PROTECTION OF PERSONAL INFORMATION ACT PRIVACY POLICY

This is the information privacy policy of VASTech SA (Pty) Ltd (registration number 1999/020890/07) (referred to as “VASTech”, “we”, “us” or “our”). We are incorporated under the laws of the Republic of South Africa. Our registered address is Octo Place Block C, 5 Electron Street, Techno Park, Stellenbosch, Western Cape, South Africa.

During your engagements with VASTech, we collect certain personal information in accordance with the law from you.  This policy explains how VASTech obtains, uses and discloses your personal information, in accordance with the requirements of the Protection of Personal Information Act, no. 4 of 2013 (POPIA’).

This policy applies when you:

  • use our services or facilities;
  • visit our websites or interact with us in any other manner;
  • supply services to us that also involves the exchange of personal information; or
  • apply to us for employment or work placement.

The personal information we collect

We collect the following personal information when necessary:

  • Your name, surname and age
  • Your identity – or passport number when necessary
  • Demographic information (age, gender, country and preferred language);
  • Information that allows us to provide services to you or to consider any application which you may direct to us;
  • Your postal address, telephone number, email address, residential address and IP address
  • The details of any enquiry you direct to us
  • The time you spend on our website
  • Cookies and web beacons
  • Your log-in and device information

From whom do we collect your personal information

  • Personal Information you provide:This includes any personal information that you provide to us directly, whether through our website or via phone, text messages, social media or any other medium. This may include personal information you provide to us:
    • by filling in forms on our website or any other platform which we may operate (hereafter referred to as ‘platforms’)
    • when you register on our platforms or subscribe to user services on our platforms
    • by posting comments or content on our platforms
    • when you purchase our services;
    • when you contact us and when you otherwise provide information directly to us.
  • Personal Information we collect or receive when you use our platforms, products or services:We collect personal information by using cookies and web beacons when you make use of our services on our platforms.  This may reveal log-in information, device information, your browser or operating system, your Internet Protocol (“IP”) address and search queries submissions, time spent using our online services, pages visited, referring URL, language preferences and other aggregated traffic data.We use this data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalise your experience while using our online services and to recognise your computer to assist you in using our online services in future. We also gather statistical data to continually improve website and application design and functionality, and to assist us in understanding how they are used by customers.

    Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the online services or to send marketing e-mails. Cookies also allow us to track customer responses to online advertisements and marketing emails.

    If you do not want data collected with cookies, you can choose whether or not to accept cookies by changing your browser settings. However, if you do not accept cookies, you may experience inconvenience in your use of our website. For example, we will not be able to recognise your device and you will need to log in every time you visit. You also will not receive advertisements or other offers from us that are relevant to your interests and needs.

  • Information from third-party sources:We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in other ways. We may also receive information about you when you choose to connect with social networking services while using our platforms.

How we use your information

We will use your personal information only for the purposes for which it was collected and agreed with you.

Some types of personal data are required as a condition for using our services. Mandatory information includes personal data required for processing payments and delivering orders. Failure to provide this mandatory information will mean that you will be unable to place an order with us or making use of our services or facilities.

We collect personal information in the normal course of business for the following purposes:

  • To establish and maintain communications with you
  • To confirm and verify your identity or to verify that you are an authorised user for security and legislative purposes
  • To allow you to register an account on our website or with our third-party service providers
  • To process payments for our services and products and to deliver orders to you
  • To respond to your queries, feedback and complaints
  • To maintain a customer database
  • To provide you with promotional material
  • To inform you of similar products after you have placed an order with us
  • To conduct statistical or demographic analysis
  • To improve your experience on our website
  • To compile information about browsing habits and click patterns via the use of cookies
  • To gain behavioural insight to give you personalised recommendations
  • To conduct market or customer satisfaction research or for statistical analysis
  • For audit and record keeping purpose
  • For the detection and prevention of fraud, crime, money laundering or other malpractice
  • In connection with legal proceedings and regulatory requirements
  • For anything you have specifically consented to

Kindly note that where necessary, your information may be retained without your consent for legal purposes.

How do we share the personal information we collect?

We undertake to use your personal information only for the purpose for which the information is necessary and not to share or further process your personal information except as stated in this policy.  We may share your personal information with third parties –

  • to provide efficient services to you.
  • who are our service providers and who are involved in the delivery of products or services to you. We aim to have agreements in place with these service providers to ensure that they comply with the privacy requirements as required by POPIA.
  • to provide you with more-relevant promotional material on our websites and to encourage you to return to our websites.
  • where we have a duty or a right to disclose in terms of law or industry codes.
  • to update information with credit bureaus
  • to comply with court orders.
  • to recover debts and to liaise with our attorneys in connection with any potential, threatened or actual litigation.
  • where we believe it is necessary to protect our rights.

