In this Policy (as defined below), unless the context requires otherwise, the following capitalised terms shall have the meanings given to them —
“Active Processing” means instances where IEDM has directly been provided with the Personal Information of Data Subjects, such as when Data Subjects submit an enquiry in respect of its Services, or when Data Subjects provide Personal Information to IEDM pursuant to concluding any commercial agreement(s) with IEDM;
“Inactive Processing” means instances where IEDM has not actively been provided with the Personal Information of Data Subjects, such as when IEDM deploys Passive Processing Means to collect information from Data Subjects. These Passive Processing Means allow IEDM to Process certain kinds of Non-personally Identifiable Information which can perhaps not be linked to Data Subjects;
“Anonymisation” means the Processing of Personal Information in such a manner that the Personal Information can no longer be attributed to Data Subjects without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Information are not attributed to Data Subjects;
“Applicable Laws” means any laws applicable to the processing of and protection of rights associated with Personal Information and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; the common law; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator, competent authority or organ of state or statutory industry body;
“Biometrics” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;
“Competent Person” means anyone who is legally competent to consent to any action or decision being taken by any matter concerning a child, for example a parent or legal guardian;
“Consent” means any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information;
“Cookies” means small text files that store Non-personally Identifiable Information/Data about Data Subjects, either temporarily in connection with a Data Subjects Internet Protocol (IP) address (known as a temporary or session cookie and deleted once a Data Subject closes their browser window) or more permanently on the hard drive of a Data Subject’s device (known as a permanent or persistent cookie). IEDM’s Website(s) or Mobile Application(s) may from time to time use session cookies so that Data Subject’s do not have to fill in the same information from page to page within our Website(s) or Mobile Application(s). If Data Subject’s elect not to receive cookies, they may be able to view some, but not all, of the content on our Website(s) or Mobile Application(s);
“Client(s)” means any natural person(s), or juristic person(s), who have concluded an agreement with IEDM in terms of which such Client procures the Products or Services provided by IEDM ;
“Data Subject” means IEDM’s Client(s) or any Third Party in respect of whom IEDM Processes Personal Information;
“Data Processing Infrastructure” means any and all systems, networks, servers, workstations, laptops, mobile devices, web applications, mobile applications, cloud storages, websites owned, controlled or operated by IEDM;
“Embedded Scripts” means, programming code that is designed to collect information about a Data Subject’s interactions with the relevant Website(s) or Mobile Application(s). It is temporarily downloaded onto a Data Subject’s device from our web server or a Third-Party Operator. This program is active only while a Data Subject is connected to the relevant Website(s) or Mobile Application(s) and is deleted or deactivated thereafter;
“Electronic Means” means, in relation to the Processing of any Personal Information, the use of any Website(s), Mobile Application(s), electronic mail (email), text, voice, sound or image messages by IEDM;
“IEDM” means Interexcel Digital Marketing (PTY) LTD;
“IEDM Group Company” means any company forming part of IEDM Group of Companies from time to time;
“Non-Electronic Means” means, in relation to the Processing of any Personal Information, the use of traditional means of Processing, such as hard copy documents, traditional filing systems deployed for the storage and retention of Personal Information and face-to-face personal engagements with Data Subjects;
“Mobile Device Identifier” means device information if you access our Website(s) or Mobile Application(s) through mobile devices. Certain features of the relevant Website(s) or Mobile Application(s) may require collection of mobile phone numbers and we may associate that phone number with the mobile device identifiers. Additionally, some mobile phone service providers operate systems that pinpoint the physical location of devices that use their service. Depending on the provider, IEDM and/or our Third-Party Operators may receive this information. If IEDM associates any such passively collected information with the Personal Information of Data Subjects, we will treat the combined information as Personal Information as contemplated in this Policy;
“Non-personally Identifiable Information/Data” means any information/data which cannot be linked to Data Subjects, such as an internet domain name, the type of web browser used by a Data Subject, the type of operating system relied on by a Data Subject, the date and time of a Data Subject’s visit to our Website(s) and Mobile Application(s), the specific pages a Data Subject may have visited, and the address of the website which a Data Subjects may have visited prior to entering or gaining access to IEDM’s Website(s) or Mobile Application(s);
“Operator” means a person or entity who Processes Personal Information for and on behalf of the Responsible Party, who in the context of the Website(s) and its associated functionality is IEDM;
“PAIA” means Promotion of Access to Information Act 2 of 2000;
“Person” means any natural person or juristic person;
“Personal Information” shall have the same meaning as is given in section 1 of POPIA, which for the avoidance of doubt includes any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
the biometric information of the person;
the personal opinions, views or preferences of the person;
correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person; and shall, where applicable, include Special Personal Information;
“POPIA” means the Protection of Personal Information Act, No 4 of 2013;
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition, “Process” has a corresponding meaning.
