1. PURPOSE OF THIS POLICY
1.1 Protecting your privacy is especially important to us.
1.2 ORTHOPAEDIC SUPPLIERS CC is committed to complying with the Protection of Personal Information Act 4 of 2013 in relation to the processing of your personal information.
1.3 The purpose of this policy is to describe how and why we collect, store, use, share or otherwise process your personal information. It also explains your rights in relation to your personal information and how to contact us if you have a question or complaint.
1.4 Please note that we may update this policy from time to time. The latest version of this policy is available on request.
2. THE PERSONAL INFORMATION WE MAY COLLECT
2.1 We may collect and process the following personal information about you:
(a) Your name and contact information, including your email address, telephone number, physical address, postal address and other location information.
(b) Your date of birth, age, gender, race, nationality, title and language preferences;
(c) Your identity number, passport number and photograph;
(d) Your vehicle registration number, vehicle licence and driving licence;
(e) Your biometric information, including but not limited to, if applicable, that information obtained from your fingerprints, hands, facial recognition and/or retinal scanning;
(f) Your verified banking details;
(g) Your employment details;
(h) Correspondence from you of a private or confidential nature;
(i) Such other personal information as is reasonably required by us to engage with you and/or provide services to you.
3. HOW YOUR PERSONAL INFORMATION IS COLLECTED
3.1 We may collect or obtain personal information about you:
(a) directly from you;
(b) during the course of our interactions with you;
(c) when you visit the Office;
(d) when you visit and/or interact with our website or any other social media platforms or IT services;
(e) from publicly available sources; and
(f) from a third party who is authorised to share that information;
(g) via a mobile or other software app developed for the Close Corporation.
(h) from transferring attorneys
4. HOW AND WHY, WE PROCESS YOUR PERSONAL INFORMATION
4.1 The personal information we may collect and why and how we use it depends on our relationship with you. 5
4.2 POPIA requires that personal information “is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.”
4.3 Further, POPIA provides that personal information may only be processed if:
(a) the data subject or a competent person where the data subject is a child consents to the processing;
(b) processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
(c) processing complies with an obligation imposed by law on the responsible party;
(d) processing protects a legitimate interest of the data subject;
(e) processing is necessary for the proper performance of a public law duty by a public body; or
(f) processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
4.4 The table at Annexure A hereto sets out a list of the types of information we collect and explains why we collect and use it.
4.5 We may collect other personal information from time to time where you provide it to us, as necessary for our business requirements, or in order to comply with applicable laws.
5. WHO WE SHARE YOUR PERSONAL INFORMATION WITH
5.1 Depending on the circumstances, we may disclose your personal information to the following categories of persons:
(a) Auditors, legal and other professional advisers and consultants of the Close Corporation or other third parties who help us deliver our services.
(b) Information Technology and other service providers who help us run the Close Corporation or otherwise manage or store the personal information;
(c) Government and law enforcement authorities;
(d) Financial institutions;
(e) Other third parties where disclosure is required by law or otherwise required for us to perform our obligations and provide our services; and
(f) To any other person with your consent to the disclosure.
5.2 We take reasonable steps to protect the confidentiality and security of your personal information when it is disclosed to a third party and seek to ensure the third-party deals with your information in accordance with our instructions, applicable privacy laws, and only for the purpose for which it is disclosed.
6. DATA SECURITY
6.1 We may hold your personal information in electronic or in hard copy form. We may keep this information at our own premises.
6.2 We are committed to keeping your personal information safe.
6.3 We use a range of physical, electronic, and procedural safeguards to do this. We update these safeguards from time to time in order to address new and emerging security threats. We also train our people on privacy matters as appropriate and seek 6
to limit access to personal information to those of our people who need to know that information.
6.4 We implement appropriate security measures to protect your personal information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
6.5 Where there are reasonable grounds to believe that your personal information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.
7. HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
7.1 We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service) or to comply with applicable legal, tax or accounting requirements.
7.2 We shall only retain and store your personal information for the period for which the information is required to serve the purpose for its collection, or a legitimate interest or the period required to comply with applicable legal requirements, whichever is longer.
7.3 In terms of the provisions of the Companies Act71, of 2008.
8. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
8.1 In some cases, the third parties to whom we may disclose your personal information may be located outside your country of residence (for example, in a cloud service, system or server), and may be subject to different privacy regimes.
8.2 When we disclose personal information overseas, we will take appropriate safeguards to protect your personal information to ensure that the recipient will handle the information in a manner consistent with this policy and the level of protection provided for in POPIA.
9. YOUR RIGHTS
9.1 You have the right to:
(a) ask what personal information we hold about you;
(b) request access to the personal information that we hold about you;
(c) ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you;
(d) unsubscribe from any direct marketing communications we may send you; or
(e) object to the processing of your personal information.
9.2 If you wish to exercise any of these rights or you have any queries regarding the personal information that we hold about you, you can contact us at the details provided below. 7
9.3 To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity.
9.4 If you want us to delete all personal information, we have about you, we may need to terminate the agreements we have with you. We can refuse to delete your information if we are required by law to retain it or if we need it to protect our rights.
10. HOW TO CONTACT US
10.1 If you have a question, concern, or complaint regarding the way in which we handle your personal information, or if you believe that we have failed to comply with this policy or breached any applicable laws in relation to the management of that information, you can make a complaint.
10.2 Any question, concern or complaint should be made in writing to:
10.3 If you wish to make a request to access your personal information in terms of Section 23 of POPIA, please follow the procedure described in Section C (2) of PAIA. .
11.1 This Policy was published on 30 June 2021.
11.2 We may change this privacy notice from time to time—when we do, we will inform you via email.