In this Policy (as defined below), unless the context requires otherwise, the following capitalised
terms shall have the meanings given to them —
- "Affiliate(s)" means any other business which provides digital or direct marketing and lead generation services in South Africa and which Data Inc. may appoint from time to time in order deliver the Services to its Customer(s);
- "Applicable Laws" means any laws applicable to Personal Data and Personal Information and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; the common law; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator, competent authority or organ of state or statutory industry body;
- "Child" means any natural person under the age of 18 years;
- "Competent Person" means anyone who is legally competent to consent to any action or decision being taken by any matter concerning a child, for example a parent or legal guardian;
- "Controller" means Data Inc., in circumstances where it Processes Personal Data (as defined in Article 4 of the GDPR);
- "Customer(s)" means any natural person(s), or where applicable juristic person(s), who have either concluded an agreement with Data Inc. in terms of which such Customer procures the Services provided by Data Inc. (whether for themselves or their own customers/clients/members), or a Data Subject and/or Third Party whose Personal Information/Personal Data, Data Inc. may Processes from time to time;
- "Campaign Site(s)" means any digital or online interface and/or Website(s) developed and deployed by Data Inc. , which Data Inc. makes available to its Customer(s), Data Subjects and/or any Third Party and which facilitates the engagement between Data Inc. and its Customer(s), or any other Data Subject or Third Party on matters pertaining to the services provided by Data Inc. to its Customer(s) from time to time, or by Data Inc’s Customer(s) to their own customers or any Data Subject or Third Party with whom they seek to engage from time to time;
- "Data Subject" means Data Inc. ’s Customer(s) or any Third Party in respect of whom Data Inc. Processes Personal Information/Personal Data;
- "GDPR" means the General Data Protection Regulation, which is a European law that governs all collection and processing of personal data from individuals inside the European Union;
- "Marketing Channel(s)" means a wide range of media channels to be used to communicate with consumers, including but not limited to SMS, email, websites, Google (including Google Search and Google Display) and social media platforms (including Facebook, Instagram, LinkedIn, Twitter, Youtube, etc).
- "Operator" means a person or entity who Processes Personal Information/Data for a Responsible Party;
- "Personal Data" (as defined in Article 4 of the GDPR) means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly;
- "Personal Information" shall have the same meaning as is given in section 1 of POPIA;
- "POPIA" means the Protection of Personal Information Act, No 4 of 2013;
"Processing" means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information/Personal Data, including:
1.16.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
1.16.2 dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
1.16.3 merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition, "Process" has a corresponding meaning
- "Regulator" means the Information Regulator established in terms of POPIA;
- "Responsible Party" means in the context of this Policy, Data Inc. ;
- "Services" means the various lead generation- and marketing services provided by Data Inc. to its Customer(s), the particulars of which services are clearly set forth on Data Inc. ’s Websites from time to time;
- "Data Inc." means Thinkmoney (Pty) Ltd t/a Data Inc. Technologies (Registration Number: 2004/029728/07), which is a private company registered in terms of the Company Laws of South Africa and is the provider of property management services;
- "Capitalworks Group Company" means any company forming part of the Capitalworks Investment Partners (https://www.capitalworksip.com/) Group of Companies from time to time.
- "Special Personal Information/Data" means Personal Information/Personal Data concerning, amongst other aspects contemplated in terms of section 26 Part B of POPIA, a Data Subject's, religious beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric data, or criminal behaviour;
- "Third-Party" means any Capital Works Group Company, Affiliate(s), Customer(s), employees, independent contractor, agent, consultant, user of Data Inc’s Services, Website, Campaign Site(s) or any other digital application interface deployed by Data Inc. from time to time pursuant to administering its business;
- "Third-Party Services" means any third-party services provided by any of Data Inc. ‘s Customer(s) from time to time.
- "Websites" means the websites owned and operated by Data Inc. sourced at https://datainc.tech/ and https://thinkmoney.co.za/
- This Policy regulates the Processing of Personal Information/Personal Data by Data Inc. and sets forth the requirements with which Data Inc. undertakes to comply when Processing Personal Information/Personal Data pursuant to undertaking its operations and fulfilling its contractual obligations in respect of its Customer(s), Data Subjects and Third Parties in general.
- Data Inc. places a high premium on the privacy of every person or organisation with whom it interacts or engages with and therefore acknowledges the need to ensure that Personal Information/Personal Data is handled with a reasonable standard of care as may be expected from it. Data Inc. is therefore committed to ensuring that it complies with the requirements of POPIA, and also with the terms of the GDPR to the extent that the GDPR applies.