“Products” means the various digital marketing products which are procured by Clients of IEDM;
“Regulator” means the Information Regulator established in terms of POPIA;
“Responsible Party” means in the context of this Policy, IEDM;
“Services” means the various services provided by IEDM to its Client(s), the particulars of which services are clearly set forth on IEDM’s Website from time to time;
“Special Personal Information/Data” means Personal Information concerning, amongst other aspects contemplated in terms of section 26 Part B of POPIA, a Data Subject’s, religious beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric data, or criminal behaviour;
“Third-Party” means any IEDM Group Company (if applicable), Client(s), Data Subject(s), employees, independent contractor, agent, consultant or user of IEDM’s Products, Services, Website or any other digital application interface;
“Unique Identifier” means any identifier that is assigned to a Data Subject and is used by the Responsible Party for the purposes of the operations of that Responsible Party and that uniquely identifies that data subject in relation to the Responsible Party;
“Website” means the website owned and operated by IEDM sourced at https://iedm.co.za/;
“Web Beacons” means small graphic images called web beacons, also known as “Internet tags” or “clear gifs,”, which Web Beacons may be deployed on IEDM’s Website(s) pages and e-mail messages. Web beacons may be invisible to Data Subjects, but any electronic image inserted into a web page or e-mail can act as a Web Beacon. IEDM may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to our Websites, Mobile Application(s), to monitor how users navigate the Website(s) or Mobile Application(s), to count how many e-mails that we have sent were actually opened or to count how many particular articles or links were actually viewed by Data Subjects in certain circumstances.
This Policy regulates the Processing of Personal Information by IEDM and sets forth the requirements with which IEDM undertakes to comply when Processing Personal Information pursuant to undertaking its operations and fulfilling its contractual obligations in respect of Data Subjects and Third Parties in general.
IEDM places a high premium on the privacy of every person or organisation with whom it interacts or engages with and therefore acknowledges the need to ensure that Personal Information is handled with a reasonable standard of care as may be expected from it. IEDM is therefore committed to ensuring that it complies with the requirements of POPIA and also with the terms of Applicable Laws.
When a Data Subject or Third Party engages with IEDM, whether it be physically or via any digital, electronic interface such as IEDM Website, the Data Subject or Third Party acknowledges that they trust IEDM to Process their Personal Information, including the Personal Information of their dependents, beneficiaries, Clients, members, or employees as the case may be, which further entrenches the importance of IEDM’s compliance with Applicable Laws in regards to the Processing of Personal Information.
All Data Subjects and Third Parties have the right to object to the processing of their Personal Information. It should be voluntary to accept the Terms and Conditions to which this Policy relates. However, IEDM does require the Data Subject’s or Third Party’s acceptance to enable the proper use of IEDM Website and/or Services.
Purpose and application
The purposes of this Policy are not only to inform Data Subjects of what Personal Information of theirs IEDM may Process, where IEDM may have collected such Personal Information from (if not directly from them as the Data Subject), how IEDM Processes their Personal Information, but also to communicate the prevailing standards by which IEDM and its employees, representatives and operators shall comply in as far as the Processing of Personal Information is concerned.
