Privacy Policy

Privacy Policy

PRIVACY POLICY / Our Company

1. DEFINITIONS

The following definitions shall apply to this Notice –

1.1 Data Subject shall mean the person to whom Personal Information relates.

1.2 Personal information shall mean information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

1.2.1 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

1.2.2 information relating to the education or the medical, financial, criminal or employment history of the person;

1.2.3 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

1.2.4 the biometric information of the person;

1.2.5 the personal opinions, views or preferences of the person;

1.2.6 correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

1.2.7 the views or opinions of another individual about the person; and

1.2.8 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person

1.3 POPIA shall mean means the Protection of Personal Information Act, 2013.

1.4 Processing shall mean means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-

1.4.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

1.4.2 dissemination by means of transmission, distribution or making available in any other form; or merging, linking, as well as restriction, degradation, erasure or destruction of information,

and “Process”, when used as a verb, shall refer to any act of Processing

2. THE COMPANY

2.1 The Company understands that your privacy is important. Therefore, your Personal Information is confidential and will only be used and recorded in accordance with the applicable data protection legislation, including but not limited to POPIA. We are committed to being transparent about how we collect and use data.

2.2 This Notice explains how your Personal Information is Processed in connection with all services we provide.

3. TYPES OF PERSONAL INFORMATION AND PURPOSE OF PROCESSING

3.1 The Company may Process, amongst others, the following Personal Information:

3.1.1 Company information;

3.1.2 your name, identity number and/or passport number;

3.1.3 the names, identity number and/or passport number of directors or members as applicable;

3.1.4 your physical and postal addresses;

3.1.5 your email addresses;

3.1.6 your fixed line telephone and cell phone numbers;

3.1.7 your banking account and/or credit card number;

3.1.8 your company documents;

3.1.9 your management accounts;

3.1.10 your audited annual financial statements;

3.1.11 list of assets and liabilities;

3.1.12 tax clearance certificate.

3.2 The Personal Information can be collected in several ways. Generally, the Personal Information will be provided directly by you. From time to time, your Personal Information may be collected from third parties. Personal Information will only be collected from a third party with your consent or where permitted by law and subject to any conditions the law imposes.

3.3 Your Personal Information will only be Processed for the following, inter alia, purposes, and any other for which your consent has been explicitly requested by the Company or which is expressly authorised by law:

3.3.1 Rendering requested services and supplying goods on purchase orders;

3.3.2 Evaluating creditworthiness;

3.3.3 Determining terms of credit facility and repayment thereof.

4. TRANSFER OF PERSONAL INFORMATION OUTSIDE OF SOUTH AFRICA

4.1 The Company will not transfer any of your Personal Information to any third party outside South Africa unless:

4.1.1 the recipient is subject to a law, binding corporate rules or binding agreement which:

4.1.1.1 effectively upholds principles for reasonable Processing of that Personal information that are substantially similar to the conditions for the lawful Processing of Personal Information provided for in terms of POPIA; and

4.1.1.2 includes provisions, that are substantially similar to the provisions of POPIA, relating to the further transfer of Personal Information from the recipient to third parties in a foreign country;

4.1.2 you have consented to the transfer;

4.1.3 the transfer is necessary for the performance of a contract between you and the Company and you, or for the implementation of pre-contractual measures taken at your request;

4.1.4 the transfer is necessary for the conclusion or performance of a contract concluded in your interests between the Company and a third party; or

4.1.5 the transfer is for your benefit of the data subject, it is not reasonably practicable to obtain your consent to that transfer; and if it were reasonably practicable to obtain your consent, you would be likely to give it.

5. WITHDRAWAL OF CONSENT

You have the right to withdraw your consent to the Company Processing your Personal Information, provided that the lawfulness of the Processing of the Personal Information before such withdrawal or the Processing of Personal Information will not be affected.

6. ACCESS TO STORED PERSONAL INFORMATION

6.1 You have the right at any time to request the Company to provide you with:

6.1.1 the details of any of your Personal Information that the Company holds, including any record relating to your Personal Information; and

6.1.2 the details of the manner in which the Company has Processed your Personal Information.

6.2 Such request shall be made in writing by submitting the Request Form, which is available on request from the Information Officer of the Company or may be accessed. Please refer to our Policy Statement and Manual, which is accessible here [insert link to Policy Statement and Manual] for further information.

7. RIGHT TO REQUEST CORRECTION, DESTRUCTION, OR DELETION OF PERSONAL INFORMATION

7.1 You may request the Company to:

7.1.1 correct or delete any of your Personal Information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained; or to

7.1.2 destroy or to delete a record of your Personal Information that the Company is no longer authorised to retain.

7.1.3 This request can be made by submitting the Data Subject Action Request Form which, which form is available on of request from the Information Officer of the Company.

7.2 On receiving any of the requests as set out above, the Company shall follow the process as set out in the Company’s Data Subject Action Request Policy.

8. HOW THE COMPANY PROTECTS YOUR DATA

8.1 The Company has internal policies and controls in place to ensure that your Personal Information is not lost, accidentally destroyed, misused, disclosed, or accessed by anyone other than by its employees in the performance of their duties in relation to the supply of products or services to you.

8.2 Access to the Company’s systems is restricted to employees and internal restrictions are applied such that only certain employees are authorised to access your Personal Information, in terms of our Data Protection Policy.

8.3 Where the Company engages any other person to process Personal Information on its behalf, they do so on written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organizational measures to ensure data security.

9. RETENTION OF PERSONAL INFORMATION

9.1  In accordance with our Data Protection Policy, we will retain Personal Information only for as long as is necessary for its intended purpose, unless there is a legal obligation or a lawful reason to retain that Personal Information.

10. GOVERNING LAW

10.1 This Notice is subject, and will be interpreted according, to the laws of the Republic of South Africa.

11. REQUESTS AND NOTICES

  • All requests, ll requests, notices or other communications that you may direct to the Company in terms of this Notice must addressed to the Information Officer, at info@cfia.co.za.
Chat with us
Send via WhatsApp
Scroll to Top