PRIVAATHEIDSBELEID

1. INTRODUCTION

1.1 The Company is committed to protecting your right to privacy as granted by the Constitution of the Republic of South Africa and recognises that it needs to comply with the Protection of Personal information Act 4 of 2013 (“POPIA”) which enforces your right to protection against the unlawful collection, retention, dissemination, and use of personal information. 

1.2. This privacy policy (“Policy“) explains how we protect and use information that is about any individual, or from which any individual is directly or indirectly identifiable, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual (“Personal Information”). 

1.3. By providing us with your Personal Information, you: 

1.3.1. agree to this Policy; and 

1.3.2. authorise the Company, its subsidiaries, associates, service providers and other third parties (including our shareholders, directors, employees and consultants) to Process your Personal Information for the purposes stated in this Policy; where 

1.3.3. “Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

1.4 We will not use your Personal Information for any other purpose than that set out in this Policy and will endeavour to protect your Personal Information that is in our possession from unauthorised alteration, loss, disclosure, or access. 

2. SCOPE

2.1 This policy applies to all Personal Information Processed by the Company, including that information processed by service providers on its behalf, irrespective of whether the Personal information is stored electronically or on paper, in respect of external parties with whom we interact, including but not limited to customers, suppliers, service providers, visitors to our offices, visitors to our website, and other users of our sales and related services (“you”). 

2.2 This is the policy of Smaak Condiments (Proprietary) Limited (“Company”) with registration number 2021 / 860408 / 07 and its subsidiaries. 

3. The Company and contact details are as follows: 

3. CONTACT DETAILS

The company contact details are as follow:

Name of the Company 

Smaak Condiments 

Registration number 

2021 / 860408 / 07 

Street Address 

4 Chasselas, Somerset West, South Africa 

Postal Address 

4 Chasselas, Somerset West, 7130 

Telephone number 

+27 82 842 2015 

Company Website 

www.smaaksous.co.za 

Information Officer 

Anchia Vermeulen 

E-mail Address 

info@smaaksous.co.za 

4. Changes to this policy

4.1 We may update this policy at such intervals as may be necessary. 

4.2 While we have taken the utmost care in ensuring that this policy is compliant with all legislation, if you believe it is not compliant, or we have not adhered to the policy or require further information you are requested to contact the Information Officer on the details above. 

5. Availability of the policy

5.1 A copy of this manual is available for inspection free of charge at the office of the Company and, if applicable, on the website of the Company. 

6. Collection of personal information

6.1 We are a Responsible Party as defined in POPIA in that we are the entity which decides how and why personal Information is Processed. 

6.2 We may collect or obtain Personal Information about you: 6.2.1 Directly from you. 

6.2.2 In the course of our relationship with you. 

6.2.3 In the course of providing sales and related services to you or your organisation; 

6.2.4 When you make your Personal Information public. 

6.2.5 When you visit and/or interact with our website or our various social media platforms. 

6.2.6 When you register to use any of our sales and related services including but not limited to newsletters, seminars, and information sharing. 

6.2.7 When you interact with any third-party content or advertising on our website; or 

6.2.8 When you visit our offices. 

6.3 We may also receive Personal Information about you from third parties (eg, law enforcement authorities). 

6.4 In addition to the above, we may create Personal Information about you such as records of your communications and interactions with us, including, but not limited to, your enquiries and sales records, or our enquiries regarding your products or services and sales records, or at interviews in the course of applying for a job with us,or subscription to our newsletters and other mailings and interactions with you during the course of our digital marketing campaigns. 

7. Categories of personal information we may process

Categories 

Personal Information Processed 

Personal details 

Name and photograph 

Demographic information 

Gender, date of birth / age, nationality, salutation, title, and language preferences 

Identifier information 

Passport or national identity number or registration number, utility provider details, bank statements, regulatory identifiers (such as tax number), tenancy agreements 

Contact details 

Correspondence address, telephone number, email address and details of your public social media profile(s) 

Instruction details 

Details of individuals making enquiries with us, Personal Information included in correspondence, documents, orders or other materials that we Process in the course of providing our services 

Attendance records 

Details of meetings and other events organised by or on behalf of the Company that you have attended 

Consent records 

Records of any consents you may have given, together with the date and time, means of consent and any related information 

Payment details 

Billing address, payment method, bank account number or credit card number, invoice records; payment records, SWIFT details, IBAN details, payment amount, payment date, and records of cheques 

Data relating to your visits to our website 

Your device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website, and other technical communications information 

Employer details 

Where you interact with us in your capacity as an employee of an organisation, the name, address, telephone number, email address, registration number, utility provider details, bank statements, tenancy agreements, corporate structure, risk rating of your employer, as well as shareholders, directors etc, regulatory identifiers (such as tax number) to the extent relevant 

Content and Advertising Data 

Records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (including, but not limited to, mouse hover, mouse clicks and any forms you complete) 

8. Sensitive Personal Information

6.1 We are a Responsible Party as defined in POPIA in that we are the entity which decides how and why personal Information is Processed. 