IEDM, in its capacity as a Responsible Party and/or Operator, as the case may be, shall strive to observe and comply with its obligations under POPIA and Applicable Laws (as may be applicable and to the extent necessary) when it Processes Personal Information from or in respect of any Data Subject.
COLLECTING & PROCESSING OF PERSONAL INFORMATION
Whenever any Data Subject engages with IEDM, whether it be physically or electronically, or through the use of its Services, facilities or Website, IEDM will in effect be processing the Data Subject’s Personal Information.
It may be from time to time that IEDM has collected a Data Subject’s Personal Information from other sources and in such instances IEDM will inform the Data Subject by virtue of any privacy notices it deploys from time to time. In the event that a Data Subject has shared their Personal Information with any third parties, IEDM will not be responsible for any loss suffered by the Data Subject, their dependents, beneficiaries, Clients, representatives, agents or employees (as the case may be).
When a Data Subject provides IEDM with the Personal Information of any other Third Party, IEDM will process the Personal Information of such Third Party in line with this Policy, as well as any terms and conditions or privacy notices to which this Policy relates.
IEDM will primarily Process Personal Information in order to facilitate and enhance the delivery of Products and/or Services to its Clients, manage and administer its business, foster a legally compliant workplace environment, as well as safeguard the Personal Information relating to any Data Subjects which it in fact holds. In such an instance, the Data Subject providing IEDM with such Personal Information may also be required to confirm that they are a Competent Person and that they have authority to give the requisite consent to enable IEDM to process such Personal Information.
IEDM undertakes to process any Personal Information in a manner which promotes the constitutional right to privacy, retains accountability and Data Subject participation.
Prior to recording the purpose(s) for which IEDM may, or will, process the Personal Information of Data Subjects, IEDM hereby records the broad categories and types of Personal Information of Data Subjects it may process from time to time:
Financial information, including banking account information;
Physical and postal address particulars;
In supplementation of the above and any information privacy notices provided to any Data Subject from time to time pursuant to any engagement with them, IEDM may process Personal Information for the following purposes:
To provide or manage any information, Products and/or Services requested by or delivered to Data Subjects in general;
To establish a Data Subject’s needs, wants and preferences in relation to the Products and/or Services provided by IEDM or any other IEDM Group Company;
To help IEDM identify Data Subjects when they engage with IEDM;
To facilitate the delivery of Products and/or Services to Clients;
To allocate to Clients and Data Subjects Unique Identifiers for the purpose of securely storing, retaining and recalling their Personal Information from time to time;
To maintain records of Data Subjects and specifically Client records;
To maintain Third Party records;
For recruitment purposes;
For employment purposes;
For apprenticeship purposes;
For general administration purposes;
For legal and/or contractual purposes;
For health and safety purposes;
To monitor access, secure and manage any facilities owned or operated by IEDM regardless of the location;
To transact with Third Parties;
To improve the quality of IEDM’s Services;
To transfer Personal Information to any other IEDM Group Company so as to enable the relevant IEDM Group Company to market its products and/or services to IEDM’s Client(s) or Third Party’s, as well as to render specific services to IEDM itself which would in turn enable IEDM to render its Services to its Client(s);
To transfer Personal Information to Third Party service providers so as to enable IEDM to deliver Services to its Client(s);
To analyse the Personal Information collected for research and statistical purposes;
To help recover bad debts;
To transfer Personal Information across the borders of South Africa to other jurisdictions if it is required;
To carry out analysis and Client profiling;
To identify other products and services which might be of interest to our Clients and Data Subjects in general, as well as to inform them of such products and/or services;
To comply with any Applicable Laws applicable to IEDM and in some instances other IEDM Group Companies.
When collecting Personal Information from a Data Subject, IEDM shall comply with the notification requirements as set out in Section 18 of POPIA, and to the extent applicable, comparable provisions on other Applicable Laws.