- When a Data Subject or Third Party engages with Data Inc., whether it be physically or via any digital, electronic interface such as Data Inc’s Website or Campaign Site(s), the Data Subject or Third Party acknowledges that they trust Data Inc. to Process their Personal Information/Personal Data, including the Personal Information/Personal Data of their dependents, beneficiaries, customers, members, or employees as the case may be.
- All Data Subjects and Third Parties have the right to object to the processing of their Personal Information/Personal Data. It is voluntary to accept the Terms and Conditions to which this Policy relates. However, Data Inc. does require the Data Subject or Third Party’s acceptance to enable the proper use of Data Inc’s Website, Campaign Site(s) and/or Services.
PURPOSE AND APPLICATION
- The purpose of this Policy is not only to inform Data Subjects about how Data Inc. Processes their Personal Information/Personal Data, but also to establish a standard by which Data Inc. and its employees and representatives shall comply in as far as the Processing of Personal Information/Personal Data is concerned.
- Data Inc. , in its capacity as a Responsible Party and/or Operator and/or Controller, as the case may be, shall strive to observe and comply with its obligations under POPIA and the GDPR (as may be applicable and to the extent necessary) when it Processes Personal Information/Personal Data from or in respect of any Data Subject.
COLLECTING & PROCESSING OF PERSONAL INFORMATION/PERSONAL DATA
- Whenever any Data Subject engages with Data Inc. , whether it be physically or electronically, or through the use of its Services, facilities, Website or Customer(s) Portal, Data Inc. will in effect be Processing the Data Subject’s Personal Information/Personal Data.
- It may be from time to time that Data Inc. has collected a Data Subject’s Personal Information/Personal Data from other sources. In the event that a Data Subject has shared their Personal Information/Personal Data with any third parties, Data Inc. will not be responsible for any loss suffered by the Data Subject, their dependents, beneficiaries, customers, members or employees (as the case may be).
- When a Data Subject provides Data Inc. with the Personal Information of any other Third Party, Data Inc. will process the Personal Information/Personal Data of such Third Party in line with this Policy, as well as the terms and conditions to which this Policy relates.
- Data Inc. will Process Personal Information/Personal Data in order to facilitate and enhance the delivery of Services to its Customers, foster a legally compliant workplace environment, as well as safeguard the Personal Information/Personal Data relating to any Data Subjects which it in fact holds. In such an instance, the Data Subject providing Data Inc. with such Personal Information/Personal Data will confirm that they are a Competent Person and that they have authority to give the requisite consent to enable Data Inc. to process such Personal Information/Personal Data.
Data Inc. undertakes to process any Personal Information/Personal Data in a manner
which promotes the constitutional right to privacy, retains accountability and Data Subject
participation. In supplementation of the above, Data Inc. will process Personal
Information/Personal Data for the following purposes:
4.5.1 To provide Services to data subjects, and to manage any information requested by data subjects in general;
4.5.2 To establish a Data Subject’s needs, wants and preferences in relation to the Services provided by Data Inc. ;
4.5.3 To help Data Inc. identify data subjects when they engage with Data Inc. ;
4.5.4 To facilitate the delivery of the Services and/or Third Party Services to Customers and/or Data Subjects in general;
4.5.5 To allocate to Customers unique identifiers for the purpose of securely storing, retaining and recalling such Customers Personal Information/Personal Data from time to time;
4.5.6 To maintain records of Data Subjects and specifically Customer records;
4.5.7 To maintain Third Party records;
4.5.8 For recruitment purposes;
4.5.9 For employment purposes;
4.5.10 For apprenticeship purposes;
4.5.11 For general administration purposes;
4.5.12 For legal and/or contractual purposes;
4.5.13 For health and safety purposes;
4.5.14 To monitor access, secure and manage any facilities owned or operated by Data Inc. regardless of location in South Africa;
4.5.15 To transact with Third Parties;
4.5.16 To improve the quality of Data Inc. ’s Services;
4.5.17 To transfer Personal Information/Personal Data to any other Capital Works Group Company so as to enable the relevant Capital Works Group Company to market its products and/or services to Data Inc. ’s Customer(s) or any other Third Party, as well as to render specific services to Data Inc. itself which would in turn enable Data Inc. to render its Services to its Customer(s);
4.5.18 To transfer Personal Information/Personal Data to any Affiliate(s) so as to enable Data Inc. and its Customer(s) to make use of the services provided by the relevant Affiliate(s) and in turn enable the delivery of the Services and/or Third-Party Services;
4.5.19 To analyse the Personal Information/Personal Data collected for research and statistical purposes;
4.5.20 To transfer Personal Information/Personal Data across the borders of South Africa to other jurisdiction;
4.5.21 To carry out analysis and Data Subject and/or Third Party profiling;
4.5.22 To transmit marketing material to any Third Party in respect of any Third-Party Services via any Marketing Channel, including the Campaign Site(s);
4.5.23 To identify other products and services which might be of interest to our Customers and Data Subjects in general, as well as to inform them of any Third-Party Services.