6.2 We may collect or obtain Personal Information about you: 6.2.1 Directly from you. 

6.2.2 In the course of our relationship with you. 

6.2.3 In the course of providing sales and related services to you or your organisation; 

6.2.4 When you make your Personal Information public. 

6.2.5 When you visit and/or interact with our website or our various social media platforms. 

6.2.6 When you register to use any of our sales and related services including but not limited to newsletters, seminars, and information sharing. 

6.2.7 When you interact with any third-party content or advertising on our website; or 

6.2.8 When you visit our offices. 

6.3 We may also receive Personal Information about you from third parties (eg, law enforcement authorities). 

6.4 In addition to the above, we may create Personal Information about you such as records of your communications and interactions with us, including, but not limited to, your enquiries and sales records, or our enquiries regarding your products or services and sales records, or at interviews in the course of applying for a job with us,or subscription to our newsletters and other mailings and interactions with you during the course of our digital marketing campaigns. 

8. Sensitive Personal Information

8.1 Where we need to Process your Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or other information that may be deemed to be sensitive under applicable law (“Sensitive Personal Information”), we will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with applicable law. 

9. Purposes of Processing and legal basis of processing

9.1 We will Process your Personal Information in the ordinary course of our business of providing sales, manufacturing products, purchasing products and raw materials and related services. We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected. 

9.2 We may subject your Personal Information to Processing during the course of various activities, including, without limitation, the following: 

9.2.1 Operating our business. 

9.2.2. To provide services to you in accordance with our agreed terms and to manage the Company’s relationship with you. 

9.2.3. Analysis, evaluation, review, and collation of information in order to determine sales issues and potential disputes, provide sales advice and prepare or comment on sales issues or service opinions, agreements, correspondence, reports, publications, documents relating to projects and other documents and records (whether in electronic or any other medium whatsoever); 

9.2.4. Compliance with applicable law, crime detection, prevention, investigation and prosecution. 

9.2.5. Transfer of information to any third-party providers of various services whom we engage, including but not limited to, providers of information technology, communication, file storage, data storage, copying, printing, accounting or auditing services, experts, insurers and professional advisors (“Service Providers”) and other third parties. 

9.2.6. To verify the identity of any representative who contacts the Company on your behalf or who may be contacted by the Company. 

9.2.7. For risk assessment, information security management, statistical, trend analysis and planning purposes. 

9.2.8. To monitor and record calls and electronic communications with you for quality, training, investigation, and fraud prevention purposes; 

9.2.9. To enforce or defend the Company’s rights; or 

9.2.10. Recruitment. 

9.3. We may process your Personal Information for relationship management and marketing purposes in relation to our services (including, but not limited to, Processing that is necessary for the development and improvement of our sales and related services), for accounts management, and for marketing activities to establish, maintain and/or improve our relationship with you and with our Service Providers. We may also analyse your Personal Information for statistical purposes. 

9.4. We may process your Personal Information for internal management and management reporting purposes, including but not limited to conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis. 

9.5. The purposes related to any authorised disclosure made in terms of agreement, law or regulation. 

9.6. We may Process your Personal Information for safety and security purposes. 

9.7. Any additional purposes expressly authorised by you and any additional purposes as may be notified to you or the Data Subject in any notice provided by the Company. 

10. Disclosure and personal information of third parties

10.1.1 if required by law. 

10.1.2 to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation; 

10.1.3 to third party persons or entities that Process Personal information on behalf of us as the Responsible Party (“Operators”), including, but not limited to, data processors such as providers of data hosting services and document review technology and services, located anywhere in the world, subject to 10.2. 

10.1.4 where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights. 

10.1.5 to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security. 

10.1.6 to any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation); and 

10.1.7 10.1.7. to any relevant third-party provider, where our website uses third party advertising, plugins or content. 

