Application of this notice
This privacy notice applies to any person who accesses or registers on our website or any of our platforms, regardless of the device used to access it (eg a computer, mobile phone, tablet etc)
This policy does not apply to other parties’ sites, products or services, such as sites linked to, from or advertised on our site, or sites which link to or advertise our site.
What is personal information?
Personal information refers to information about an identifiable person, such as your name and surname, gender, age, contact details (phone number and email address, location, ID number among other identifiers. For the purposes of this policy / notice, “personal information” is defined as detailed in the Protection of Personal Information Act 4 of 2013. Hereafter referred to as the POPI Act. The POPI Act can be downloaded from (https://popia.co.za/.)
How we collect personal information
We collect your personal information actively and passively.
We may require you to submit certain information in order for you to register for certain services or benefit from specific information, such as to receive newsletters or participate in a particular activity or event.
In these situations, we will
- Ask you for specific information
- Inform you what information is required and what information is optional.
- Indicate the consequences if you don’t provide the relevant information.
We collect some information passively from our affiliates, related companies, industry stakeholders and third party services providers.
Information collected in this way will be used purely to supplement information which you have already agreed to give us.
Why we collect your personal information and how we use it
We use the information we collect to provide, maintain, and improve our services, and to protect us. Our services and our users.
We may collect your personal information to:
- Establish and verify your identity
- To create your user account and log in and allow use of our website, services and information.
- Maintain and update our databases and communication tools and platforms.
- Communicate with you in various ways, such as email, post, telephonically, SMS notifications, publications, newsletters etc
- Request feedback on our services and information provided.
- Address any issues and liaise with users in that regard.
- Fulfil any contractual obligations we may have with you or any third party.
- Provide you with value added services.
- Improve the content on our website and our services.
- Inform you about products, services and provide information which may be of benefit to you.
- Inform you about any changes to our website, information provided or services offered.
- To detect, prevent or deal with actual or alleged fraud, security or the abuse, misuse or unauthorised use of our website and contravention of this privacy notice.
- To comply with the law or with any other legal process.
- Other activities not specifically mentioned which are lawful, reasonable, relevant to our business activities and services provided.
We will get permission before collecting or using your personal information for any other purpose.
How long do we keep your personal information?
We retain all personal information we collect from you unless there is a valid technical, legal or business reason for us to delete or destroy it.
We may keep all retained information for as long as you continue to access our site and for five years thereafter.
Notwithstanding the above, and any other provision in this privacy notice, we may keep all or some of your information if and for as long as:
- We are required by law or a contract with you to keep it.
- We reasonably need it for lawful purposes related to our functions and activities.
- We reasonably need it for evidentiary purposes.
Disclosure of personal information
We will not disclose your personal information other than as set out in this privacy notice or with your permission.
We may disclose or share your personal information with:
- Affiliates, related companies, industry stakeholders
- Employees, if and to the extent that they need to know this information in order to provide services and carry out CRI business activities.
- In order to protect our rights, property or safety, or that of our members, employees and/or any other third party.
- In order to mitigate any actual or perceived risk to us, our members, employees, and/or any other third party.
- Governmental agencies and/or other regulatory or self-regulatory bodies – if we are required to do so by law, and/or if we reasonably believe that such action is necessary.
We may use your personal information for statistical purposes provided that the statistical data cannot be lined back to you by a third party.
We will get your permission before disclosing your personal information to any third party for any other purpose.
All information you provide us with is stored on our secure servers.
We implement appropriate, generally accepted technical, and organisational measures to protect your personal data against unauthorised and/or unlawful processing, accidental loss, destruction and/or damage.
We take reasonable technical and organisational measures to secure the integrity of information we collect about you, using acceptable technological standards to:
- Prevent unauthorised access to and/or disclosure of your personal information.
- Protect your personal information from misuse, loss, alteration, and/or destruction:
- We require you to enter a password when logging in to certain sections of our website.
- We do not require your credit card details. If we need to make a payment to you, we will request and invoice with your banking details and make payment directly to your chosen bank account. We will keep payment records on secure servers. We will not disclose your banking details to any third party.
- Where we allocate or replace a password that enables you to access certain sections of our site, we will not store it. You are responsible for keeping your password confidential. Please notify us immediately if you become aware that your password may have become compromised and/or accessed by an unauthorised party.
- From time-to-time we review our information collection, storage, and processing practices; including physical security measures, to keep up-to-date with best practices.
- We create a secure backup for operational, and safety purposes.
Linking to third party sites
We are not responsible for the privacy practices of a third party site to which there may be a link on our site or to which you may log in from our site.
We advise you to read the privacy notice of each site which you visit.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you have the following rights:
- Right of access – You have the right to request a copy of the information that we hold about you. Access to this information may be subject to an administrative fee if your request is manifestly unfounded, excessive or repetitive.
- Right to be forgotten – In certain circumstances you can ask for data we hold about you to be erased from our records.
- Right to object to processing – You have the right to object and/or remove your consent for certain types of processing.
- Right to raise a complaint – You have the right to complain if you have cause to be concerned about the way we capture, treat or process your personal information.
Changes to this policy
We may change this privacy notice from time-to-time. If we do so, we will post the revised policy on our website and take reasonable, practical steps to ensure that you are aware of the updated privacy notice (including emailing you notifications of the updated privacy notice through our CRI Communication tool).