Website Privacy Policy

PLEASE NOTE THAT OVER AND ABOVE THIS PRIVACY POLICY, ACCESS TO AND USE OF THIS WEBSITE AND ALL SERVICES RENDERED BY ABALIMI BEZEKHAYA IS SUBJECT TO ABALIMI BEZEKHAYA’S TERMS AND CONDITIONS (‘ T&C’) AS WELL AS ITS WEBSITE CONDITIONS – WHERE THERE IS A CONFLICT BETWEEN ANY OF THESE,  THE T&C WILL PREVAIL 

  • The Constitution of South Africa (Act 108 of 1996) affords all its citizens the right to privacy in terms of section 14 (d).
  • However your use of the websites www.abalimi.org.za and www.harvestofhope.org.za and affiliated sites (hereinafter referred to as ‘Our Website’) is for personal use as well as transacting business with Abalimi Bezekhaya and Harvest of Hope (hereinafter referred to as ‘us’ or ‘we’ or ‘our’) and accordingly the right of privacy afforded as aforesaid and pertaining to such communications and data as well as any personal information conveyed during the course of such usage and transactions is limited and is subject to inter alia the Electronic Communications and Transactions Act, Act 25 of 2002 (‘ECTA’), the Promotion of Access to Information Act, Act number 2 of 2000 (‘PAIA’), the Consumer Protection Act, Act 68 of 2008 (‘CPA’) and the Protection of Personal Information Act, Act 4 of 2013 [‘POPIA’]) and, in the case of residents of the European Community (‘the EC’), the General Data Protection Regulations of 2018 (‘the GDPR’)(the ECTA, POPIA and GDPR will collective be referred to herein as ‘the Privacy Legislation’)  .
  • You are, by using Our Website (which includes e.g. when you create a profile, download and/or use our app.), deemed, in terms of the Privacy Legislation, to grant us ‘express voluntary specific and informed’ consent and permission to ‘process’ and ‘further process’ (as defined in the Privacy Legislation) your personal information (‘your Information’) and where applicable the special personal information (as defined in the Privacy Legislation) for the purposes of any personal use or business you may now or in future transact with us and to disclose your Information to any of the party we engage to provide of products and services to you (‘the Third Parties’).
  • The purpose of this Privacy Policy is to inform you how we will use your Information so that if you provide us with your consent, you will have been thus informed and be in a position to make such an ‘informed’ If any aspect of this Privacy Policy is not clear, feel free to contact us. However once you given us the ‘go ahead’ to process your Information, you will be deemed to have read, understand and agree to be bound by the content and import of this Privacy Policy and such ‘go ahead’ will be deemed to meet the stipulated ‘consent requirements’ .
  • Your Information includes mainly perfunctory details such as your name, surname, address, identity and passport numbers, other contact detail and also more subjective issues such as personal opinions, preferences and whereas the Special Personal Information more sensitive details such as religious beliefs, race, political persuasion, sex life, health and biometric information. Most of this information is crucial for us to provide you effectively with the services and/or products you have requested and if you were to refuse consent, which you are entitled to do, we will not be able to assist you (See ‘Rights’ below).
  • Note that the purpose of the Privacy Legislation is not only to protect your privacy but also to place you in control of your Information, even if you have given your consent.
  • You must bear in mind that the Privacy Legislation is even more demanding when it comes to the processing of special personal information and that of children, so we believe that any reservations you may have in that regard have been more than adequately addressed.
  • If you are disclosing personal information about other persons (natural or juristic – the latter is not covered by GDPR) you will be deemed to have their permission and to have been duly authorized to do so and indemnify us against any actions by such third parties (Their and your personal information will be collectively referred to herein as ‘the Information’ and ‘you’ and ‘your’ will be deemed to include/refer to such other persons) .
  • We will ensure the processing of all the personal information disclosed to us (‘the Information’) complies with the Privacy Legislation and that it is adequate, relevant and not excessive.
  • Over and above the Privacy Legislation you have the protection of the PAIA – we will use its best endeavours to ensure in processing the Information, we comply with the PAIA and that such disclosure is not, to the best of its knowledge, unreasonable (section 34); will not to the best of its knowledge, cause harm to the user’s commercial or financial interests (section 36); constitute an action for breach of a duty of confidence owed to the user (section 37), or could reasonably be expected to endanger the life or physical safety of the user (section 38).
  • The Regulation of Interception of Communications and Provision of Communications-related Information Act (70/2002) (‘RICA’) affords us certain rights to monitor inter alia electronic communications via our network. By using Our network You consent to such interception within the ambit of RICA.
  • Our Website is linked to other websites. This privacy policy only applies to Our Website. It is your duty to read the privacy policies of any such other linked sites. We do not exercise any control over and do not provide any guarantees regarding such other websites.

 

  • The primary reason we collect the Information is so that we can provide you with the requested services and/or products.
  • The secondary reason includes so that we can (1) improve our service to you; (2) customize our service where requested, required or where it is appropriate to do so; (3) advise you of any changes (e.g. in your itinerary) or specials from time to time; (4) Analytics (Profiling): we do this ourselves or by utelizing the services of third parties. This entails using the all information we gather to ascertain trading patterns. An example we may determine which websites you have come from/are going to; the browser you may be using; the identity of your device and your IP address. However identifying elements will be removed (or as provided for in the POPIA, ‘de-identified’) and encryption will be implemented to protect your personal information (See also ‘Cookies’ below).