10.2 If we engage a third-party Operator to Process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to: 10.2.1 only Process such Personal Information in accordance with our prior written instructions; and 

10.2.2 use appropriate measures to protect the confidentiality and security of such Personal Information. 

10.1 We may disclose your Personal Information to our associates and Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your Personal Information: 

11. International Transfer of Personal Information

10.1.1 if required by law. 

10.1.2 to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation; 

10.1.3 to third party persons or entities that Process Personal information on behalf of us as the Responsible Party (“Operators”), including, but not limited to, data processors such as providers of data hosting services and document review technology and services, located anywhere in the world, subject to 10.2. 

10.1.4 where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights. 

10.1.5 to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security. 

10.1.6 to any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation); and 

10.1.7 10.1.7. to any relevant third-party provider, where our website uses third party advertising, plugins or content. 

10.2 If we engage a third-party Operator to Process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to: 10.2.1 only Process such Personal Information in accordance with our prior written instructions; and 

10.2.2 use appropriate measures to protect the confidentiality and security of such Personal Information. 

10.1 We may disclose your Personal Information to our associates and Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your Personal Information: 

12. Data Security

12.1. We implement appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorized access, in accordance with applicable law. 

12.2. Examples of such measures include, but are not limited to: 

Objective 

Measure 

Access Control of Persons 

Suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data is processed 

Data Media Control 

Suitable measures to prevent the unauthorized manipulation of media, including reading, copying, alteration or removal of the data media used by the Company and containing personal datas. 

Data Memory Control 

Suitable measures to prevent unauthorized input into data memory and the unauthorized reading, alteration or deletion of stored data. 

User Control 

Suitable measures to prevent its data processing systems from being used by unauthorized persons by means of data transmission equipment. 

Access Control of Persons 

Suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the data is processed 

Transmission Control 

Enable the verification and tracing of the locations / destinations to which the Personal Information is transferred by utilization of the Company’s data communication equipment / devices 

Transport Control 

Suitable measures to prevent Personal Information from being read, copied, altered or deleted by unauthorized persons during the transmission or transport of the data media. 

Organization Control 

Maintain its internal organization in a manner that meets the requirements of this Policy. 

12.3 Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorized person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation. 

12.4 Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during such transmission. 

13. Data Accuracy

13.1 The Personal Information provided to the Company should be accurate, complete and up-to date. Should Personal Information change, the onus is on the provider of such data to notify us of the change and provide us with the accurate data. 

13.2 To notify us of any change please send us a message. 

14. Data Minimisation

14.1 We will restrict the processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected. 

15. Data Retention

15.1. We shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer. 

16. Your Legal Rights

16.1 You may have rights under South African and other laws to have access to your Personal Information and to ask us to rectify, erase and restrict use of, your Personal Information. 

16.2 You may also have rights to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information. 

17. Cookies and similar technology

17.1 We may Process your Personal Information by our use of small files that are placed on your device when you visit a website including technologies such as web beacons and clear graphic Interchange Format file (“Cookies”) and similar technologies. 

17.2 When you visit our website we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may Process your Personal Information through Cookies and similar technologies. 

18. Direct Marketing

18.1 We may Process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time. 

18.2 If you currently receive marketing information from us which you would prefer not to receive in the future please email us at the contact details provided in this Policy. 

19. Schedules

Schedule 1 

Request in relation to Personal Information 

Schedule 1 

Request in relation to Personal Information This is a request for (mark the appropriate box with an “x”) 

Information Objection to the processing of personal information about the data subject which is in the possession or under the control of the responsible party 

Correction of the personal information about the data subject which is in the possession or under the control of the responsible party 

Destruction or deletion of the personal information about the data subject which is in possession or under the control of the responsible party 

Data Subject Details 

Name(s) and surname / registered name 

Unique Identifier/ Identity Number 

Residential, postal or business address 

Contact number(s) 

E-mail address 

Responsible Party Details 

Name(s) and surname / registered name 

Unique Identifier/ Identity Number 

Residential, postal or business address 

Contact number(s) 

E-mail address 

Please provide detailed information relating to your request 

Details of the personal information 

Reasons for objection, correction or deletion 

Signature 

Name 

Place 

Date 

Note: 

1 Affidavits or other documentary evidence may be attached. 

2. If the space provided for in this form is inadequate, submit information as an annexure and sign each page.