legal
Privacy Policy
- DEFINITIONS
Capitalised words in this Policy are as defined in Protection of Personal Information Act, 2013 (Act No. 4 of 2014).
AIS means Africa Industry Solutions Group.
Personal Information is information that identifies or relates specifically to You and includes Your name, age, identity number, contact details and payment information and history.
Biometrics are biological measurements or physical characteristics that can be used to identify individuals.
Platforms means all platforms used by AIS which are Twitter, LinkedIn, Facebook and Instagram.
INTRODUCTION
AIS respects your right to privacy and is committed to the protection thereof. This Privacy Policy explains how we process the Personal Information we collect from you and also informs you of your rights in terms of the Protection of Personal Information Act, Act No.4 of 2013 (“POPIA”). Accordingly, this Privacy Policy explains amongst other things:
- What Personal Information AIS collects;
- For what purpose AIS collects Personal Information;
- How AIS collects Personal Information;
- How long AIS retains Personal Information; and
- Your rights as a data subject.
PURPOSE
The purpose of this policy is to describe the way we collect, store, use and protect information that can be associated with a specific natural or juristic person and can be used to identify that person (“Personal Information”). This Privacy Policy should be read in conjunction with the POPIA and its Regulations, where applicable.
Personal Information includes:
- certain information collected on entering competitions through Facebook comments.
- optional information that you voluntarily provide to us.
- additional data that you provide to AIS in the comments section on the AIS Platforms, especially in forms of discussion boards and using the comment features of blogs (“comment data”).
- your IP address, information about the amount of data transferred, stored in access log files (“usage data”).
- first name, last name, date of birth, email address, country, job title, phone number, fax number, company name, and additional information that you provide when contacting us using our websites, especially information provided in free text fields of contact forms (“contact data”).
- additional data that you provide to AIS while subscribing for any of AIS’s products and/or services etc. (“subscription information”).
- email address, phone number, name, company name and country provided when subscribing to a newsletter or other marketing information of AIS (“direct marketing data”).
- personal Information sent by your web browser, i.e. information about your type of web browser, your operating system, and selected settings (e.g. language, region, font size, font types and other configuration) may be collected (“browser data”).
Personal Information excludes:
- information that has been made anonymous so that it does not identify a specific person;
- permanently de-identified information that does not relate or cannot be traced back to you specifically; and
- non-personal statistical information collected and complied by AIS and information that you have provided voluntarily in an open, public environment or forum including (without limitation) any blog, chat room, community, classified advertisement or discussion board. Since the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy.
PRINCIPLES
AIS has implemented the following approach concerning Personal Information:
- To be transparent in its standard operating procedures that govern the collection and processing of Personal Information;
- To comply with all applicable legal and regulatory requirements regarding the processing of Personal Information;
- o collect Personal Information by lawful and transparent means and process Personal Information in a manner compatible with the purpose for which it was collected;
- To strive to keep personal Information accurate, complete and up-to[1]date and reliable for its intended use;
- To develop reliable, safe and sustainable means of protecting the Personal Information of employees whether physical or digitally so as to prevent leakage, loss, alteration or misuse of said information;
- When consigning to outside entities for the protection of said information, AIS will only select those entities with the ability to safeguard and manage the said information.
- This policy will be made known to AIS’s current or prospective employees, clients, suppliers and service providers; and
- AIS will strive to continuously improve this Privacy Policy and all other systems for the protection of Personal Information so as to adapt to a changing environment or according to legal needs.
PERSONAL INFORMATION COLLECTED BY AIS
- Personal information is defined by POPIA as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- Information relating to the education or the medical, financial, criminal or employment of the person;
- Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- The fingerprints or other biometric information of the person;
- The personal opinions, views or preferences of the person;
- Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the content of the original correspondence;
- The view or opinions of another individual about the person; and
- The name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
- AIS may process any of the types of Personal Information as defined above, although it will only be processed in so far as it is adequate, necessary, relevant and not excessive in relation to the purposes for which it is required.
