Website Privacy and Data Protection Policy
1. BACKGROUND
- 1.1 The Protection of Personal Information Act 4 of 2013 (“POPIA”) is intended to balance two competing interests, being (i) the constitutional right to privacy, and (ii) the requirements of society to have access to and to process personal information, including that of a juristic person, as defined in POPIA, belonging to a data subject (“PI”) for legitimate purposes, including entering into contractual relationships.
- 1.2 This privacy and data protection policy (“DP Policy”) sets out a framework for Everything Hair a division of Veaudry International (Pty) Ltd (“the Organisation”) to comply with POPIA’s requirements in the processing of your PI.
- 1.3 Where reference is made to the “processing” of PI, this has the meaning ascribed thereto in POPIA and will include any activity in which the PI is worked with, from the time that the PI is collected, up to the time that the PI is destroyed.
- 1.4 By using our services / website, you agree that the Organisation may process your personal information as explained in this Policy.
2. PROCESSING OF PI
- 2.1 Depending on the type of business the Organisation conduct with you or the relationship you have with us, the Organisation may process the following types of PI:
-
- 2.1.1 Name
- 2.1.2 Race (for employment purposes or as otherwise required by applicable law)
- 2.1.3 Gender
- 2.1.4 Marital status
- 2.1.5 Nationality
- 2.1.6 Age
- 2.1.7 Language preference
- 2.1.8 Date of birth
- 2.1.9 Information relating to education, financial, criminal or employment history of a person
- 2.1.10 Identifying numbers such as identity or passport number, tax identification numbers or tax
- 2.1.11 Reference numbers
- 2.1.12 E-mail address
- 2.1.13 Physical address
- 2.1.14 Telephone number.
-
- 2.2 All the Organisation staff, employees and contractors (“Personnel”) undertake to comply with POPIA at all relevant times and to process PI lawfully and reasonably, so as not to infringe unnecessarily on your privacy.
- 2.3 Personnel undertake to process your PI only for the purpose for which it is intended, to enable the Organisation to conduct its business, affairs and activities, as may inter alia be contractually determined.
- 2.4 Whenever necessary, Personnel shall obtain the voluntary, specific and informed consent as defined in POPIA (“Consent”) from you to process your PI.
- 2.5 Where Personnel do not expressly seek Consent, the processing of PI may be done in terms of another legitimate ground, being a legal obligation placed upon the Organisation, to protect a legitimate interest that requires protection, done solely for permitted journalistic/literary expression, or be permitted under a Code of Conduct that the Organisation ascribes to.
- 2.6 Personnel shall stop processing your PI as soon as the required Consent to do so is withdrawn, or if a legitimate objection thereto is raised by the you.
- 2.7 Personnel shall collect PI directly from the you, unless:
- 2.7.1 The PI is of public record; or
- 2.7.2 You have Consented to the collection your PI from an Affiliate of the Organisation; or
- 2.7.3 The PI to be collected is necessary for the maintenance of law and order or national security; or
- 2.7.4 The PI is being collected to comply with a legal obligation, including an obligation to SARS; or
- 2.7.5 The PI collected is required for the conduct of proceedings in any court or tribunal, where these proceedings have commenced or are reasonably contemplated; or
- 2.7.6 The PI is required to maintain the Organisation’s legitimate interests.
- 2.8 The Organisation shall retain records of your PI it has collected for the minimum period as required by law unless you have given your Consent or instructed the Organisation to retain the records for a longer period.
- 2.9 The Organisation shall destroy or delete records of your PI (so as to de-identify your PI) as soon as reasonably possible after the time period for which the Organisation is entitled to hold the records, has expired or you withdraw your Consent.
- 2.10 The Organisation undertakes to ensure that your PI which it collects and processes is complete, accurate, not misleading and up to date.
- 2.11 The Organisation undertakes to take special care with your bank account details, and it is not entitled to obtain or disclose or procure the disclosure of such banking details unless it has your specific Consent or is legally obliged to disclose it.
3. YOUR RIGHTS
- 3.1 In cases where your Consent is required to process your PI, this Consent may be withdrawn (otherwise than where there is an ongoing obligation to process it, e.g. under a contractual relationship).
- 3.2 You are entitled to lodge a complaint regarding the Organisation’s application of POPIA with the IR.
- 3.3 The prescribed forms for the exercise of these rights are attached to the 2018 regulations passed in terms of POPIA (“Regulations”) and can be obtained from the Organisation’s duly appointed Information Officer (“IO”).
4. REQUESTS FOR PI RECORDS
- 4.1 On production of proof of identity, you are entitled to request that the Organisation confirm, free of charge, whether or not it holds any PI relating to you in its records.
