(Issued in accordance with Section 5 (a) (i) and 18 of the Protection of Personal Information Act, 4 of 2013 (POPI))
Purpose and Aim of the Privacy Notice
Assurecloud values your privacy and will be transparent about the personal information that we process when we interact with you. The aim of this Privacy Notice is to inform and provide you with an overview of how we process your personal information in our organisation, and by doing so we are fulfilling our notification obligation.
We commit ourselves to manage and process your personal information in accordance with the applicable privacy and information protection laws and regulations, to ensure the lawful, fair, and transparent processing of your personal information for any specified, explicit, and legitimate purpose, in a reasonable manner that does not infringe on your right to privacy.
We recognise and are committed to your right to privacy, which includes, but is not limited to the right to the protection against the unlawful collection, retention, dissemination and use of personal information.
Why We Collect and Process Personal Information
Our reason for collecting your personal information depends on the activity at hand. Our intention for collecting personal information, includes but is not limited to:
- Contests, Email Newsletters and Inquiry Information to allow us to be in contact with you in relation to your enquiry or your participation in Assurecloud’s email newsletters or the contests; to personalise our services for you, notify you of special offers or promotions that we believe may be of interest to you, and to send our newsletters to you, or to provide you with customer service, as well as to monitor our provision of customer service. In some cases, we may use elements of your Personal Data for external communications purposes, for example, drafting a press release regarding a contest winner.
- Website Information to monitor and administer the contests you may enter and your enquiries you may send; to analyse trends, usage and activities with users on our website, to ensure its technological compatibility; to help us create websites that best suit our users’ interests and preferences, and to assist in identifying products and services, site features, advertisements, as well as offers that may be of particular interest to you (for example, as part of extended market research). We also use website information to monitor and maintain the security of our website and prevent cyber security incidents, as well as to collect feedback on website usage, provide IT support to online visitors, and to gauge the success of our marketing initiatives.
- Portal Subscriber Information to administer the specific relationship, fulfil contractual obligations, deal with quality issues, assist with business planning and development, assist suppliers or other portal subscribers to achieve goals, and to administer incentive programmes. In certain limited cases, we also use Personal Data to facilitate billing and invoicing, or for the purpose of product traceability or compliance with regulatory requirements or contractual requirements. We obtain personal information via the portal for the purpose of processing bookings. We do not save bank details; however, we redirect to a third-party service provider, where payment is facilitated.
- Passwords and Password Aide-mémoire Questions and Answers to register yourself online in a secure way and help you login if you forget your password. We request that you choose a password that is unique to every account and that you do not use sensitive information or financial information as an aide-mémoire (for example, your bank account credentials). We do not store passwords for students/clients, but we do use third-party tools.
- CCTV Footage to maintain a safe and secure environment for our people, visitors, products, services, and processes, where applicable.
- Information Collected on Social Media Accounts to connect with you via your social media accounts, to answer your inquiries and better engage with our customers.
- Research & Development and Market Research Information to perform market research, improve our products and services (for R&D purposes), and for the study and understanding of the business and preferences of consumers or operators.
- Visitor Information to comply with building safety obligations, to identify the people who are entering our premises and for health reasons.
- Photos and Videos and Related Content to communicate with relevant parties regarding our events, meetings, conferences, products, partnerships and other relationships, on our websites, via our social media accounts, via press releases, and other corporate communications and marketing materials. In some cases, we may ask you to provide us with your email address to send you related event pictures and videos; we may collect your professional details to contact you about our products and services; or, if you are a government official, we may collect and use data revealing your political opinions, to facilitate corporate communications, corporate affairs, recruitment, and engagement of individuals, and for public affairs purposes.
- CV/Resumes and Relevant Information for Recruitment to enable us to recruit the right people.
- Information relating to Sourcing and Procurement to set up the contractual terms with our suppliers, to pay for our suppliers’ products or services, to perform recalls and to call warranties, to comply with accounting obligations applicable to us, to conduct demand planning and generally to facilitate the relationship with our suppliers.
- Information relating to Individual Consumers of our products and services to, if and to the extent permitted by applicable law, provide individual consumers of our products and services with marketing communications promoting our products and services (or those of third parties), to better understand our consumers’ needs, to address complaints on our products and services, and more generally to improve our relationships with individual consumers.
- User-generated Content received through our online presence to better engage with our customers or individual consumers of our products, to interact with our customers, and to address complaints.
- Information about Inventors to apply for or assign patents or similarly registered intellectual property rights for the benefit of Assurecloud.
