INTRODUCTION:
We respect the privacy of all our clients, customers and suppliers (our data subjects).
This policy explains how we obtain, use and dispose of the personal information of our data subjects. It furthermore sets out the processes our data subjects can follow regarding their personal information in our possession or to be obtained by us.
We urge you to read this policy so that you can understand our approach towards the use of our data subjects’ personal information.
1. DEFINITIONS:
1.1 “Company” means NEO TECHNOLOGIES (PTY) LTD with registration number 2002/008763/07;
1.2 “Data Subject” means the natural or juristic person to whom personal information relates, such as an individual client, customer or a company that supplies the Company with products, services, or other goods.
1.4. “Information Officer” means the person responsible for ensuring the Company’s compliance with POPIA. Where no Information Officer is appointed, the head of the Company will be responsible for performing the Information Officer’s duties.
1.5. “Personal Information” means any information that can be used to reveal a person’s
identity. Personal Information relates to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person (such as a Company), including, but not limited to information concerning—
1.5.1. race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language, and birth of a person.
1.5.2. information relating to the education or the medical, financial, criminal or employment history of the person.
1.5.3. any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
1.5.4. the biometric information of the person.
1.5.5. the personal opinions, views or preferences of the person.
1.5.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
1.5.7. the views or opinions of another individual about the person.
1.5.8. the name of the person if it appears with other Personal Information relating to the personor if the disclosure of the name itself would reveal information about the person.
1.6. “Personnel” refers to any person who works for, or provides services to or on behalf of the Company, and receives or is entitled to receive remuneration and any other person who assists in carrying out or conducting the business of the Company, which includes, without limitation, all directors / all directors, all permanent, temporary and part‐ time staff as well as contract workers; and
1.7. “POPIA” means the Protection of Personal Information Act No. 4 of 2013; and
1.8. “POPIA Policy” means such Policy as adopted by the Company in compliance with the provisions of POPIA, and as amended from time to time; and
1.9. “Regulator” means the Information Regulator established in terms of Section 39 of POPIA.
2. PURPOSE OF THIS POLICY:
This policy explains how we obtain, use and dispose of the personal information of our data subjects. It furthermore sets out the processes our data subjects can follow regarding their personal information in our possession or to be obtained by us.
3. COLLECTION OF PERSONAL INFORMATION:
3.1. We collect and process our data subjects’ personal information to enable us to exchange correspondence, quotes, invoices, and statements and to support our relationship with them and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose and any requests will be properly motivated by us.
3.2. Examples of Personal Information we collect:
3.2.1 Name and registration/ ID number.
3.2.2 Physical address / registered address.
3.2.3 Email address.
3.2.4 Telephone/cell numbers.
3.2.5 VAT numbers for invoicing purposes.
3.2.6 Bank account confirmation in respect of suppliers.
3.3. Access to Personal Information will be and can be given to:
3.3.1. Auditors and / or Accountants of the Company; and
3.3.2. Attorneys and / or Counsel appointed by the Company.
4. HOW WE COLLECT PERSONAL INFORMATION:
4.1. Directly from our data subjects when they use our website or any of our services or if we request it from them.
4.2. In limited instances, we collect personal information from third parties. We will only collect personal information this way where such information is publicly available or for legitimate business purposes.
4.3. Through the use of cookies, which will mainly be used to identify visitors that return to our website. You can prevent us from doing this through a setting on your browser. Cookies only store information from your browser and cannot access data on your computer.
5. THE USE OF OUR DATA SUBJECTS PERSONAL INFORMATION:
We may use our data subjects personal information for any legitimate business purposes relating to our services and/or business activities. Some of the purposes for which we use our data subjects personal information include:
5.1. responding to queries received via our website or emailed to us;
5.2. onboarding data subjects as customers /suppliers and verifying their identity (as required by law);
5.3. providing our data subjects with our services/products;
5.4. improving our website and services by analysing certain information collected, including cookies and other related information;
5.5. sending our data subjects information (in the form of our newsletter);
5.6. complying with regulatory or other obligations.
6. OUR DATA SUBJECTS RIGHTS:
6.1. The Right to Access Personal Information: The Company recognises that a data subject has the right to establish whether the Company holds personal information related to him, her, or it, including the right to request access to that personal information.
6.2. The Right to have Personal Information Corrected or Deleted: The data subject has the right to request, where necessary, that his, her or its personal information must be corrected or deleted where the Company is no longer authorised to retain the Personal Information.
6.3. The Right to Object to the Processing of Personal Information: The data subject has the right, on reasonable grounds, to object to the processing of his, her or its Personal Information. In such circumstances, the Company will give due consideration to the request and the requirements of POPIA. The Company may cease to use or disclose the data subject’s personal information and may, subject to any statutory and contractual record‐keeping requirements, also approve the destruction of the personal information.
6.4. The Right to Object to Direct Marketing: The data subject has the right to object to the processing of his, her or its personal information for purposes of direct marketing by means of unsolicited electronic communications.