PURPOSE FOR WHICH PERSONAL INFORMATION IS COLLECTED BY AIS
The purpose for which AIS uses your Personal Information will include amongst others:
When you are a client:
- identify you and conduct appropriate checks, audits and procedures; marketing and promotions (including contacting you for such purposes);
- administer and manage the products and services AIS offers to you; and
- get a better understanding of you, your needs and how you interact with AIS, so AIS can engage in product and service research, development and business strategy including managing the delivery of AIS’s services and products via the ways AIS communicates with you.
When you are a supplier or service provider:
- identify the company and conduct appropriate checks, audits, due diligence and procedures;
- payment for the goods and/or services acquired and used;
- communication in relation to the goods and/or services supplied;
- review, compare and evaluate the goods and/or services supplied;
- record keeping in accordance with the applicable legislation; and
- performance of the parties’ respective obligations under the applicable agreement for the supply of the goods and/or services.
When you are an employee or prospective employee:
- identify and conduct appropriate checks, audits and procedures;
- payment of employment benefits and related deductions;
- record keeping and reporting in accordance with the applicable legislation; contacting purposes;
- review and evaluate your work experience and qualifications; and
- recruitment purposes.
Further to above, AIS may use your Personal Information to:
- a) pursue AIS’s legitimate interests such as to compile reports and statistical analysis;
b) comply with requests for information from any internal or external auditor, or any regulatory body;
c) meet legal and regulatory requirements to which AIS may be subject;
d) use in connection with legal proceedings; and
e) assist with any criminal or similar investigation.
Where AIS shares your Personal Information with the above third parties, the latter will be obliged to use that personal information for the reasons and purposes it was disclosed for.
SECURITY AND CONFIDENTIALITY
AIS takes appropriate and reasonable technical and structural security measures to protect your Personal Information in its possession against accidental or illegal damage, loss, modification, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing of the Personal Information.
Legal Basis for Processing
AIS will process your Personal Information as a responsible party as described in this Privacy Policy, where such processing is in AIS’s legitimate interests and in compliance with your privacy interests or fundamental rights and freedom. AIS’s legitimate interests typically include improving, maintaining, providing, and enhancing its technology, and services; and ensuring the security of the AIS website and AIS platforms.
Lawfulness of Processing
AIS is committed to processing your Personal Information lawfully, within reason and in a manner that respects your right to privacy and aligned with the purpose for which it is processed, taking into account the adequacy and relevance thereof at all times.
The lawfulness for the processing of Personal Information is the performance of a contract or steps prior to communicating, engaging with you and/or referring you to AIS’s associates. Using this Personal Information is required to ensure that AIS is able to provide you with the information or assistance you require from it. Without this personal information you will not be able to communicate, engage with or be referred to AIS’s associates.
Data breach
In the event of a data breach leading to the accidental or illegal damage, loss, modification, unauthorised disclosure or any unauthorised access to any Personal Information that has been transmitted, stored or otherwise processed by AIS, AIS has the relevant measures and policies in place to cater for and assess the details relating to any such data breach in a prompt and efficient manner. AIS will notify you of such data breach as soon as possible in accordance with POPIA.
As stated above, when AIS contracts with third parties, AIS concludes agreements with them in terms of which AIS imposes appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure.
Whilst AIS will do all things reasonably necessary to protect your rights of privacy, AIS cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in AIS’s possession, made by third parties who are not subject to AIS’s control, unless such disclosure is as a result of AIS’s gross negligence.
If you disclose your personal information to a third party, AIS SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF THE DISCLOSURE OF SUCH INFORMATION TO THE THIRD PARTY. This is because AIS does not regulate or control how that third party uses your personal information. You should always ensure that you read the privacy policy of any third party.
TRANSFER OF PERSONAL INFORMATION OUTSIDE SOUTH AFRICA
- AIS will not transfer any personal information across a country border without complying with the provisions of section 72 of the POPIA and your prior written
AIS PLATFORMS
AIS’s website also references and includes links to its platforms. As a rule, these are identified by stating the platform type and respective third-party internet address or the company/product logo in such a platform. AIS has no influence whatsoever on the contents and design of websites of other providers linked to AIS platforms. By referencing/linking these external websites AIS does not adopt their content as its own.
