice.
- In some limited circumstances, we may be legally required to share certain personal information, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If any of your personal information is shared with a third party, as described above, we will take reasonable steps to ensure that your personal information is handled safely, securely, and in accordance with your rights.
We may make use of third-party service providers to process personal information on our behalf. To protect such personal information, we will enter into a formal written agreement with the service provider. In terms of such agreement the service provider will be required to process personal information in accordance with conditions as prescribed by us, including measures to protect the security and integrity for such personal information.
How Can I Access My Personal information?
If you want to know what personal information we have about you, you can ask us for details of that personal information and for a copy of it (where any such personal information is held). This is known as a Subject Access Request (“SAR”).
All SARs should be made in writing and sent to the email or postal addresses we have provided you with.
There may be a fee charged for a SAR, especially if your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your data subject access request within one month. Normally, we aim to provide a complete response, including a copy of your personal information within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How Do I Contact You?
To contact us about anything to do with your personal information and the protection of your personal information, including to make a data subject access request, please use the following details (for the attention of The Information Officer):
- Email address: email@example.com