“We” or “us” means B1SA BEE Software Management Solutions (Pty) Ltd – 2005/002855/07, Signa Academy (Pty) Ltd – 2012/016842/07, Signa Group (Pty) Ltd – 2015/220495/07, Signa Advisors (Pty) Ltd – 2004/028804/07, Signa Opportunity (Pty) Ltd – 2016/233562/07, Signa Institute For Higher Education (PTY) Ltd – 2019/325807/07, Fibre Institute (Pty) Ltd – 2015/404517/07, Riot Network (Pty) Ltd – 2015/394125/07, Artisans in Motion (Pty) Ltd – 2002/023263/07, Yobi Code (PTY) Ltd – 2015/186650/07, Mantis Networks (PTY) Ltd – 1998/020229/07 and Invequity (Pty) Ltd – 2016/153278/07 collectively and individually.
We are strongly committed to protecting personal information and we attach great importance to your right to privacy. We want you to feel secure that when you deal with us, your personal information is in good hands.
We protect your personal information in accordance with applicable laws and our information privacy policies. In addition, we maintain the appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
When used in this Privacy Statement, the term “personal information” has the meaning given to it in the Protection of Personal Information Act, Act 4 of 2013 (“POPIA”), applicable in the Republic of South Africa. Generally, personal information is any information that can be used to personally identify you. If any information that we collect personally identifies you, or you are reasonably identifiable from it, we will treat it as confidential.
The following conditions of lawful processing of personal information are the principles in terms of which we will be processing the collected personal information. They are:
- Accountability – we will make sure that your personal information is processed in a lawful and responsible manner;
- Processing limitation– we shall lawfully collect your personal information for a defined purpose and where applicable, with your consent;
- Purpose specification – we will only use your personal information for the purposes that you expect us to use it for.
- Further processing limitation – where a processing activity is seen as further processing (means a new purpose for processing your personal information) and this new purpose is inconsistent with the original purpose (original reason we collected your personal information), we will make sure that our processing activities meet the requirements of the applicable information protection laws;
- Information quality – we will take reasonable steps to ensure your personal information is accurate, complete and updated and not misleading;
- Openness – from the start, we will be open, clear and honest with you on how and why we use your personal information and how we protect your personal information
- Security safeguards – we will apply and follow appropriate and reasonable technical and organisational measures to make sure that the confidentiality, integrity and availability of your personal information are secured. These measures will also be applied to protect your personal information against loss, damage, unauthorised destruction or unlawful access
- Information subject participation – we have processes in place for you to access, correct and delete personal information and exercise your rights in terms of applicable information protection laws.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We will collect your personal information in the following ways:
- directly from you; and
- where lawful and reasonable, from third parties and public sources.
If we do not obtain your personal information directly from you, we may obtain it from the following sources:
- publicly available sources (registers or the internet);
- our employees, contractors, (prospective) members of board of directors and/or shareholders;
- our affiliates, subsidiaries and newly acquired businesses;
- employers of our contractors;
- public authorities, public websites and social media;
- previous employers, educational institutions, suppliers and vendors (including third party information providers).
Specifically we may collect your personal information via our website in the following ways:
- directly if you provide the information in response to a request (for example, when you provide personal information to sign up for a newsletter) or if you otherwise provide same (for example via any postings, comments other content that you upload of post on our website); and/or
WHICH CATEGORIES OF PERSONAL INFORMATION DO WE COLLECT?
The personal information we collect includes the categories of personal information referred to in this Privacy Statement or in other statements you have received.
Below is a chart describing certain categories of personal information that we may collect:
|Category of personal information||Types of personal information captured by category|
|Personal details, contact details, and identifiers||Name, pronoun, all types of identifiers and contact details (such as e-mail, phone numbers, physical address) and occasionally, when necessary for specific purposes, gender, date of birth, age, place of birth.|
|Commercial information||History and records of the products and services you have obtained from us.|
|Marketing and research information||Identifiers – the IP address, social media handle or other online identifiers of a person, e-mail address/mobile number if used for direct marketing, and name and addressDemographic information – (e.g. income, family status, age bracket, gender, interests, pets, home ownership, health, current service providers)Browser/web history information and preferences expressed through selection/viewing/purchase of goods, services and content.Social media content – blogs, posts and anything posted by an individual online or which mentioned/references an individualAnalytics and profiles of the individuals based on the information collected on them|
|Special personal information||We may also collect certain types of special personal information when permitted by local law or with your consent, such as health/medical information or biometric information, for example as when you elect to use fingerprint authentication.|
|Audiovisual materials||Photograph, and images/footage captured/recorded on CCTV or other audio, video and related security/monitoring systems or captured during marketing/public filming events/sessions (including recording of virtual or live workshops or similar events/sessions).|
|Position and professional or employment-related information||Professional or employment-related information, such as description of current position, job title, employer, location, and our contact(s).|
|System and application access information and Internet and electronic network activity information||Where you are provided with access to our systems, we may collect information required to access such systems and applications such as System ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, and internet or other electronic network activity information, including access logs, activity logs, and electronic content produced using our systems.|
We also may derive inferences about you based on the information described above and also collect other information about you as described in this privacy statement. If you provide us with personal information of another person, you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with us.