PARTICIPATION ON AIS PLATFORMS
The AIS website may offer you the opportunity to participate in AIS platforms. In order to use the AIS platforms, it may be necessary to enter certain Personal Information (email address, first name and last name, company name and country, contact number (“Contact Data”) to enable AIS to identify and, where appropriate, comply with the obligation to retroactively identify authors of illegal content. The details of this Contact Data are voluntary for you. Please note that you may not be able to use AIS Platforms if you do not want to provide your Contact Data. This is associated with no further disadvantages.
When participating in the AIS Platforms your Personal Information is not disclosed to other participants unless you have consented thereto in your user profile. In this context, AIS’s website terms pertaining to platforms apply when registering for access to AIS Platforms.
CONSENT, JUSTIFICATION AND OBJECTIVES
In so far that you have given the consent, AIS will also use your direct marketing data for marketing purposes, e.g., to send newsletters. The lawfulness for processing your direct marketing data is AIS’s legitimate interest, e.g. to improve AIS’s communication, engagement, services, or your consent.
In so far that you have given the consent, AIS will also use your browser data for market research and the improvement of the AIS website, AIS platforms and services, and to improve your user experience. The lawfulness for processing your browser data is your consent or AIS’s legitimate interest.
In so far that you have given the consent, AIS will also collect your usage data for statistical purposes, for the analysis of advertisement on the AIS website, AIS platforms and for adapting the advertisement for AIS’s services to better match your interests. Log files are only used for statistical analysis of the visitors to the AIS website. The usage data is deleted after having been analysed. The lawfulness for processing this usage data is for statistical purposes and is for AIS’s legitimate interest, e.g. internal organisation, or your consent.
AIS will also use your usage data for internal system-specific purposes to secure the AIS website, AIS platforms, and IT systems from malicious attacks by third parties. The lawfulness is a balancing of interests of the conflicting interests of the security of the IT systems on AIS’s part and your potentially conflicting interests in a non-processing of the usage data by us. Considering the security and measures of the processing of the usage data by AIS, AIS considers your rights and interests appropriately taken into account and protected.
Beyond these purposes, AIS uses and processes your Personal Data only if you have expressly granted your prior consent thereto and if you have been informed about such purposes.
Please note that:-
- you can object, at any time to the processing of your Personal Information irrespective of the purpose, on reasonable grounds (unless legislation allows for such Processing) by sending AIS an email at info@aisgroupsa.com, in a prescribed manner.
- providing the direct marketing data and browser data is optional. If you do not provide this Personal Information, you will not receive any direct marketing information from AIS, and your data will not be used to improve your user experience and will not be used for statistical purposes; and
- Once AIS obtains the abovementioned objections, AIS will no longer Process your Personal Information.
- You can opt out of receiving communications from us at any time. Any direct marketing communications that AIS sends to you will provide you with the information and means necessary to opt out.
- COOKIE POLICY
The AIS website make use of “cookies” to automatically collect information and data through the standard operation of the Internet servers. “Cookies” are small text files a website can use (and which AIS may use) to recognise repeat users, facilitate the user’s on-going access to and use of a website and allow a website to track usage behaviour and compile aggregate data that will allow the website operator to improve the functionality of the website and its content, and to display more focused advertising to a user by way of third party tools. The type of information collected by cookies is not used to personally identify you. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.
Please note that cookies may be necessary to provide you with certain features available on the AIS websites, and thus if you disable the cookies on your browser you may not be able to use those features, and your access to AIS’s website will therefore be limited. AIS may use various technologies to collect and store information when you interact with AIS via the AIS websites and/or AIS platforms. Please refer to AIS’s cookie policy by on cookies policy for more information.
