Purpose of this policy
The personal information we may collect
How your personal information is collected
How and why we process your personal information
Who we share your personal information with
Data security
How long your personal information will be kept
Your rights
How to contact us
Changes to this privacy policy

Annexure A

Types of information we collect and why we use it.

Definitions

“Business” meaning Stainless Steel Designs
“We. “us” or “our” meaning Stainless Steel Designs
“Personal information” meaning information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic, including, but not limited to:

Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person
Information relating to the education or the medical, financial, criminal or employment history of the person
Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
The biometric information of the person.
The personal opinions, views or preferences of the person.
Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
The views or opinions of another individual about the person, and
The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“POPIA” meaning the Protection of Personal Information Act 4 of 2013, as amended from time to time.
“Processing” meaning any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:

The collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use;
Dissemination by means of transmission, distribution or making available in any other form; or
Merging, linking, as well as restriction, degradation, erasure, or destruction of information

1. PURPOSE OF THIS POLICY

1.1 Protecting your privacy is especially important to us.
1.2 Stainless Steel Designs is committed to complying with the Protection of Personal Information Act 4 of 2013 in relation to the processing of your personal information
1.3 The purpose of this policy is to describe how and why we collect, store, use, share or otherwise process your personal information. It also explains your rights in relation to your personal information and how to contact us if you have a question or complaint.
1.4 Please note that we may update this policy from time to time.

2. THE PERSONAL INFORMATION WE MAY COLLECT

2.1 We may collect and process the following personal information about you:
a) Your name and contact information, including your email address, telephone number, physical address, postal address and other location information.
b) Your date of birth, age, gender, race, nationality, title and language preference.
c) Your identity number, passport number and photograph
d) Your verified banking details
e) Your employment details
f) Correspondence from you of a private or confidential nature
g) The personal information listed in section C of the Association’s POPIA policy; and such other personal information as is reasonably required by us to engage with you and/or provide services to you.

3. HOW YOUR PERSONAL INFORMATION IS COLLECTED

We may collect or obtain personal information about you:
a) Directly from you.
b) During the course of our interactions with you.
c) When you visit our premises
d) When you visit and/or interact with our website or any social media platforms or IT services
e) From publicly available sources, and
f) From a third party who is authorized to share that information.

4. HOW AND WHY WE PROCESS YOUR PERSONAL INFORMATION

4.1 The personal information we may collect, why and how we use it depends on our relationship with you.
4.2 POPIA requires that personal information is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.
4.3 POPIA provides that personal information may only be processed if:
a) Processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
b) Processing complies with an obligation imposed by law on the responsible party;
c) Processing is necessary for the proper performance of a public law duty by a public body; or
d) Processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
4.4 The table at Annexure A hereto sets out a list of the types of information we collect and why.
4.5 Where it is lawful and practical for us to allow it, you have the right not to identify yourself when dealing with us. However, if you don’t provide us with your personal information, it may impact our ability to engage with you and/or provide services to you.

5.1 Depending on the circumstances, we may disclose your personal information to the following categories of persons:
a) Auditors, legal and other professional advisers and consultants.
b) Information Technology and other service providers to help run our business or otherwise manage or store the personal information
c) Government and law enforcement authorities
d) Financial institutions
e) Other third parties where disclosure is required by law or otherwise required for us to perform our obligations and provide our services
f) To any other person with your consent to the disclosure

5.2 We take reasonable steps to protect the confidentiality and security of your personal information when it is disclosed to a third party and seek to ensure the third-party deals with your information in accordance with our instructions, applicable privacy laws, and only for the purpose for which it is disclosed.

6. DATA SECURITY

6.1 We may hold your personal information in electronic or in hard copy form. We may keep this information at our own premises.
6.2 We are committed to keeping your personal information safe.
6.3 We use a range of physical and electronic safeguards to do this. We update safeguards from time to time in order to address new and emerging security threats. Access to personal information is limited to those people who need to know that information.
6.4 We implement appropriate security measures to protect your personal information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, in accordance with applicable law.
6.5 We will inform you and the regulator if we believe that your personal information has been accessed or acquired by an unauthorized person.

7. HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT

7.1 We retain personal information we collect from you for as long as we have a legitimate business need to do so (to continue providing a service) or to comply with legal, tax or accounting requirements.
7.2 We will only retain and store your personal information for the period for which the information is required, to service the purpose of the collection, or a legitimate interest or period required to comply with applicable legal requirements, whichever is longer.

8. YOUR RIGHTS

8.1 You have the right to:
a) Ask what personal information we hold about you
b) Request access to the personal information that we hold about you
c) Ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you
d) Object to the processing of your personal information

8.2 If you wish to exercise any of these rights or you have any queries regarding the personal information that we hold, you may contact us.
8.3 To protect the integrity and security of the information we hold, we may ask that you follow a procedure, which may include steps to verify your identity.
8.4 If you want us to delete all your personal information we have about you, we may need to terminate agreements we have with you. We can refuse to delete your information if we are required by law to retain it or if we need it to protect our rights.

9. HOW TO CONTACT US

If you have any question, concern or complaint regarding the way we handle your personal information, or if you believe that we have failed to comply with this policy or breached applicable laws, you can send a complaint to pat@stainlesssteeldesigns.co.za.

10. CHANGES TO THIS PRIVACY POLICY

We may change this privacy notice from time to time. You will be informed via email of any such changes.

ANNEXURE A – TYPES OF INFORMATION WE COLLECT

Below is a summary of the types of information we collect and why

Information type:
Name, Identity, gender, date of birth, contact number, address
Reasons: To verify your identity, contractual obligations
Contact Information:
Email addresses, telephone number/s, physical address, P.O. Box address
Reasons: To contact you regarding queries and requests.
Contact and payment information / information of suppliers, service providers, contractors
Name, email, telephone number, address, payment, bank details. Confirm, verify and/or update your details.
Reasons: In order to procure products and services. To notify you of new products, services and/or developments that may be of interest to you.
Contact and other information of staff (past, present, prospective employees)
Contact details, employment history, references, vetting information, financial information including banking details, IT information and other information relating to employment (e.g., leave), to verify your identity and to conduct credit reference searches.
Reasons: To carry out our contract with you, monitor performance and compliance with our policies/procedures, provide remuneration, to comply with our legal and contractual obligations.

TABLE OF CONTENTS