PRIVACY POLICY

INTRODUCTION:

We respect the privacy of all our clients, customers, and suppliers (our data subjects).
This policy explains how we obtain, use, and dispose of the personal information of our data
subjects. It furthermore sets out the processes our data subjects can follow regarding their
personal information in our possession or to be obtained by us.
We urge you to read this policy so that you can understand our approach towards the use of
our data subjects’ personal information.

      1. DEFINITIONS:

    1.1 “Company” means TechBags.co.za a product of Viewnet (Pty) ltd
    1.2 “Data Subject” means the natural or juristic person to whom personal information
    relates, such as an individual client, customer or a company that supplies the Company with
    products, services, or other goods.
    1.4. “Information Officer” means the person responsible for ensuring the Company’s
    compliance with POPIA. Where no Information Officer is appointed, the head of the
    Company will be responsible for performing the Information Officer’s duties.
    1.5. “Personal Information” means any information that can be used to reveal a person’s
    identity. Personal Information relates to an identifiable, living, natural person, and where
    applicable, an identifiable, existing juristic person (such as a Company), including, but not
    limited to information concerning—
    1.5.1. race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual
    orientation, age, physical or mental health, disability, religion, conscience, belief, culture,
    language, and birth of a person.
    1.5.2. information relating to the education or the medical, financial, criminal or employment
    history of the person.
    1.5.3. any identifying number, symbol, email address, physical address, telephone number,
    location information, online identifier, or other particular assignment to the person.
    1.5.4. the biometric information of the person.
    1.5.5. the personal opinions, views, or preferences of the person.
    1.5.6. correspondence sent by the person that is implicitly or explicitly of a private or
    confidential nature or further correspondence that would reveal the contents of the original
    correspondence.
    1.5.7. the views or opinions of another individual about the person.
    1.5.8. the name of the person if it appears with other Personal Information relating to the
    person or if the disclosure of the name itself would reveal information about the person.
    1.6. “Personnel” refers to any person who works for, or provides services to or on behalf of
    the Company, and receives or is entitled to receive remuneration and any other person who
    assists in carrying out or conducting the business of the Company, which includes, without
    limitation, all directors / all directors, all permanent, temporary, and part‐ time staff as well as
    contract workers; and
    1.7. “POPIA” means the Protection of Personal Information Act No. 4 of 2013; and
    1.8. “POPIA Policy” means such Policy as adopted by the Company in compliance with the
    provisions of POPIA, and as amended from time to time; and
    1.9. “Regulator” means the Information Regulator established in terms of Section 39 of
    POPIA.

      1.  

        1. PURPOSE OF THIS POLICY

      This policy explains how we obtain, use, and dispose of the personal information of our data
      subjects. It furthermore sets out the processes our data subjects can follow regarding their
      personal information in our possession or to be obtained by us.

          1. COLLECTION OF PERSONAL INFORMATION:

        3.1. We collect and process our data subjects’ personal information to enable us to
        exchange correspondence, quotes, invoices, and statements and to support our relationship
        with them and for certain other purposes explained below. The type of information we collect
        will depend on the purpose for which it is collected and used. We will only collect information
        that we need for that purpose and any requests will be properly motivated by us.
        3.2. Examples of Personal Information we collect:
        3.2.1 Name and registration/ ID number.
        3.2.2 Physical address / registered address.
        3.2.3 Email address.
        3.2.4 Telephone/cell numbers.
        3.2.5 VAT numbers for invoicing purposes.
        3.2.6 Bank account confirmation in respect of suppliers.
        3.3. Access to Personal Information will be and can be given to:
        3.3.1. Auditors and / or Accountants of the Company; and
        3.3.2. Attorneys and / or Counsel appointed by the Company.

            1. HOW WE COLLECT PERSONAL INFORMATION:

          4.1. Directly from our data subjects when they use our website or any of our services or if we
          request it from them.
          4.2. In limited instances, we collect personal information from third parties. We will only
          collect personal information this way where such information is publicly available or for
          legitimate business purposes.
          4.3. Through the use of cookies, which will mainly be used to identify visitors that return to
          our website. You can prevent us from doing this through a setting on your browser. Cookies
          only store information from your browser and cannot access data on your computer.

              1. THE USE OF OUR DATA SUBJECTS PERSONAL INFORMATION:

            We may use our data subject’s personal information for any legitimate business purposes
            relating to our services and/or business activities. Some of the purposes for which we use
            our data subject’s personal information include:
            5.1. responding to queries received via our website or emailed to us.
            5.2. onboarding data subjects as customers /suppliers and verifying their identity (as
            required by law);
            5.3. providing our data subjects with our services/products.
            5.4. improving our website and services by analysing certain information collected, including
            cookies and other related information.
            5.5. sending our data subjects information (in the form of our newsletter).
            5.6. complying with regulatory or other obligations.