RETENTION PERIOD OF PERSONAL INFORMATION
- In accordance with POPIA, AIS will keep your Personal Information on record for as long as:a) It is legally obliged to do so;
b) A contract or agreement with you requires AIS to keep it;
c) You have consented to AIS keeping it;
d) AIS reasonably requires it to achieve the purpose set out in the terms of transaction or contract with you;
e) AIS requires it for legitimate business purposes; or
f) There is ongoing litigation, investigation or tax or other regulatory query relating to the Personal Information.
g) In order to protect information from accidental or malicious destruction when AIS deletes information from its services, AIS may not immediately delete residual copies and Personal Information from its backup systems.
h) If your Personal Information is no longer required on AIS platforms to comply with contractual or legal obligations, it will be deleted from AIS’s systems or anonymized accordingly so that identification is not possible, unless AIS has to keep the information, including your Personal Information, to comply with legal or regulatory obligations (e.g. statutory retention periods which may arise from the commercial laws or tax laws and may in principle be 5 to 10 years or, if during the statutory limitation periods, which are regularly 5 years, but may be up to 10 years, evidence must be secured).DATA SUBJECT RIGHTS
As a data subject you have a legal right in terms of POPIA to:
- Request information about your stored Personal Information, (ii) rectification of your Personal Information, (iii) restriction of processing of your Personal Information, (iv) deletion of your Personal Information, (v) data portability, (vi) revocation of your consent for processing of your Personal Information and (vii) object to the processing of your Personal Information.Important to note with regards to your rights is the following:
a) To exercise these rights, please contact AIS’s Information Officer at:
info@aissa.com. AIS will require adequate proof of identification from you prior to responding to you (which AIS will do within a reasonable time);
b) AIS will correct or delete information unless it is required or entitled to keep such information under applicable laws, in which case AIS will inform you.
c) If AIS believes information does not require correction, AIS will provide you with credible reasoning for such.
d) You also have the right to file a complaint with the Information Regulator at https://www.justice.gov.za/inforeg/. Should you wish to lodge a complaint with the Information Regulator related to this Privacy Policy, you may do so in the prescribed manner and form.
e) The address of the Information Regulator is as follows:
The Information Regulator (South Africa)
33 Hoofd Street, Forum III, 3rd Floor. Braampark
PO Box 31533 Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za
f) For further information on how to exercise these rights, please refer to AIS’s PAIA and POPIA manual which is available on the AIS website.
DETAIL OF DATA SUBJECT RIGHTS
Right to information: You have the right to ask AIS for confirmation of the Processing of your Personal Information in question and, if so, of your right to information about such Personal Information. The right to information includes, among other things, the processing purposes, the categories of Personal Information being processed and the recipients or categories of recipients to whom the Personal Information is disclosed. You may also have the right to receive a copy of the Personal Information that is the subject of the processing. However, this right is limited in that, the rights of others may limit your right to receive a copy.
Right to rectification: – You may be entitled to request the correction of incorrect Personal Information concerning you. In consideration of the purposes of processing, you have the right to request the completion of incomplete Personal Information, including by means of a supplementary statement.
Right to erasure (“Right to be forgotten”): – Under certain conditions, you have the right to ask AIS to delete your Personal Information.
Right to restriction of Processing: – Under certain circumstances, you have the right to demand that AIS restricts the processing of your Personal Information. In this case, the corresponding data will be marked and processed by AIS only for specific purposes.
Right to data portability: – Under certain circumstances, you have the right to receive the Personal Information relating to you that you have provided to AIS in a structured, commonly used and machine-readable format and you have the right to transfer that data to another person without obstruction by AIS.
Right to revocation of consent: – If you have given your consent for some data processing activities, you may revoke your consent at any time with future effect. Such revocation shall not affect the lawfulness of the processing because of the consent until the revocation.
Right to object: – For reasons arising from your particular situation, you have the right to object to the processing of Personal Information relating to you on the basis of Section 11 of Condition 2 of Part 3 of POPIA (data processing based on legitimate interests). If you object, AIS will no longer process your Personal Information unless AIS can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising, or defending legal claims.
UPDATES TO THE POLICY
This Privacy Policy will be reviewed by the AIS Finance and Risk Committee and is subject to change without prior notice provided these changes have been approved by the AIS Board of Directors.