 

  • When we engage Third Parties in the service delivery process, we have to share the Information with them but it will only be to such Third Parties as have been disclosed to you.

 

  • We mentioned above that you are at all times in control of the Information. This control you can exercise by virtue of the rights afforded you in the Privacy Legislation – these RIGHTS are:
    • Subject to certain exceptions (see ‘Exceptions’ below) we always have to obtain your Information from you personally
    • We are not allowed to process your/the Information unless we have your ‘informed, specific and voluntary consent’
    • We are obliged to advise you of the purpose for which we will be processing and with whom we will be sharing the Information – this document endeavours to fulfill this obligation.
    • We are obliged to advise you of the identity(ies) and contact details of the party(ies) who will be processing the Information – we will provide you with such details: ours by referring you to ‘Contact Us’ and that of Third Parties in the documentation pertaining to the services and products to be provided in due course.
    • You can call upon us at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof.
    • Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to ‘opt out’/’unsubscribe’
    • You are entitled to enquire at any time about the steps we’ve taken to ensure that our safeguards pertaining to the protection of the Information meet the requirements of the Privacy Legislation.
    • You may require of us to restrict the processing of your Information
    • You can lodge complaints: (1) via the relevant section of our website; (2) with our Information Officer (see our website) and/or (3) with the POPIA Information Regulator
  • You are entitled and we are obliged to inform you when our security has been breached (POPIA: ‘as soon as reasonably possible’ and GDPR: within 72 hours)

 

  • EXCEPTIONSe. when the Privacy Legislation is not applicable and we do not require your consent:
    • If you (the ‘data subject’) have made your Information public
    • If the Information is a matter of public record, i.e. it is ‘in the public domain and under the control of a public body’
    • If we are complying with an obligation imposed by law
    • If involves compliance with court proceedings
    • If it involves national security
    • If it is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult
    • If use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards – a balance must be struck between your right to privacy and the freedom of expression
    • If the Information has been ‘de-identified’e. so that the identities of the parties cannot be determined (also sometimes referred to as ‘pseudonynimisation’)
    • If we are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed

 

  • STORAGE
    • Your Information will not be stored longer than is reasonably required for us to complete the purposes for which has been processed
    • However we may retain your Information for longer periods if required for e.g. taxation purposes

 

  • DIRECT MARKETING (‘DM‘)
    • DM is defined as approach(ing) a person, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the person’
    • ‘Electronic communication’ is defined as communication by means of electronic transmission, including by telephone, fax, sms, wireless computer access, email or any similar technology or device’
    • DM may only be addressed to you if you are our customer, we’ve obtained your consent and it was obtained in the process of a sale of goods and/or services and at the time of the sale*
    • The DM must pertain to goods and/or services that originate from us and are similar to those in the previous sale*
    • Each DM must provide you with the opportunity to opt out/unsubscribe and doing so must be at our expense.
    • The purpose is not only to keep you informed but to link it to preferences
    • Note that DM does not mean or relate to your existing booking

 

  • COOKIES
    • Cookies are used to achieve two goals. The first is to provide us with the capability to personalize information for certain segments of our customer base. Secondly, in some instances, cookies are used to allow us the opportunity to associate individual customers with their information profiles.
    • A cookie is a series of data characters that, when programmed into a Web site, is placed by the Web Server into the browser’s application folder on your computer. Once placed onto your machine, the cookie will allow the Web site to “recognize” you as a unique individual.
    • Yes, cookies can be removed from your hard drive. Also, depending on what type of web browser and what browser version you are using, you may be able to change the properties on your cookie file so that cookies are not used or saved. Please check with your browser provider for more information on removing cookies.
    • You can also prevent your browser from accepting new cookies.

 

  • SECURITY
    • We have carried out a data protection impact assessment which entailed a ‘systematic and extensive evaluation of our processes and current safeguards’
    • This assessment addressed amongst others how and when we process the Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
    • Based on the report by the experts who carried out this assessment, we have implemented ‘appropriate, reasonable and organizational measures to (1) ensure the integrity and confidentiality’ of the Information; (2) prevent the loss of, damage to or unauthorized destruction or access to or processing’ of the Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis
    • These measures will meet the most stringent of ‘generally accepted information security practices’ and/or ‘specific industry or professional rules and regulations’
    • These measures include amongst others encryption; controlling privileges of users; destroying the Information when no longer required; regular audits; back-ups; emergency incident strategies.

 

  • AMENDMENTS – Please note that we reserve the right to make amendments to this privacy policy from time to time. Each time an amendment is made it will be dated accordingly.

 

Many thanks to Advocate Louis Nel “Louis the Lawyer” for his support on this.

© ADV. LOUIS NEL
LOUIS-THE-LAWYER
19 AUGUST  2018
http://louisthelawyer.co.za/