- Information to Protect against Serious Threats to Health to allow us to protect you and other individuals, such as customers or contractors, and to help contain the threat in the public interest.
- ID and Passport Information to help us prevent unauthorised individuals from accessing, changing, or deleting your Personal Data.
- Internal Administrative Purposes to allow us to administer the business, including for purposes of audit, data analysis, sustainable cost advantage, compliance, governance, and legal, corporate social responsibility (CSR), security, accounts payable and receivable validation, and database records.
- Combined Information, if and to the extent permitted by applicable law, to better understand your needs and interests. In particular, we may combine the Personal Data that you have provided to us with other information we have collected about you, whether online or offline, or with data obtained from other sources (such as our third-party advertising partners). In this way we can provide you with the most optimal customer experience and serve you advertisements or otherwise interact with you in ways that are specifically tailored to your interests and preferences. For example, if and to the extent permitted by applicable law: we may share a cryptographic hash of your email address with a third-party advertising partner, such as social networking sites where you are a registered user (by using the hashing process, your email address is not disclosed to the third party). If the hashed email address from us matches a hashed email address that the third-party advertising partner possesses, the third party identifies you as part of a group of individuals to whom our ads might be served on its website or on other media; and a third-party advertising partner may provide us with certain aggregate demographic information about the demographic group to which you belong, which is obtained from your profile and materials with the third-party advertising partner.
- De-identified/Anonymised Information to identify trends, manage our business, develop statistical information, understand how we are performing, or develop relevant products, services or offers derived from combining Personal Data with other information, as explained above.
- Personal Information including gender and medical information for endorsements and certification, from a training perspective and in response to lab test results.
We may also use your Personal Data, contingent on certain circumstances and for the following purposes:
- For corporate communication purposes and for public affairs purposes (including, if necessary, to issue a public response to specific complaints)
- To respond to your comments and questions (problem resolution)
- To provide customer service (for example, product recalls, tracking, and responding to product-quality concerns)
- To conduct sales and market research (for example, through surveys)
- To conduct research and development (for example, through product concept correspondence)
- When you are required to register for a Assurecloud event
- If and to the extent permitted by applicable law, for direct marketing purposes
- To improve business relations
- For public affairs purposes
- To protect against and prevent fraud, or other criminal activities, unauthorised transactions, claims and other liabilities, and to manage exposure to risk
- To handle legal disputes
- To conduct corporate transactions (including mergers, acquisitions, and divestments), and
- To improve and enhance our products and services, in general.
We will not use Personal Data for any purposes that are incompatible with those outlined in this Policy, unless you give us your free and informed consent for additional specific purposes.
Types of Personal Information We Collect and Process
|GENERAL PERSONAL INFORMATION – Individual|
|Full Name/s and Surname||Identification / Passport Details / Date of birth / Age||Contact Details – email / telephonic||Gender, Race or Ethnic Origin|
|Qualifications / Registrations / Memberships / Accreditations||Employment History / Salary Information||Complaints and Disciplinary Records||Personal Tax Income Reference|
|Financial Information / Banking Details||Union Affiliations||Contactable References||Driver’s Licence|
|Physical / Mental / Medical / Health Information||Next of Kin Contact Information||Online / Instant Messaging Identifiers||Any form of correspondence|
|Relationship Status – marital / family relations||Photos, voice recordings, video footage, biometric data||Criminal Information||Physical / Postal Address|
|GENERAL PERSONAL INFORMATION – Company|
|CIPC Documents||Directors / Shareholder Identification / Passport Details||Shareholding Certificates||Banking Details|
|Income Tax Reference||VAT Registration||Qualifications / Registrations / Memberships / Accreditations||BBBEE Certificate|
|Contact Details||Financial Statements / Bank Statements||Contactable References||Medical / Health Information|
Lawful Processing of Personal Information
Processing is necessary to carry out our business function to ensure that our daily business performance aligns with our vision and mission.
We only process your personal information, if such:
- Processing of a contract to which you are a party, e.g., service level agreement, student/training agreement, non-disclosure agreement, applications for examinations, applications for training agreement, membership, recruitment, subscriptions, services, etc.;
- Processing complies with an obligation imposed by law on us, e.g., providing information to regulators, professional bodies, accreditation bodies, membership bodies, statutory bodies, law enforcement;
- Processing protects your legitimate interest;
- Processing is necessary for pursuing our interests or those of a third party, to which the information is supplied legitimately.