IEDM will collect and Process Personal Information in compliance with the conditions as set out in POPIA and/or the Processing principles in relevant Applicable Laws (as the case may be), to ensure that it protects the Data Subject’s privacy.
IEDM will not Process the Personal Information of a Data Subject for any purpose other than for the purposes set forth in this Policy or in any other privacy notices which may be provided to Data Subjects from time to time, unless IEDM is permitted or required to do so in terms of Applicable Laws or otherwise by law.
IEDM may from time-to-time Process Personal Information by making use of automated means (without deploying any human intervention in the decision-making process) to make decisions about the Data Subject or their application. In these instances, IEDM will take reasonable steps to information Data Subjects thereof and it is specifically recorded that the Data Subject may object to or query the outcomes of such a decision.
PERSONAL INFORMATION/PERSONAL DATA FOR DIRECT MARKETING PURPOSES
IEDM acknowledges that it may only use Personal Information to contact Data Subjects for purposes of direct marketing where IEDM has complied with the provisions of POPIA and relevant Applicable Laws (where applicable) and when it is generally permissible to do so in terms of Applicable Laws.
In the event that IEDM may lawfully direct market to a Data Subject in terms of section 69 of POPIA, IEDM will ensure that a reasonable opportunity is given to such Data Subjects to object (opt-out) to the use of their Personal Information for IEDM’s marketing purposes when collecting the Personal Information and on the occasion of each communication to the Client for purposes of direct marketing.
STORAGE AND RETENTION OF PERSONAL INFORMATION/PERSONAL DATA
IEDM will retain Personal Information it has processed in accordance with its prevailing retention policies from time to time, which retention policies will reflect the justified retention of any Personal Information in terms of Section 14 of POPIA.
Personal Information will only be retained by IEDM for as long as necessary to fulfil the legitimate purposes for which that Personal Information was collected in the first place and/or as permitted or required in terms of Applicable Law.
It is specifically recorded that any Data Subject has the right to object to the Processing of their Personal Information and IEDM shall retain and store the Data Subject’s Personal Information for the purposes of dealing with such an objection or enquiry as soon and as swiftly as possible.
FAILURE TO PROVIDE PERSONAL INFORMATION
Where IEDM is required to collect Personal Information from a Data Subject by law or in order to fulfil a legitimate business purpose of IEDM and the Data Subject fails to provide such Personal Information, IEDM may, on notice to the Data Subject, decline to render services without any liability to the Data Subject.
SECURING PERSONAL INFORMATION
IEDM will always implement appropriate, reasonable, physical, organisational, contractual and technological security measures to secure the integrity and confidentiality of Personal Information, including measures to protect against the loss or theft, unauthorised access, disclosure, copying, use or modification of Personal Information in compliance with Applicable Laws.
In further compliance with Applicable Laws, IEDM will take steps to notify the relevant Regulator(s) and/or any affected Data Subjects in the event of a security breach and will provide such notification as soon as reasonably possible after becoming aware of any such breach.
Notwithstanding any other provisions of this Policy, it should be acknowledged that the transmission of Personal Information, whether it be physically in person, via the internet or any other digital data transferring technology, is not completely secure. Whilst IEDM has taken all appropriate, reasonable measures contemplated in clause 8.1 above to secure the integrity and confidentiality of the Personal Information its Processes, in order to guard against the loss of, damage to or unauthorized destruction of Personal Information and unlawful access to or processing of Personal Information, IEDM in no way guarantees that its security system(s) are 100% secure or error-free. Therefore, IEDM does not guarantee the security or accuracy of the information (whether it be Personal Information or not) which it collects from any Data Subject.
Any transmission of Personal Information will be solely at the own risk of a Data Subject. Once IEDM has received the Personal Information, it will deploy and use strict procedures and security features to try to prevent unauthorised access to it. As indicated above, IEDM reiterates that it restricts access to Personal Information to Third Parties who have a legitimate operational reason for having access to such Personal Information. IEDM also maintains electronic and procedural safeguards that comply with the Applicable Laws to protect your Personal Information from any unauthorized access.
