PRIVACY POLICY
INTRODUCTION:
We respect the privacy of all our clients, customers, and suppliers (our data subjects).
This policy explains how we obtain, use, and dispose of the personal information of our data
subjects. It furthermore sets out the processes our data subjects can follow regarding their
personal information in our possession or to be obtained by us.
We urge you to read this policy so that you can understand our approach towards the use of
our data subjects’ personal information.
-
- DEFINITIONS:
1.1 “Company” means TechBags.co.za a product of Viewnet (Pty) ltd
1.2 “Data Subject” means the natural or juristic person to whom personal information
relates, such as an individual client, customer or a company that supplies the Company with
products, services, or other goods.
1.4. “Information Officer” means the person responsible for ensuring the Company’s
compliance with POPIA. Where no Information Officer is appointed, the head of the
Company will be responsible for performing the Information Officer’s duties.
1.5. “Personal Information” means any information that can be used to reveal a person’s
identity. Personal Information relates to an identifiable, living, natural person, and where
applicable, an identifiable, existing juristic person (such as a Company), including, but not
limited to information concerning—
1.5.1. race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual
orientation, age, physical or mental health, disability, religion, conscience, belief, culture,
language, and birth of a person.
1.5.2. information relating to the education or the medical, financial, criminal or employment
history of the person.
1.5.3. any identifying number, symbol, email address, physical address, telephone number,
location information, online identifier, or other particular assignment to the person.
1.5.4. the biometric information of the person.
1.5.5. the personal opinions, views, or preferences of the person.
1.5.6. correspondence sent by the person that is implicitly or explicitly of a private or
confidential nature or further correspondence that would reveal the contents of the original
correspondence.
1.5.7. the views or opinions of another individual about the person.
1.5.8. the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
1.6. “Personnel” refers to any person who works for, or provides services to or on behalf of
the Company, and receives or is entitled to receive remuneration and any other person who
assists in carrying out or conducting the business of the Company, which includes, without
limitation, all directors / all directors, all permanent, temporary, and part‐ time staff as well as
contract workers; and
1.7. “POPIA” means the Protection of Personal Information Act No. 4 of 2013; and
1.8. “POPIA Policy” means such Policy as adopted by the Company in compliance with the
provisions of POPIA, and as amended from time to time; and
1.9. “Regulator” means the Information Regulator established in terms of Section 39 of
POPIA.
-
- PURPOSE OF THIS POLICY
This policy explains how we obtain, use, and dispose of the personal information of our data
subjects. It furthermore sets out the processes our data subjects can follow regarding their
personal information in our possession or to be obtained by us.
-
- COLLECTION OF PERSONAL INFORMATION:
3.1. We collect and process our data subjects’ personal information to enable us to
exchange correspondence, quotes, invoices, and statements and to support our relationship
with them and for certain other purposes explained below. The type of information we collect
will depend on the purpose for which it is collected and used. We will only collect information
that we need for that purpose and any requests will be properly motivated by us.
3.2. Examples of Personal Information we collect:
3.2.1 Name and registration/ ID number.
3.2.2 Physical address / registered address.
3.2.3 Email address.
3.2.4 Telephone/cell numbers.
3.2.5 VAT numbers for invoicing purposes.
3.2.6 Bank account confirmation in respect of suppliers.
3.3. Access to Personal Information will be and can be given to:
3.3.1. Auditors and / or Accountants of the Company; and
3.3.2. Attorneys and / or Counsel appointed by the Company.
-
- HOW WE COLLECT PERSONAL INFORMATION:
4.1. Directly from our data subjects when they use our website or any of our services or if we
request it from them.
4.2. In limited instances, we collect personal information from third parties. We will only
collect personal information this way where such information is publicly available or for
legitimate business purposes.
4.3. Through the use of cookies, which will mainly be used to identify visitors that return to
our website. You can prevent us from doing this through a setting on your browser. Cookies
only store information from your browser and cannot access data on your computer.
-
- THE USE OF OUR DATA SUBJECTS PERSONAL INFORMATION:
We may use our data subject’s personal information for any legitimate business purposes
relating to our services and/or business activities. Some of the purposes for which we use
our data subject’s personal information include:
5.1. responding to queries received via our website or emailed to us.
5.2. onboarding data subjects as customers /suppliers and verifying their identity (as
required by law);
5.3. providing our data subjects with our services/products.
5.4. improving our website and services by analysing certain information collected, including
cookies and other related information.
5.5. sending our data subjects information (in the form of our newsletter).
5.6. complying with regulatory or other obligations.
-
- OUR DATA SUBJECTS RIGHTS:
6.1. The Right to Access Personal Information: The Company recognises that a data
subject has the right to establish whether the Company holds personal information related to
him, her, or it, including the right to request access to that personal information.
6.2. The Right to have Personal Information Corrected or Deleted: The data subject has
the right to request, where necessary, that his, her or its personal information must be
corrected or deleted where the Company is no longer authorised to retain the Personal
Information.
6.3. The Right to Object to the Processing of Personal Information: The data subject
has the right, on reasonable grounds, to object to the processing of his, her or its Personal
Information. In such circumstances, the Company will give due consideration to the request
and the requirements of POPIA. The Company may cease to use or disclose the data
subject’s personal information and may, subject to any statutory and contractual record‐
keeping requirements, also approve the destruction of the personal information.