Consequences of Your Refusal to Provide Personal Information
Therefore, and depending on the circumstances, if you do not provide us with the Personal Data we request or if you ask that we cease processing your Personal Data, the quality of our products or services may be affected or we would be in breach of one or more legal or contractual obligations applicable to us. In some cases, if we are not allowed to process your Personal Data, this may result in us being required to cease to provide you with our products or services or to terminate our relationship with you.
To Whom do We Disclose your Personal Information
Our employees will have access to your personal information to administer and manage our services and our stakeholder relationships. Your personal information will further be shared with third parties, subject to the purpose of us collecting and processing your information, including but not limited to the following circumstances:
We do not sell or rent your Personal Data to others. We only share Personal Data with third parties that are bound by terms at least as restrictive as this Policy and only in the following ways:
- Affiliates – We may share Personal Data with any of our affiliates or subsidiaries, for example, for the purpose of providing customer service, administering our contests, sweepstakes, and loyalty programmes, or improving our products and services. We may also share your Personal Data with affiliates or subsidiaries that provide shared services within Assurecloud, for example, in connection with the purchase and sale of products, financial and accounting support, recordkeeping, customer billing and collections, order processing, credit control, accounts payable processing, and preparing and reporting estimates and results.
- Oversight and other regulators, professional bodies, and statutory bodies
- Accreditation, Registration, Regulatory Bodies
- Government agencies and law enforcement
- Our Board Members and Management
- Service Providers – We share Personal Data with third-party providers of services relating to, for example, our website, the administration of our contests, sweepstakes and loyalty programmes, the provision of our customer service, our CCTV surveillance, our market research and sales, our recruiting efforts, our R&D activities or our public relations, IT systems or software, IT support, document and information storage, travel and mobility, translation services, and waste disposal services. These service providers only have access to the Personal Data necessary to perform their functions, only act on our behalf and under our instructions, and may not use it for purposes other than to perform such functions.
- Customers – We may share Personal Data with our customers (for example, when collected through special purpose portals) to address traceability and other regulatory or contractual requirements or to facilitate problem resolution.
- Legal – We may disclose Personal Data to courts, law enforcement agencies, and other government bodies where we believe that doing so is in accordance with or required by any applicable law, regulation, or legal process. We may also disclose Personal Data to external legal counsel to assist us with the establishment and defence of legal claims or to assist us on transactions (for example, to provide assistance in connection with mergers, acquisitions or divestments) or to other third parties also engaged in such legal matters (for example, to the adverse party in court proceedings, to judicial experts, to other stakeholders involved in the claim, etc.).
- Business Transfers – In the event of a reorganisation, merger or sale, we may transfer any and all Personal Data we collect to the relevant third party involved in the reorganisation, merger or sale, with the consent of data subjects if and as required under applicable privacy laws.
- Third-Party Advertising Partners – we may share Personal Data with third-party advertising partners that place advertisements on our websites, or other websites or media to measure advertising effectiveness and to serve you with advertisements and other products and materials that best meet your interests and preferences. These third-party advertising partners may also provide us with certain information about you or the demographic group to which you belong, in which case we may combine this information with the Personal Data we have already collected about you in order to better understand your interests and preferences.
- Third-Party Data Service Providers – we may share Personal Data with third-party data service providers who help us to segment and understand our customers by providing additional information so that we can send you what we believe will be the most relevant, targeted, and beneficial product offers and advertisements.
- With Your Consent – We may also share Personal Data with other third parties subject to your prior consent.
Protection and Retention of your Personal Information
Assurecloud will take the necessary steps to secure the integrity and confidentiality of personal information in our possession and under our control by taking appropriate, reasonable measures to prevent loss of, damage to, or unauthorised destruction of your personal information and unlawful access to or processing of personal information, regardless of the format.
Your personal information will be archived, as set out in the data retention schedule (available on request). The purpose of which the personal information was collected initially or subsequently processed, unless retention is required or authorised by applicable law, or we reasonably require the records for lawful purposes related to our functions or activities or is required by a contract or you have consented to the retention of the record.
Unfortunately, the transmission of information via the Internet is not completely secure. Despite our safeguards, we cannot guarantee the security of information transmitted to us via the Internet. Once we have received your information, we will maintain reasonable safeguards to protect it.
Assurecloud may contact you periodically to provide information regarding our events, seminars, products, services, and content that may be of interest to you and to invite you to participate in research and projects. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send such communications after receiving your consent.
If you do not wish to receive further marketing and research communications from us, you can click on the unsubscribe link in the marketing communication. Note that all withdrawal of your consent will not affect the lawfulness of processing based on the consent prior to its withdrawal. Upon withdrawal of your consent, we will no longer be able to inform you of our products, services, publishing topics, etc.