IEDM shall not be held responsible and by accepting any terms and conditions to which this Policy relates, any Data Subject agrees to indemnify and hold IEDM harmless for any security breaches which may potentially expose the Personal Information in IEDM’s possession to unauthorized access and or the unlawful processing of such Personal Information by any Third-Party.
PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES
IEDM may disclose Personal Information to Third-Party service providers and any IEDM Group Company where necessary and to achieve the purpose(s) for which the Personal Information was originally collected and processed. IEDM will enter into written agreements with such Third-Party service providers and IEDM Group Company, to ensure that they comply with Applicable Laws pursuant to the Processing of Personal Information provided to it by IEDM from time to time.
TRANSFER OF PERSONAL INFORMATION OUTSIDE OF SOUTH AFRICA
IEDM may, under certain circumstances, transfer Personal Information to a jurisdiction outside of the Republic of South Africa in order to achieve the purpose(s) for which the Personal Information/Data was collected and Processed including for Processing and storage by Third-Party service providers.
If it is required, IEDM will obtain the Data Subject’s consent to transfer the Personal Information to such foreign jurisdiction.
The Data Subject should also take note that, where the Personal Information is transferred to a foreign jurisdiction, the Processing of Personal Information in the foreign jurisdiction may be subject to the laws of that foreign jurisdiction.
ACCESS TO PERSONAL INFORMATION
A Data Subject has the right to a copy of the Personal Information which is held by IEDM (subject to a few limited exemptions as provided for under Applicable Law).
The Data Subject must make a written request (which can be by email) to the Information Officer designated by IEDM from time to time and whose contact details can be sourced in IEDM’s PAIA Manual.
IEDM will provide the Data Subject with any such Personal Information to the extent required by Applicable Law and subject to and in accordance with the provisions of IEDM’s PAIA Manual (published in terms of section 51 of PAIA, which PAIA Manual can be sourced either at IEDM’s premises upon request or on IEDM’s Website.
The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in IEDM’s records at any time in accordance with the process set out in IEDM’s PAIA Manual.
KEEPING PERSONAL INFORMATION ACCURATE
IEDM will take reasonable steps to ensure that Personal Information that it Processes is kept updated where reasonably possible. For this purpose, IEDM shall provide Data Subjects with the opportunity to update their information at appropriate times.
IEDM may not always expressly request the Data Subject to verify and update his/her/its Personal Information and expects that the Data Subject will notify IEDM from time to time in writing:
of any updates or amendments required in respect of his/her/its Personal Information;
where the Data Subject requires IEDM to delete his/her/its Personal Information; or
where the Data Subject wishes to restrict the Processing of his/her/its Personal Information.
COSTS TO ACCESS PERSONAL INFORMATION/PERSONAL DATA
In the event that a cost is applicable, the prescribed fees to be paid for copies of the Data Subject’s Personal Information are listed in IEDM’s PAIA Manual.
IEDM reserves the right to make amendments to this Policy from time to time.
COMPLAINTS TO THE INFORMATION REGULATOR
If any Data Subject or Third Party is of the view or belief that IEDM has Processed their Personal Information in a manner or for a purpose which is contrary to the provisions of this Policy, the Data Subject is requested to first attempt to resolve the matter directly with IEDM, failing which the Data Subject or Third Party shall have the right to lodge a complaint with the Information Regulator, under the provisions of POPIA.
The current contact particulars of the Information Regulator are:
The Information Regulator (South Africa)
JD House 27 Stiemens Street Braamfontein Johannesburg, 2001
PO Box 31533
Braamfontein, Johannesburg, 2107
All comments, questions, concerns or complaints regarding Personal Information or this Policy, should be forwarded to IEDM’s Information Officer at the following email address – email@example.com.