Protection of Personal Information Policy
The purpose of this Policy is to notify the Customer that it is necessary for the Supplier to process Personal Information of the Customer as part of the Supplier’s business activities and the Supplier agrees to ensure compliance with the relevant legal requirements, particularly with the requirements in terms of the POPIA.
For purposes of this Policy:
2.1 “Customer” means a customer of the Supplier and includes the Customer’s employees and/or representatives.
2.2 "Data Subject" means the Customer and/or its employees and/or representatives to whom personal information relates.
2.3 “Person” means a natural or juristic person.
2.4 "Personal information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
(a) information relating to the race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.5 “POPIA” means the Protection of Personal Information Act 4 of 2013.
2.6 "Processing" means any operation or activity, whether or not by automatic means, concerning personal information, including:
(a) the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information.
2.7 “Supplier” means REB Marketing (Pty) Ltd (registration number:2004/025427/07), members, employees, agents, individual contractors and/or representatives of the Supplier.
3. The Supplier:
3.1 The Supplier undertakes to:
3.1.1 process the Customer’s Personal Information fairly, lawfully and transparently;
3.1.2 act in accordance with the POPIA in relation to the Processing of Personal Information relating to the Customer;
3.1.3 use reasonable efforts in order to ensure that Personal Information related to the Customer in its possession or Processed on its behalf is kept confidential and stored in a secure manner; and
3.1.4 take reasonable steps to ensure that the Customer is notified in the event of a breach of the confidentiality of the Customer’s Personal Information.
3.2 The main purposes for which the Supplier will Process Personal Information in connection with its business is to:
3.2.1 Carry out its general business activities of the sale of goods;
3.2.2 Open and manage accounts (where applicable);
3.2.3 Carry out credit checks (where applicable);
3.2.4 Manage and develop its business with the Customer; and
3.2.5 Market goods and/or services. Where Personal Information is Processed for the purpose of marketing, the Supplier will ensure that it has complied with all relevant legal requirements.
4. The Customer
4.1 The Customer acknowledges and consents to the Processing of Personal Information by the Supplier relating to its Data Subjects, for the purposes as stipulated above.
4.2 The Customer warrants and represents that:
4.2.1 it has informed each of its Data Subjects that their Personal Information has been given to the Supplier and will be Processed for the purposes as stipulated above;
4.2.2 the Processing of Personal Information by the Supplier is necessary for the legitimate interests of the Supplier; and
4.2.3 all Personal Information supplied to the Supplier is accurate, up to date, is not misleading and is complete in all respects.
4.3 The Customer undertakes to immediately advise the Supplier of any changes to the relevant Personal Information of a Data Subject, but not limited to, a change of ownership or control in the Customer.