Laws Authorising or Requiring the Collection of Personal Information
Under certain circumstances, we are authorised or required by law to collect your personal information. These laws include but are not limited to the below and includes their applicable Regulations and Directives, etc.:
|Auditing Professions Act, 26 of 2005||Income Tax Act, 58 of 1962|
|Basic Conditions of Employment Act, 75 of 1997||Occupational Health and Safety Act, 85 of 1993|
|Chartered Accountant Designation (Private) Act, 67 of 1993||National Qualifications Framework Act, 67 of 2008|
|Companies Act, 71 of 2008||Value Added Tax Act, 89 of 1991|
|Compensation of Occupational Injuries and Diseases Act, 130 of 1993||Skills Development Act, 97 of 1998|
|Disaster Management Act, 57 of 2002||Tax Administration Act, 28 of 2011|
|Employment Equity Act, 55 of 1999|
The POPI Act guarantees you, as a data subject, certain rights that you may exercise against us where applicable.
You have the right to be informed if your personal information is collected, or accessed, by an unauthorised person. In addition, you have the right of access to their personal information and to require that personal information is updated, corrected, destroyed or processed.
The Act does not apply to personal information processed:
- in the course of a personal or household activity,
- or where the processing authority is a public body involved in national security, defence, public safety, anti-money laundering,
- or the Cabinet or Executive Council of the Province,
- or as part of a judicial function.
Personal information can only be processed (Section 11):
- with the consent of the “data subject”; or
- if it is necessary for the conclusion or performance of a contract to which the “data subject” is a party; or
- if it is required by law; or
- if it protects a legitimate interest of the “data subject”; or
- if it is necessary to pursue your legitimate interests, or the interest of a third party to whom the information is supplied.
You have the right to object to having your personal information processed. You have the right to withdraw your consent, or object if you can show legitimate grounds for your objection.
A Responsible Party has to collect personal information directly from the “data subject”, unless:
- this information is contained in some public record or has been deliberately published by the data subject;
- collecting the information from another source does not prejudice the subject;
- it is necessary for some public purpose; or to protect their own interests;
- obtaining the information directly from the subject would prejudice a lawful purpose or is not reasonably possible.
Your Personal Information will only be kept if it is allowed by law, or the information is needed to keep the record for lawful purpose or in accordance with the contract between the company and the data subject, or the data subject has consented to the data processor keeping the records (Section 14).
Assurecloud is entitled to keep records of personal information for historical, statistical or research purposes if it has been “de-identified” and safeguards have been established to prevent the records being used for any other purposes.
Personal information will only be used for the purpose for which the data was collected (Section 15).
Documentation relating to personal information and how it has been processed will be maintained as referred to in Section 14 or 51 of the Promotion of Access to Information Act.
When information is being collected, data subjects will be made aware of (Section 18):
- the information that is being collected and if the information is not being collected from the subject, the subject must be made aware of the source from which the information is being collected;
- the name and address of the organisation collecting the information;
- the purpose of the collection of information;
- the period for which the information will be retained, and assurance given that it will be destroyed in accordance with our data retention schedule (available upon request);
- whether the supply of the information by the subject is voluntary or mandatory;
- the consequences of failure to provide the information;
- whether the information is being collected in accordance with any law;
- who will be receiving the information;
- that the data subject has access to the information and the right to rectify any details;
- that the data subject has the right to object to the information being processed (if such right exists);
- that the data subject has the right to lodge a complaint to the Information The contact details of the Information Regulator must also be supplied (Section 18).
This Privacy Notice must be read in conjunction with the POPI Act, which can be downloaded from Act No. 4 of 2013: Protection of Personal Information Act, 2013.
Pieter Erasmus – Chief Executive Officer
Email address: firstname.lastname@example.org
Changes to Privacy Notice
We will review this Privacy Notice and may amend or supplement this Notice from time to time, in accordance with regulatory changes, business strategies and new technology introduced into our operations.
We will publish an updated version of this Notice, as and when amendments or supplements have been made on our website.
In some instances, we may receive your personal information (including your name and contact details) from a third party, and we will notify you of our collection of your personal information as soon as reasonably practicable subsequent to its collection.
Should we have previously issued a Personal Information Protection Notice to you in relation to the collection of your personal information including similar categories of personal information or for a similar purpose of collection, we would not have to issue a new Privacy Notice and will be compliant with Section 5 (a) (i) and 18 of the POPI Act.