- Data Inc. will not Process the Personal Information/Personal Data of a Data Subject for any purpose other than for the purposes set forth in this Policy, unless Data Inc. is permitted or required to do so in terms of Applicable Laws or otherwise by law.
- Data Inc. may from time to time Process Personal Information/Personal Data by making use of automated means (without deploying any human intervention in the decision-making process) to make decisions about the Data Subject or their application. In this instance it is specifically recorded that the Data Subject may object to or query the outcomes of such a decision.
PERSONAL INFORMATION/PERSONAL DATA FOR DIRECT MARKETING PURPOSES
- Data Inc. acknowledges that it may only use Personal Information/Personal Data to contact Data Subjects for purposes of direct marketing where Data Inc. has complied with the provisions of POPIA and GDPR (where applicable) and when it is generally permissible to do so in terms of Applicable Laws.
- Data Inc. will ensure that a reasonable opportunity is given to all Data Subjects to object (opt-out) to the use of their Personal Information/Personal Data for Data Inc. 's marketing purposes when collecting the Personal Information/Personal Data and on the occasion of each communication to the Data Subject for purposes of direct marketing.
STORAGE AND RETENTION OF PERSONAL INFORMATION/PERSONAL DATA
- Data Inc. will retain Personal Information/Data it has Processed, in an electronic or hardcopy file format, with a Third-Party service provider appointed for this purpose (the provisions of clause 9 below will apply in this regard).
- Personal Information/Personal Data will only be retained by Data Inc. for as long as necessary to fulfil the purposes for which that Personal Information/Personal Data was collected and/or as permitted in terms of Applicable Law.
- It is specifically recorded that any Data Subject has the right to object to the Processing of their Personal Information and Data Inc. shall retain and store the Data Subject’s Personal Information/Personal Data for the purposes of dealing with such an objection or enquiry as soon and as swiftly as possible.
FAILURE TO PROVIDE PERSONAL INFORMATION
- Where Data Inc. is required to collect Personal Information/Personal Data from a Data Subject by law or in order to fulfil a legitimate business purpose of Data Inc. and the Data Subject fails to provide such Personal Information/Personal Data, Data Inc. may, on notice to the Data Subject, decline to render services without any liability to the Data Subject.
SECURING PERSONAL INFORMATION/PERSONAL DATA
- Data Inc. has implemented appropriate, reasonable, physical, organisational, contractual and technological security measures to secure the integrity and confidentiality of Personal Information/Personal Data, including measures to protect against the loss or theft, unauthorised access, disclosure, copying, use or modification of Personal Information/Personal Data in compliance with Applicable Laws.
- In further compliance with Applicable Law, Data Inc. will take steps to notify the relevant Regulator(s) and/or any affected Data Subjects in the event of a security breach and will provide such notification as soon as reasonably possible after becoming aware of any such breach.
- Notwithstanding any other provisions of this Policy, it should be acknowledged that the transmission of Personal Information/Personal Data, whether it be physically in person, via the internet or any other digital data transferring technology, is not completely secure. Whilst Data Inc. has taken all appropriate, reasonable measures contemplated in clause 8.1 above to secure the integrity and confidentiality of the Personal Information/Personal Data its Processes, in order to guard against the loss of, damage to or unauthorized destruction of Personal Information/Personal Data and unlawful access to or processing of Personal Information/Personal Data, Data Inc. in no way guarantees that its security system is 100% secure or error-free. Therefore, Data Inc. does not guarantee the security or accuracy of the information (whether it be Personal Information/Personal Data or not) which it collects from any Data Subject.
- Any transmission of Personal Information/Personal Data will be solely at the own risk of Data Subject. Once Data Inc. has received the Personal Information/Personal Data, it will deploy and use strict procedures and security features to try to prevent unauthorised access to it. As indicated above, Data Inc. reiterates that it restricts access to Personal Information/Personal Data to Third Parties who have a legitimate operational reason for having access to such Personal Information/Personal Data. Data Inc. also maintains electronic and procedural safeguards that comply with the Applicable Laws to protect your Personal Information from any unauthorized access.