6.5. The Right to Complain to the Information Regulator: The data subject has the right to submit a complaint to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non‐compliance with the protection of his, her or its personal information.
6.6. The Right to be Informed: The data subject has the right to be notified that his, her or its Personal Information is being collected by the Company. The data subject also has the right to be notified in any situation where the organisation has reasonable grounds to believe that the personal information of the data subject has been accessed or acquired by an unauthorised person.
7. REQUEST TO ACCESS PERSONAL INFORMATION PROCEDURE:
7.1. Access to information requests can be made by email, addressed to the Information Officer. The Information Officer will send a form to be completed by the data subject.
7.2. Once the completed form has been received, the Information Officer will verify the identity of the Data Subject prior to handing over any Personal Information.
7.3. The Information Officer will process all requests within a reasonable time.
8. OUR INFORMATION OFFICER:
8.1. Information Officer: Samantha Opperman.
8.2. Physical Address: Wellness World Corporate Office Park, Block C, Office 1& 2, 196 Beethoven Street, Melodie.
8.3. Telephone and email ‐ sam@neo.co.za / 012 371 2300.
9. OUR COMPLAINTS PROCEDURE:
Data subjects have the right to complain in instances where any of their rights under POPIA have been infringed upon. The Company takes all complaints very seriously and will address all POPIA related complaints in accordance with the following procedure.
9.1. POPIA complaints must be submitted to the Company in writing. Where so required, the Information Officer will provide the Data Subject with a “POPIA Complaint Form”.
9.2. Where the complaint has been received by any person other than the Information Officer, that person will ensure that the full details of the complaint reach the Information Officer within 1 working day.
9.3. The Information Officer will provide the complainant with a written acknowledgement of receipt of the complaint within 2 working days.
9.4. The Information Officer will carefully consider the complaint and address the complainant’s concerns in an amicable manner. In considering the complaint, the Information Officer will endeavour to resolve the complaint in a fair manner and in accordance with the principles outlined in POPIA.
9.5. The Information Officer must also determine whether the complaint relates to an error or breach of confidentiality that has occurred and which may have a wider impact on the Company’s Data Subjects.
9.6. Where the Information Officer has reason to believe that the Personal Information of Data Subjects has been accessed or acquired by an unauthorised person, the Information Officer will consult with the Company’s board where after the affected Data Subjects and the Information Regulator will be informed of this breach.
9.7. The Information Officer will revert to the complainant with a proposed solution with the option of escalating the complaint to the Company’s governing body within 7 working days of receipt of the complaint. In all instances, the Company will provide reasons for any decisions taken and communicate any anticipated deviation from the specified timelines.
9.8. The Information Officer’s response to the data subject may comprise any of the following:
9.8.1. A suggested remedy for the complaint.
9.8.2. A dismissal of the complaint and the reasons as to why it was dismissed.
9.8.3. An apology (if applicable) and any disciplinary action that has been taken against any employees involved.
9.9. Where the data subject is not satisfied with the Information Officer’s suggested remedies, the Data Subject has the right to complain to the Information Regulator.
9.10. The Information Officer will review the complaints process to assess the effectiveness of the procedure on a periodic basis and to improve the procedure where it is found wanting. The reason for any complaints will also be reviewed to ensure the avoidance of occurrences giving rise to POPIA related complaints.
10. OUR WEBSITE / NEWSLETTERS:
10.1. We may automatically collect non‐personal information about our data subjects, such as the type of internet browsers you use or the website from which they linked to our website. We may also aggregate details which our data subjects have submitted to the site (for example, the products or services you are interested in). Our data subjects cannot be identified from this information and it is only used to assist us in providing an effective service on this web site.
10.2. Once you are a customer you will be added to our mailing list. Our data subjects can unsubscribe from our newsletter at any time by clicking on the unsubscribe bottom at the bottom of our newsletter.
10.3. Our website will always request our data subjects to either accept or decline “cookies”.
11. OUR SECURITY SAFEGUARDS
11.1. The Company will manage the security of its filing / data record‐keeping system to ensure that our data subjects’ personal information is adequately protected.
11.2. We will take all reasonable steps to ensure that our data subjects’ personal information is protected.
11.3. We protect and manage personal information that we hold about you by using electronic and computer safeguards like firewalls, data encryption, and physical and electronic access control to our buildings. We only authorise access to personal information to those employees who require it to fulfil their designated responsibilities.
11.4. This policy is applicable to all our personnel and service providers.
11.5. Security measures also need to be applied in a context‐sensitive manner. For example, the more sensitive the Personal Information, such as credit card details, the greater the security required.
11.6. The Company will continuously review its security controls which will include regular testing of protocols and measures put in place to combat cyber‐attacks on the Company’s IT network. The Company will ensure that all paper and electronic records comprising Personal Information are securely stored and made accessible only to authorised individuals.