                1. OUR DATA SUBJECTS RIGHTS:

              6.1. The Right to Access Personal Information: The Company recognises that a data
              subject has the right to establish whether the Company holds personal information related to
              him, her, or it, including the right to request access to that personal information.
              6.2. The Right to have Personal Information Corrected or Deleted: The data subject has
              the right to request, where necessary, that his, her or its personal information must be
              corrected or deleted where the Company is no longer authorised to retain the Personal
              Information.
              6.3. The Right to Object to the Processing of Personal Information: The data subject
              has the right, on reasonable grounds, to object to the processing of his, her or its Personal
              Information. In such circumstances, the Company will give due consideration to the request
              and the requirements of POPIA. The Company may cease to use or disclose the data
              subject’s personal information and may, subject to any statutory and contractual record‐
              keeping requirements, also approve the destruction of the personal information.
              6.4. The Right to Object to Direct Marketing: The data subject has the right to object to
              the processing of his, her or its personal information for purposes of direct marketing by
              means of unsolicited electronic communications.
              6.5. The Right to Complain to the Information Regulator: The data subject has the right
              to submit a complaint to the Information Regulator regarding an alleged infringement of any
              of the rights protected under POPIA and to institute civil proceedings regarding the alleged
              non‐compliance with the protection of his, her or its personal information.
              6.6. The Right to be Informed: The data subject has the right to be notified that his, her or
              its Personal Information is being collected by the Company. The data subject also has the
              right to be notified in any situation where the organisation has reasonable grounds to believe
              that the personal information of the data subject has been accessed or acquired by an
              unauthorised person.

                  1. REQUEST TO ACCESS PERSONAL INFORMATION PROCEDURE:

                7.1. Access to information requests can be made by email, addressed to the Information
                Officer. The Information Officer will send a form to be completed by the data subject.
                7.2. Once the completed form has been received, the Information Officer will verify the
                identity of the Data Subject prior to handing over any Personal Information.
                7.3. The Information Officer will process all requests within a reasonable time.

                    1. OUR INFORMATION OFFICER:

                  8.1. Information Officer: Kevin Long
                  8.2. Physical Address: Centurion, Gauteng
                  8.3. Telephone and email ‐ +27 82 822 6699 ‐ info@goblinfire.co.za

                      1. OUR COMPLAINTS PROCEDURE:

                    Data subjects have the right to complain in instances where any of their rights under POPIA
                    have been infringed upon. The Company takes all complaints very seriously and will address
                    all POPIA related complaints in accordance with the following procedure.
                    9.1. POPIA complaints must be submitted to the Company in writing. Where so required, the
                    Information Officer will provide the Data Subject with a “POPIA Complaint Form”.
                    9.2. Where the complaint has been received by any person other than the Information
                    Officer, that person will ensure that the full details of the complaint reach the Information
                    Officer within 1 working day.
                    9.3. The Information Officer will provide the complainant with a written acknowledgement of
                    receipt of the complaint within 2 working days.
                    9.4. The Information Officer will carefully consider the complaint and address the
                    complainant’s concerns in an amicable manner. In considering the complaint, the
                    Information Officer will endeavour to resolve the complaint in a fair manner and in
                    accordance with the principles outlined in POPIA.
                    9.5. The Information Officer must also determine whether the complaint relates to an error or
                    breach of confidentiality that has occurred and which may have a wider impact on the
                    Company’s Data Subjects.
                    9.6. Where the Information Officer has reason to believe that the Personal Information of
                    Data Subjects has been accessed or acquired by an unauthorised person, the Information
                    Officer will consult with the Company’s board where after the affected Data Subjects and the
                    Information Regulator will be informed of this breach.
                    9.7. The Information Officer will revert to the complainant with a proposed solution with the
                    option of escalating the complaint to the Company’s governing body within 7 working days of
                    receipt of the complaint. In all instances, the Company will provide reasons for any decisions
                    taken and communicate any anticipated deviation from the specified timelines.
                    9.8. The Information Officer’s response to the data subject may comprise any of the
                    following:
                    9.8.1. A suggested remedy for the complaint.
                    9.8.2. A dismissal of the complaint and the reasons as to why it was dismissed.
                    9.8.3. An apology (if applicable) and any disciplinary action that has been taken against any
                    employees involved.
                    9.9. Where the data subject is not satisfied with the Information Officer’s suggested
                    remedies, the Data Subject has the right to complain to the Information Regulator.
                    9.10. The Information Officer will review the complaints process to assess the effectiveness
                    of the procedure on a periodic basis and to improve the procedure where it is found wanting.
                    The reason for any complaints will also be reviewed to ensure the avoidance of occurrences
                    giving rise to POPIA related complaints.

                        1. OUR WEBSITE / NEWSLETTERS:

                      10.1. We may automatically collect non‐personal information about our data subjects, such
                      as the type of internet browsers you use or the website from which they linked to our
                      website. We may also aggregate details which our data subjects have submitted to the site
                      (for example, the products or services you are interested in). Our data subjects cannot be
                      identified from this information, and it is only used to assist us in providing an effective
                      service on this web site.
                      10.2. Once you are a customer you will be added to our mailing list. Our data subjects can
                      unsubscribe from our newsletter at any time by clicking on the unsubscribe bottom at the
                      bottom of our newsletter.
                      10.3. Our website will always request our data subjects to either accept or decline “cookies”.

                          1. OUR SECURITY SAFEGUARDS

                        11.1. The Company will manage the security of its filing / data record‐keeping system to
                        ensure that our data subjects’ personal information is adequately protected.
                        11.2. We will take all reasonable steps to ensure that our data subjects’ personal information
                        is protected.
                        11.3. We protect and manage personal information that we hold about you by using
                        electronic and computer safeguards like firewalls, data encryption, and physical and
                        electronic access control to our buildings. We only authorise access to personal information
                        to those employees who require it to fulfil their designated responsibilities.
                        11.4. This policy is applicable to all our personnel and service providers.
                        11.5. Security measures also need to be applied in a context‐sensitive manner. For
                        example, the more sensitive the Personal Information, such as credit card details, the
                        greater the security required.
                        11.6. The Company will continuously review its security controls which will include regular
                        testing of protocols and measures put in place to combat cyber‐attacks on the Company’s IT
                        network. The Company will ensure that all paper and electronic records comprising Personal
                        Information are securely stored and made accessible only to authorised individuals.