Privacy and POPIA Policy

Purpose of the POPIA manual

POPIA establishes the rights and duties that are designed to safeguard personal data. In terms of POPIA, the legitimate needs of organisations to collect and use personal data for business and other purposes are balanced against the right of individuals to have their right of privacy, in the form of their personal details, respected.

POPIA applies to a particular activity, i.e. the processing of personal data, rather than a particular person or organisation. Therefore, if you process personal data then you must comply with POPIA and, in particular, you must handle personal data in accordance with POPIA’s data protection principles.

Therefore, if you collect or hold information about an identifiable individual or if you use, disclose, retain or destroy that information, you are likely to be processing personal data.

 

Contact details of the owner and information officer

Owner: Elsi Meyer

Address: Gauteng, Johannesburg

Telephone Number: 079 616 6949

Website: www.elsimeyer.co.za

 

The information officer 

POPI designates the head of the business as the Information Officer. Depending on the type of business, the Information Officer will therefore be the sole trader, a partner in a partnership or CEO (or equivalent) in a company or CC. The head of the business can delegate his or her responsibilities as Information Officer to any other duly authorised person. However, it is important to note that whoever “determines the purpose of and means for processing personal information” remains ultimately responsible for ensuring that the processing of personal information is done in a lawful manner and “retains the accountability and responsibility for any power or the functions authorised to that person”

 

Duties and responsibilities 

The Act stipulates the following general responsibilities:

1. to encourage compliance with POPI;

2. dealing with requests made to the organisation in relation to POPI (for instance, requests from Data Subjects to update or view their personal information);

3. working with the Regulator in relation to investigations;

4. otherwise ensuring compliance with POPI;

5. as may be prescribed (i.e. keep an eye on the Regulator’s website!).

 

Information Officers need to be registered with the Regulator before taking up their duties.

Compliance framework:

  • Develop and implement a compliance framework;
  • Ensure it is monitored and maintained over time;

Personal information impact assessment (“PIIA”)

Conduct a PIIA to ensure that adequate measures and standards exist in order to comply the conditions for the lawful processing of personal information

 POPIA Manual: ensure that your organisation has a POPIA manual;

  • ensure it is monitored, maintained and made available as prescribed by PAIA;
  • provide copies of the manual to anyone who asks for it

 Enable Data Subject Participation

  • Develop measures and adequate systems to process requests for information or access to information;

 Awareness Training: conduct internal awareness sessions regarding:

  • the provisions of the POPI Act;
  • the regulations made in terms of the Act;
  • codes of conduct, or
  • information obtained from the Regulator;

On a day to day basis the Information Officer may find themselves:

  • making recommendations and raising concerns where appropriate;
  • documenting information processing procedures;
  • evaluating and further developing data protection and security policies;
  • suggesting, selecting and implementing technical security measures;
  • drafting forms and contracts appropriate for data protection;
  • selecting employees, service providers and others to be involved in the processing of personal information;

WHAT INFORMATION DO WE COLLECT?

Collection of Personal Information

We collect and process your Personal Information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.

We collect information directly from you where you provide us with your personal details, for example when you purchase or supply a product or services to or from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.

Examples of information we collect from you are:

  • name
  • address
  • email address
  • telephone/cell number
  • user-generated content

We collect and process your Personal Information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.

 

Collection of Non-Personal Information

We may automatically collect non-Personal Information about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to the site (for example, the products or services you are interested in). You cannot be identified from this information and it is only used to assist us in providing an effective service on this web site. We may from time to time supply third parties with this non-personal or aggregated data for uses in connection with this website.

 

Cookies policy

The Internet pages of Elsi Meyer uses cookies. Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use cookies. Many cookies contain a socalled cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browserof the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID. Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie. The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

 

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

HOW WE USE YOUR INFORMATION

We will use your Personal and Non-Personal Information only for the purposes for which it was collected or agreed with you, for example:

  • Analyse the effectiveness of our advertisements, competitions and promotions;
  • Collect information about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your Personal Information so as to ensure that the site presents the best web experience for you;
  • Evaluate the use of the site, products and services;
  • For audit and record keeping purposes;
  • For market research purposes;
  • For monitoring and auditing site usage;
  • Help speed up your future activities and experience on the site. For example, a site can recognise that you have provided your Personal Information and will not request the same information a second time;
  • In connection with legal proceedings;
  • Make the site easier to use and to better tailor the site and our products to your interests and needs;
  • Offer you the opportunity to take part in competitions or promotions;
  • Personalise your website experience, as well as to evaluate (anonymously and in the aggregate) statistics on website activity, such as what time you visited it,
  • whether you’ve visited it before and what site referred you to it;
  • Suggest products or services (including those of relevant third parties) which we think may be of interest to you;
  • To assist with business development;
  • To carry out our obligations arising from any contracts entered into between you and us to conduct market or customer satisfaction research or for statistical analysis;
  • To confirm and verify your identity or to verify that you are an authorised customer for security purposes;
  • To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws;
  • To notify you about changes to our service;
  • To respond to your queries or comments

We will also use your Personal Information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law; • Where we collect Personal Information for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. In order to protect information from accidental or malicious destruction, when we delete information from our services we may not immediately delete residual copies from our servers or remove information from our backup systems;

You can opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt out.

SUBSCRIPTION TO OUR NEWSLETTERS

On our website, users are given the opportunity to subscribe to our newsletter. The input used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the Responsible Party. we inform our customers and business partners regularly by means of a newsletter about developments and offers.

A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the Responsible Party.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the casein the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the Responsible Party, or to communicate this to the Responsible Party in a different way.

 

ACCESS TO YOUR PERSONAL INFORMATION

You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us at the numbers/addresses listed on this page or our website contact form and specify what information you would like.

We will take all reasonable steps to confirm your identity before providing details of your personal information.

 

CORRECTION OF YOUR PERSONAL INFORMATION

You have the right to ask us to update, correct or delete your personal information. We will take all reasonable steps to confirm your identity before making changes to Personal Information we may hold about you. We would appreciate it if you would take the necessary steps to keep your Personal Information accurate and up-to-date by notifying us of any changes we need to be aware of.

 

RETENTION OF PERSONAL DATA

We will retain your data in compliance with the POPIA and in compliance with other applicable legislation.