- 4.2 If the Organisation indeed holds such PI, on request, and upon payment of a fee of R500,00 plus VAT, the Organisation shall provide you with the record, or a description of the PI, including information about the identity of all third parties or categories of third parties who have or have had access to the PI. The Organisation shall do this within a reasonable period of time, in a reasonable manner and in an understandable form.
- 4.3 You are further entitled to request to have any errors in your PI corrected.
5. CORRECTION OF PI
- 5.1 You are entitled to require the Organisation to correct or delete PI that it has, which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or which has been obtained unlawfully.
- 5.2 You are also entitled to require the Organisation to destroy or delete records of your PI that it is no longer authorised to retain.
- 5.3 Any such request must be made on the prescribed form (Form 2 of the Regulations), obtainable from the Organisation IO.
- 5.4 The Organisation undertakes, upon receipt of such a lawful request, to comply as soon as reasonably practicable.
- 5.5 In the event that a dispute arises regarding your rights to have your PI corrected, and in the event that you so require, the Organisation will attach to your PI, in a way that it will always be read with your PI, an indication that the correction of your PI has been requested but has not been made.
- 5.6 The Organisation will notify you of the action the Organisation has taken as a result of such request.
6. SPECIAL PI
- 6.1 Special rules apply to the collection and use of PI relating to a person’s religious or philosophical beliefs, their race or ethnic origin, their trade union membership, their political persuasion, their health or sex life, their biometric information, or their criminal behaviour.
- 6.2 The Organisation shall not process any of this special PI as defined in POPIA (“Special PI”), without your Consent, or where this is necessary for the establishment, exercise or defence of a right or an obligation in law.
- 6.3 Having regard to the nature of the Organisation’s work, it is unlikely that it will ever have to process Special PI, but should it be necessary, your specific consent will be sought.
7. THE PROCESSING OF PI OF CHILDREN
- The Organisation may only process the PI of a child if we have the written Consent of the child’s parent or legal guardian.
8. PI SECURITY BREACHES
- Should it appear that your PI has been accessed or acquired by an unauthorised person, the Organisation will as soon as reasonably possible, notify the IR and yourself, unless the Organisation is no longer able to identify you.
9. INFORMATION OFFICER
- Should you have any questions or wish to lay any complaint in regard the processing of your personal information you may contact the Organisation’s IO.
10. DIRECT MARKETING
- 10.1 The Organisation may contact you from time to time to inform you of additional services or products of the Organisation.
- 10.2 The Organisation may also provide you with newsletters and promotions as part of our value-added client experience.
- 10.3 The Organisation may share your personal information with our Affiliates (subject to applicable law and our indicated marketing preferences) so that they may offer you their products and services.
- 10.4 You may at any time object to us processing your information for marketing purposes. You can unsubscribe from direct marketing by following the steps set out in the direct marketing you received or contacting the Organisation.
- 10.5 All direct marketing communications will disclose the Organisation’s identity and contain an address or other contact details to which you may send a request that the communications cease.
11. PRECEDENCE
- Should there be any contradiction between the provisions of this DP Policy and any other Organisation policy, the provisions hereof shall take precedence.
12. PRESCRIBED FORMS AND DETAILS OF THE INFORMATION REGULATOR
- 12.1 The prescribed Forms in terms of POPIA are available on the website of the Information Regulator: https://www.justice.gov.za/inforeg/docs.html
- 12.2 The contact details of the Information Regulator are as follows:
- 12.2.1 Physical Address: JD House, 27 Stiemens St, Braamfontein, Johannesburg 2001;
- 12.2.2 Postal Address: PO BOX 31533, Braamfontein, Johannesburg 2017;
- 12.2.3 Complaints email: [email protected];
- 12.2.4 General enquiries email: [email protected];
- 12.2.5 Website address: https://www.justice.gov.za/inforeg/index.html
13. COOKIES
- 13.1 “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. The Organisation use cookies on certain pages of our Web Site to, among other things, analyse our web page flow, measure promotional effectiveness, deliver you a more customized shopping experience, track visits from our affiliates and partners and allow the use of our shopping cart. The Organisation will not use cookies to store or collect any personally identifiable information. You are always free to decline our cookies if your browser permits; although, by declining the use of cookies you may not be able to use certain features on the Web Site.
- 13.2 Data Collection Devices, such as Cookies: In some instances, The Organisation may collect non-personal data through cookies and web logs and other monitoring technologies.
14. UPDATES TO THIS PRIVACY STATEMENT
- This privacy statement is dated as of 1 July 2021. The Organisation may update the privacy statement from time to time. Please check our website on a regular basis