6.4. The Right to Object to Direct Marketing: The data subject has the right to object to
the processing of his, her or its personal information for purposes of direct marketing by
means of unsolicited electronic communications.
6.5. The Right to Complain to the Information Regulator: The data subject has the right
to submit a complaint to the Information Regulator regarding an alleged infringement of any
of the rights protected under POPIA and to institute civil proceedings regarding the alleged
non‐compliance with the protection of his, her or its personal information.
6.6. The Right to be Informed: The data subject has the right to be notified that his, her or
its Personal Information is being collected by the Company. The data subject also has the
right to be notified in any situation where the organisation has reasonable grounds to believe
that the personal information of the data subject has been accessed or acquired by an
unauthorised person.
-
- REQUEST TO ACCESS PERSONAL INFORMATION PROCEDURE:
7.1. Access to information requests can be made by email, addressed to the Information
Officer. The Information Officer will send a form to be completed by the data subject.
7.2. Once the completed form has been received, the Information Officer will verify the
identity of the Data Subject prior to handing over any Personal Information.
7.3. The Information Officer will process all requests within a reasonable time.
-
- OUR INFORMATION OFFICER:
8.1. Information Officer: Kevin Long
8.2. Physical Address: Centurion, Gauteng
8.3. Telephone and email ‐ +27 82 822 6699 ‐ info@goblinfire.co.za
-
- OUR COMPLAINTS PROCEDURE:
Data subjects have the right to complain in instances where any of their rights under POPIA
have been infringed upon. The Company takes all complaints very seriously and will address
all POPIA related complaints in accordance with the following procedure.
9.1. POPIA complaints must be submitted to the Company in writing. Where so required, the
Information Officer will provide the Data Subject with a “POPIA Complaint Form”.
9.2. Where the complaint has been received by any person other than the Information
Officer, that person will ensure that the full details of the complaint reach the Information
Officer within 1 working day.
9.3. The Information Officer will provide the complainant with a written acknowledgement of
receipt of the complaint within 2 working days.
9.4. The Information Officer will carefully consider the complaint and address the
complainant’s concerns in an amicable manner. In considering the complaint, the
Information Officer will endeavour to resolve the complaint in a fair manner and in
accordance with the principles outlined in POPIA.
9.5. The Information Officer must also determine whether the complaint relates to an error or
breach of confidentiality that has occurred and which may have a wider impact on the
Company’s Data Subjects.
9.6. Where the Information Officer has reason to believe that the Personal Information of
Data Subjects has been accessed or acquired by an unauthorised person, the Information
Officer will consult with the Company’s board where after the affected Data Subjects and the
Information Regulator will be informed of this breach.
9.7. The Information Officer will revert to the complainant with a proposed solution with the
option of escalating the complaint to the Company’s governing body within 7 working days of
receipt of the complaint. In all instances, the Company will provide reasons for any decisions
taken and communicate any anticipated deviation from the specified timelines.
9.8. The Information Officer’s response to the data subject may comprise any of the
following:
9.8.1. A suggested remedy for the complaint.
9.8.2. A dismissal of the complaint and the reasons as to why it was dismissed.
9.8.3. An apology (if applicable) and any disciplinary action that has been taken against any
employees involved.
9.9. Where the data subject is not satisfied with the Information Officer’s suggested
remedies, the Data Subject has the right to complain to the Information Regulator.
9.10. The Information Officer will review the complaints process to assess the effectiveness
of the procedure on a periodic basis and to improve the procedure where it is found wanting.
The reason for any complaints will also be reviewed to ensure the avoidance of occurrences
giving rise to POPIA related complaints.
-
- OUR WEBSITE / NEWSLETTERS:
10.1. We may automatically collect non‐personal information about our data subjects, such
as the type of internet browsers you use or the website from which they linked to our
website. We may also aggregate details which our data subjects have submitted to the site
(for example, the products or services you are interested in). Our data subjects cannot be
identified from this information, and it is only used to assist us in providing an effective
service on this web site.
10.2. Once you are a customer you will be added to our mailing list. Our data subjects can
unsubscribe from our newsletter at any time by clicking on the unsubscribe bottom at the
bottom of our newsletter.
10.3. Our website will always request our data subjects to either accept or decline “cookies”.
-
- OUR SECURITY SAFEGUARDS
11.1. The Company will manage the security of its filing / data record‐keeping system to
ensure that our data subjects’ personal information is adequately protected.
11.2. We will take all reasonable steps to ensure that our data subjects’ personal information
is protected.
11.3. We protect and manage personal information that we hold about you by using
electronic and computer safeguards like firewalls, data encryption, and physical and
electronic access control to our buildings. We only authorise access to personal information
to those employees who require it to fulfil their designated responsibilities.
11.4. This policy is applicable to all our personnel and service providers.
11.5. Security measures also need to be applied in a context‐sensitive manner. For
example, the more sensitive the Personal Information, such as credit card details, the
greater the security required.
11.6. The Company will continuously review its security controls which will include regular
testing of protocols and measures put in place to combat cyber‐attacks on the Company’s IT
network. The Company will ensure that all paper and electronic records comprising Personal
Information are securely stored and made accessible only to authorised individuals.