The above-mentioned categories of personal information have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors. Except where certain information is required by law or by our policies, your decision to provide any personal information to us is voluntary. Please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Statement, and you may not be able to use certain tools and systems which require the use of such personal information.
We will not intentionally or knowingly collect personal information directly from minors (anyone under the age of 18). The personal information of minors will be collected through their legal guardian or parent only where products or services are obtained for the minors.
WHEN CAN WE PROCESS OR SHARE YOUR PERSONAL INFORMATION?
We will process your personal information if you give us your consent willingly or according to the grounds of lawful processing highlighted below. If we need your consent, we will notify you through our product and services agreements or application processes. To the extent you are asked to click on/check “I accept”, “I agree” or similar buttons/checkboxes/functionalities in relation to a privacy statement, doing so will be considered as providing your consent to process your personal information.
FOR WHICH PURPOSES AND ON WHICH LEGAL BASIS DO WE USE YOUR PERSONAL INFORMATION?
We will only use and share your personal information where it is necessary for us to carry out our lawful business activities. To enable you to fully understand the way in which we process your personal information, we have described the different lawful grounds for such processing in detail below:
- Consent – We may process your personal information for a specific and explicitly defined purpose where you, or a competent person in the case of personal information relating to a minor, provide us with your express consent for such processing or where law requires;
- Contractual need – We may process your personal information where it is necessary to enter into a contract with you in order for us to provide our products or services to you or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to provide products or services to you;
- Compliance with an obligation imposed by law – When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to provide products or services to you;
- Legitimate interests – We may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms (for example, for marketing purposes, site maintenance, etc.).
Please view the table below for: (i) a non-exhaustive list of specific purposes for which we may use your personal information and (ii) an overview of the legal basis for each such purpose:
|Managing our contractual relationship with you||Necessary for the performance of a contract to which you are a party.|
|Recruitment||Justified on the basis of our legitimate interests for ensuring that we recruit the appropriate employees.|
|Facilitating communication with you (including facilitating meetings; communication in case of emergencies, and to provide you with requested information)||Justified on the basis of our legitimate interests for ensuring proper communication and emergency handling within the organization.|
|Operating and managing our business operations including or being part of the provision of our services to our clients and their employees/contractors and their customers, for example in collecting their information as part of surveys, information analytics, Marketing research or other purposes||Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.|
|Complying with legal requirements||Necessary for the compliance with a legal obligation to which we are subject.|
|Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use)||Justified on the basis of our legitimate interests of avoiding non-compliance and protecting our reputation.|
|Social listening (Identifying and assessing what is being said about us and our clients on social media (only publicly accessible content) to understand sentiment, intent, mood and market trends and our stakeholders’ needs and thereby improving our services. We do this through key-word searches and our goal is to gain insights in conversation trends over a specified period and not to identify an individual. To achieve this, we analyze and monitor conversation streams and monitor publicly available opinions, statements or other interactions on social media channels.)||Justified on the basis of our legitimate interest of protecting our assets and our brand on social media|
|Improving the security and functioning of our website, networks and information||Justified on the basis of our legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure.|
|Marketing our products and services to you (unless you objected against such processing)||Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business.|
Legitimate interest means that we have reasonable grounds to process your personal information. Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our information officer or deputy information officer.
WILL WE SHARE YOUR PERSONAL INFORMATION WITH THIRD PARTIES?
We will only share your personal information if:
- the law requires it;
- we have a public duty to share the personal information;
- our or your legitimate interests require us to share the personal information;
- it is necessary to conclude or perform due to an agreement between you and us; or
- you agreed that we may share your personal information.
As specified by the above purposes, we may share your personal information with any of the parties mentioned below:
- Any member of our group;
- Professional advisers like auditors, third-party vendors, or independent contractors who process personal information on our behalf to support our business;
- Our business partners who provide their products and services to you;
- Service providers that provide services to us, including billing, payment processing, customer service, email deployment, advertising and marketing, security and performance monitoring, maintaining or servicing accounts, processing or fulfilling orders and transactions, verifying customer information, research, information hosting, auditing, and information processing;
- Any individual who needs your personal information due to foreign or local law or regulation;
- Any court of justice, regulatory body, taxation authority (including any authority investigating an offence) or their agents;
- Any debt collection agency, credit bureau, insurer or broker, direct or indirect provider of credit protection and fraud prevention agencies;
- Any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes for our group.
We may also share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, initial public offering, or in the unlikely event of a bankruptcy.