- Data Inc. shall not be held responsible and by accepting the terms and conditions to which this Policy relates, any Data Subject agrees to indemnify and hold Data Inc. harmless for any security breaches which may potentially expose the Personal Information/Personal Data in Data Inc. ’s possession to unauthorized access and or the unlawful processing of such Personal Information/Personal Data by any Third-Party.
PROVISION OF PERSONAL INFORMATION/PERSONAL DATA TO THIRD PARTIES
- Data Inc. may disclose Personal Information/Personal Data to Third Parties where necessary and to achieve the purpose(s) for which the Personal Information/Personal Data was originally collected and Processed. Data Inc. will enter into written agreements with such Third Parties, to ensure that they comply with Applicable Laws pursuant to the Processing of Personal Information/Personal Data provided to it by Data Inc. from time to time.
TRANSFER OF PERSONAL INFORMATION/PERSONAL DATA OUTSIDE OF SOUTH-AFRICA
- Data Inc. may, under certain circumstances, transfer Personal Information/Personal Data to a jurisdiction outside of the Republic of South Africa in order to achieve the purpose(s) for which the Personal Information/Data was collected and Processed, including for Processing and storage by Third-Party service providers.
- Data Inc. will obtain the Data Subject's consent to transfer the Personal Information/Personal Data to such foreign jurisdiction unless consent is not required by Applicable Law.
- The Data Subject should also take note that, where the Personal Information/Personal Data is transferred to a foreign jurisdiction, the Processing of Personal Information/Personal Data in the foreign jurisdiction may be subject to the laws of that foreign jurisdiction.
ACCESS TO PERSONAL INFORMATION/PERSONAL DATA
- A Data Subject has the right to a copy of the Personal Information/Personal Data which is held by Data Inc. (subject to a few limited exemptions as provided for under Applicable Law).
- The Data Subject must make a written request (which can be by email) to the Information Officer designated by Data Inc. from time to time.
- Data Inc. will provide the Data Subject with any such Personal Information/Personal Data to the extent required by Applicable Law and subject to and in accordance with the provisions of Data Inc. s PAIA Manual (published in terms of section 51 of the Promotion of Access to Information Act, 2000 (“PAIA”), which PAIA Manual can be sourced on Data Inc. ‘s website at https://datainc.tech/
- The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information/Personal Data in Data Inc. 's records at any time in accordance with the process set out in Data Inc. 's PAIA Manual.
KEEPING PERSONAL INFORMATION/PERSONAL DATA ACCURATE
- Data Inc. will take reasonable steps to ensure that Personal Information/Personal Data that it Processes is kept updated where reasonably possible. For this purpose, Data Inc. has provided a function on its Website to enable Data Subjects to update their information.
Data Inc. may not always expressly request the Data Subject to verify and update his/her/its
Personal Information/Personal Data and expects that the Data Subject will notify Data Inc.
from time to time in writing:
12.2.1 of any updates or amendments required in respect of his/her/its Personal Information/Personal Data;
12.2.2 where the Data Subject requires Data Inc. to delete his/her/its Personal Information/Personal Data; or
12.2.3 where the Data Subject wishes to restrict the Processing of his/her/its Personal Information/Personal Data.
COSTS TO ACCESS PERSONAL INFORMATION/PERSONAL DATA
- The prescribed fees to be paid for copies of the Data Subject's Personal Information/Personal Data are listed in Data Inc. 's PAIA Manual referred to at clause 11.3 above.
- Data Inc. reserves the right to make amendments to this Policy from time to time.
COMPLIANTS TO THE INFORMATION REGULATOR
- In the event that any Data Subject or Third Party is of the view or belief that Data Inc. has Processed their Personal Information/Personal Data in a manner or for a purpose which is contrary to the provisions of this Policy, the Data Subject is required to first attempt to resolve the matter directly with Data Inc. , failing which the Data Subject or Third Party shall have the right to lodge a complaint with the Information Regulator, under the provisions of POPIA.
The contact particulars of the Information Regulator are:
The Information Regulator (South Africa)
Forum III 3rd Floor Braampark
PO Box 31533
Braamfontein, Johannesburg, 2107
Mr. Marks Thibela
Chief Executive Officer
Tel No: +27 010 023 5207
Cell No: 082 746 4173
- All comments, questions, concerns or complaints regarding Personal Information/Personal Data or this Policy, should be forwarded to Data Inc. 's Information Officer at the following email address complaints@thinkmoney.