Effective date: 1 March 2021 | Last reviewed: 23 August 2023 | Version: 3
Prepared for Netsurit (Pty) Ltd by: Morné Fourie, Deputy Information Officer, mornef@netsurit.com
Contents
1.3. The information we collect 3
1.4. Categories of Data Subjects we process. 4
1.5. How we use your information. 5
1.6. Disclosure of information. 5
1.7. Information Security including cross border processing. 5
1.9. Your Rights: Access to information. 6
1.10. Retention of personal information. 7
1.11. Changes to this notice. 7
1.1. Introduction
This Privacy Notice explains how we obtain, use and disclose your personal information, as is required by the Protection of Personal Information Act No.4 of 2013 (“POPIA”).
At Netsurit we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
This Notice sets out:
- Who we are
- What information we collect
- Categories of data subjects we process
- To whom we disclose your information
- How we safeguard your information
- Your rights to access and correction of information
- Changes to this Notice
- How to contact us
1.2. Who we are
Netsurit (Pty) Ltd (“Netsurit”) provides a range of outsourced IT support options for full outsource or in-house IT departments based on ITIL and Microsoft operating framework. We provide Hardware, Software, IT Consulting and Network Support regarding your needs.
We have offices in Johannesburg and Cape Town.
| Johannesburg Physical Address: Building 22B Woodlands Office Park, Woodlands Drive, Woodmead, Johannesburg, South Africa, 2080 | Cape Town Physical Address: Building 17-101, The Waverley Business Park |
1.3. The information we collect
We collect and process your personal information mainly to provide you with access to our services, to help us improve our offerings to you and sending you updates about our product and service catalogue. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
We collect information directly from you where you provide us with your personal details, for example when you purchase services from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional, and the consequences, if any, of not providing the information. We might obtain your information from other sources, such as your employer where we have a service agreement with your company.
We record telephone calls between you and us for Quality Assurance, contractual, training and service improvement purposes. Should you visit our premises we record images on CCTV for security purposes.
You agree by submitting Personal Information to us, that you consent to the processing of Personal Information in accordance with POPIA. You warrant that the information provided to us is correct and accurate, and in the event that you are providing Personal Information in respect of a third party, that you are duly authorised to do so.
1.4. Categories of Data Subjects we process
The information provided under this section refers to broad categories of information (this list is not exhaustive):
Clients: Natural persons: names; contact details; physical and postal addresses; date of birth; ID number; tax related information; nationality; gender; confidential correspondence.
Clients: Juristic persons / entities: names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories; beneficiaries; ultimate beneficial owners.
Clients: Foreign persons / entities: names; contact details; physical and postal, financial information, addresses; date of birth; passport number tax related information; nationality; gender; confidential correspondence; registration number; founding documents; tax related information; authorised signatories, beneficiaries, ultimate beneficial owners.
Contracted Service Providers: Names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories, beneficiaries, ultimate beneficial owners.
Intermediary / Advisor: Names of contact persons; name of legal entity; physical and postal address and contact details; financial information; registration number; founding documents; tax related information; authorised signatories, beneficiaries, ultimate beneficial owners.
Employees / Directors / Potential Personnel / Shareholders / Volunteers / Employees’ family members / Temporary Staff: gender; pregnancy; marital status; race; age; language; education information; financial information; employment history; ID number; next of kin; children’s name, gender, age, school; physical and postal address; contact details; opinions, criminal behaviour and/or criminal records; well-being; external commercial interests; medical information.
Website end-users / Application end-users: names; electronic identification data; IP address; log-in data; cookies; electronic localization data; cell phone details; GPS data.
1.5. How we use your information
We will use your personal information only for the purposes for which it was collected or agreed with you, for example:
- To provide our services to you, to carry out the transaction you requested and to maintain our relationship;
- To confirm and verify your identity or to verify that you are an authorised user for security purposes;
- For the detection and prevention of fraud, crime, money laundering or other malpractice;
- To conduct market or customer satisfaction research or for statistical analysis;
- To market our products and services to you;
- To help keep our environment secure;
- For audit and record keeping purposes;
- For client satisfaction and quality control purposes;
- In connection with legal proceedings; and
- When it is allowed in accordance with the provisions of POPIA.
We will use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law.
The lawful basis of our use of your information will usually be based on a contract that we have with you, or your consent where required. Consent can be withdrawn at any time.
1.6. Disclosure of information
We may disclose your personal information to our service providers who are involved in the delivery of services to you. We have agreements in place to ensure that they comply with these privacy terms.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of law or industry codes;
- In connection with legal proceedings or prospective legal proceedings;
- To the purchaser (or prospective purchaser) or any business or asset which we contemplate selling; or
- Where we believe it is necessary to protect our rights.
1.7. Information Security including cross border processing
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of personal information. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal information is secure.
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. The servers that we store personal information on are kept in a secure environment.
We restrict access to personal information to employees who need to know that information in order to operate, develop, continue to deliver or improve our services. We train our employees on how to safely handle personal information.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure. We may need to transfer your personal information to another country for processing or storage. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
1.8. Direct marketing
In order to provide you with ongoing services, we may use your Personal Information to keep you informed about other related products and services which may be of interest to you. You may at any time opt out of receiving any further communications of such nature.
1.9. Your Rights: Access to information
You have the right to:
- request a copy of the personal information we hold about you;
- understand the manner in which we process your Personal Information, and the purpose of such processing;
- to ask us to update, correct or delete your personal information; and
- object to the processing of your personal information.
We might under certain circumstances not be able to accede to your request due to legal reasons. Should this be the case it will be communicated to you, and a note of your request will be made on the record.
We will take all reasonable steps to confirm your identity before making changes to personal information we may hold about you.
To exercise your rights, contact your Account Executive or send an email to access_info@netsurit.com.
Should you not be satisfied with our response to your request you have the right to lodge a complaint with the Information Regulator. More details are available here: https://inforegulator.org.za/complaints/
1.10. Retention of personal information
We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purpose of satisfying any legal, accounting or reporting requirements. How long we hold personal information for will vary. The retention period is determined by various criteria including:
- The purpose for which we are using it – we will need to keep the information for as long as is necessary for that purpose; and
- Legal obligations – laws or regulation may set a minimum period for which we have to retain personal information.
1.11. Changes to this notice
Please note that we may amend this Privacy Notice from time to time. Please check our website periodically to inform yourself of any changes.
This Privacy Notice shall be governed by and interpreted in accordance with the laws of the Republic of South Africa, which shall have exclusive jurisdiction over any disputes.
1.12. How to contact us
If you have questions about this Privacy Notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us by sending an email to access_info@netsurit.com.