We will not share your personal information to organisations outside the borders of South Africa that are not our service providers, unless business operations require the processing of your personal information in other countries, either to carry out processing based on your instructions or for ordinary business purposes. Any third party, who is located outside of South Africa and receives your personal information, will need to comply to either a law, or binding corporate rules or a binding agreement which states that they will provide an adequate level of protection to your personal information. This means that they have to agree to lawfully process your personal information and protect your personal information in the same manner as we do.
WHAT ABOUT SPECIAL PERSONAL INFORMATION?
We do not generally seek to collect special personal information as defined in POPIA through our website or otherwise. In the limited cases where we do seek to collect such information, we will do this in accordance with legal requirements and/or ask for your consent.
We will store and keep your personal information according to the retention periods defined by law for legitimate business purposes and will take reasonably practicable steps to make sure that it is kept up to date and deleted and archived as appropriate.
We maintain specific records management and retention policies and procedures, so that personal information are deleted after a reasonable time. Refer our POLICY ON RETENTION AND DESTRUCTION OF RECORDS – [ITEM 2.3 OF OUR POPIA COMPLIANCE FRAMEWORK – MANDATORY ITEMS] for further details.
The security of your personal information is important to us. We have implemented appropriate and reasonable technical and organisational measures to prevent loss, unauthorised destruction, damage or access to your personal information by unauthorised third parties. The security of your personal information is important to us. We make sure that we implement organisational and technical procedures to keep your personal information safe. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal information and the processing we undertake.
Although we use appropriate security measures once we have received your personal information, the transmission of information over the internet (including by e-mail) is never completely secure. We endeavour to protect personal information, but we cannot guarantee the security of information transmitted to or by us.
MARKETING BY ELECTRONIC MEANS
We would like to share information about our own products, services and special offers that are similar to the products or services used by you, via your preferred method of communication (as indicated to us), such as email, text message, social media platforms or notification on your mobile application. We may also share information with you about similar products, services and special offers of our partner companies.
If you have opted-in to receive marketing communications, you may always opt out at a later stage using the link shared below or clicking on the “Unsubscribe” option included in every marketing communication sent to you. You have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of our group.
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Right to access – You have a right to get access to the personal information that we hold about you. If you would like a record or description of the personal information that we hold about you, please request this from our information officer or deputy information officer at firstname.lastname@example.org . We may, if allowed by law, charge a fee for this.
- Right to rectify/correct/ update – You have a right to correct inaccurate personal information and to update incomplete personal information. Please request this through our information officer or deputy information officer at email@example.com.
- Right to be notified – You have the right to be notified that your personal information is being collected by us or has been accessed or acquired by an unauthorised person.
- Right to withdraw – You have the right to withdraw your consent to us processing your personal information. Please note that if you withdraw your consent to us processing your personal information, we may have to stop or suspend the provision of the products and services we provide to you. Please note that where the law requires us to process your personal information, we will have a legal obligation to do so. Please note that where the law permits us to process your personal information, we may continue to do so. Please request this through our information officer or deputy information officer at firstname.lastname@example.org.
- Right to object – You have a right to object to us processing your personal information where we have relied on one of the lawful grounds above for legitimate interest or where we perform a public law duty (and to request us to restrict processing). Please note that if you request us to restrict processing your personal information, we may have to stop or suspend the provision of the products and services we provide to you. Please note that where the law requires us to process your personal information, we will have a legal obligation to do so. Please note that where the law permits us to process your personal information, we may continue to do so. Please request this through our information officer or deputy information officer at email@example.com.
- Right to deletion – You have a right to request that we delete your personal information. Despite your request, may still have a legal right or obligation to retain your personal information. Please note that if you request us to delete your personal information, we may have to stop or suspend the provision of the products and services we provide to you Please request this through our information officer or deputy information officer at firstname.lastname@example.org.
- Right to object to the processing of personal information for the purposes of direct marketing – You have a right to object at any time to the processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. Please request this through our information officer or deputy information officer at email@example.com.
- Right to lodge a complaint with the Regulator. If you wish to raise a complaint on how we have handled your personal information, you can contact our information officer or deputy information officer at firstname.lastname@example.org who will investigate the matter. We hope that we can address any concerns you may have.
THIRD PARTY WEBSITES
Our website may include:
- Links to and from the sites of our partner networks, advertisers and affiliates
- Certain programs (widgets and apps) of third parties. Where this is the case, note that such third parties may process your personal information collected through such programs for their own purposes.
This privacy statement does not apply to any third party websites which may be accessible through links on our website.
We do not make any representation and/or warranties about the privacy of any third party websites and do not accept any responsibility or liability for them. Third party website provides are responsible for informing users about their own privacy practises and we suggest that you review the privacy policies of any third party provides whose sites you access.
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement at any time by publishing an updated version here. To ensure that you know when we make changes to this Privacy Statement, we will amend the revision date. The new modified or amended Privacy Statement will apply from the revision date. Therefore, we encourage you to review this Privacy Statement periodically to be informed about how we are using your information.