Third Party Links

We may permit third parties to link to our Sites or to post a link to their site on ours. We do not endorse these sites and are not responsible for other sites or their privacy practices. We do not assume responsibility or liability of any nature whatsoever for the activities conducted or information contained in the third-party websites.

Location of your personal information

Our website is hosted by Xneelo (Pty) Ltd in South Africa, who renders this service in terms of an agreement we have with them.

As some of our service providers are located abroad, your personal information may be processed and stored inside outside the borders of South Africa.  As stated above, we aim to have agreements in place with these service providers to ensure that they comply with similar privacy requirements as required by POPIA.

How long we keep your personal information

Whenever we collect or process your personal information, we will only keep it for as long as is necessary for the purpose for which it was collected, active legal proceedings, an identifiable and ongoing legal business need (such as record keeping) and to the extent permissible by applicable law.

Where there is no sufficient justification to retain such personal information, such personal information will be safely and securely deleted, disposed of, blocked and/or anonymised for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning

Information Security

We are legally obliged to provide reasonable protection for the personal information we hold.  We will on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.

We use reasonable technical, administrative and physical measures to protect personal information contained in our system against misuse, loss or alteration. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We cannot enforce or control the security of the computers, electronic devices, or electronic communication method that you use to send e-mails and submit personal information to us over the Internet. You are responsible for ensuring that the computers, electronic devices and electronic communication methods you utilize will provide adequate security for communicating with us. We are not responsible for the disclosure or interception of your personal information before we receive it.

Our security policies and procedures cover:

  • Physical security
  • Computer and network security
  • Access to personal information
  • Secure communications
  • Security in contracting out activities or functions
  • Retention and disposal of information
  • Acceptable usage of personal information
  • Governance and regulatory issues
  • Monitoring access and usage of private information
  • Investigating and reacting to security incidents

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.

We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.

Your Rights

  • Access to information

You may request a copy of the personal information we hold about you. To do this, simply contact us at the numbers or addresses as provided on our website and specify what information you require.  We will need a copy of your ID document to confirm your identity before providing details of your personal information.

Please note that any such access request may be subject to a payment of a legally allowable fee.

  • Right to withdraw consent 

Where we have relied on your consent to process particular information and you have provided us with your consent to process data, you have the right to withdraw such consent at any time.

  • Correction of your information

You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate. In certain circumstances we may have the right to refuse to delete your personal information.

  • Right to object to processing justified on legitimate interest grounds

You have the right to object to the use of your personal information for direct marketing or where we use it on the basis that we say we have a legitimate interest in using it.

  • Right to lodge a compliant

You also have the right to lodge a complaint with the South Africa Information Regulator if you consider that the processing of your personal data infringes applicable law.

The Information Regulator (South Africa)
SALU Building,
316 Thabo Sehume Street,
Pretoria
T +27 12 406 4818
F +27 86 500 3351
inforeg@justice.gov.za

How to contact us

Our information officer is Ms Marietjie Strydom.  If you have any questions about this Notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access; wish to bring any complaints to our attention; or correct your personal information, please contact our information officer, whose contact details are as follows:

Email: info@vastech.co.za

Telephone: +27 21 880 9800

Postal address: 5 Electron Street, Octo Place Block C, Techno park, Stellenbosch, Western Cape, South Africa,  7600

DEFINITIONS OF TERMS USED IN THIS NOTICE

In this notice, the following terms and expressions, will have the meaning as assigned to them by POPIA:

  • Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our firm.
  • Data subject is an individual or juristic person to whom personal information relates. 
  • Electronic communication means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient. 
  • Information security breach is any incident:
    • in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed or otherwise used or processed in an unauthorised manner; or
    • that results in the unauthorized access of information, applications, services, networks and/or devices by bypassing our firm’s security mechanisms. 
  • IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses our website, along with the time of the visit and the pages that were visited. 
  • Personal information is Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –
    • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    • information relating to the education or the medical, financial, criminal or employment history of the person;
    • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
    • the biometric information of the person;
    • the personal opinions, views or preferences of the person;
    • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • the views or opinions of another individual about the person; and
    • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. 
  • Processing means any operation or activity or any set of operations of the responsible party, whether or not by automatic means, concerning personal information, including —
    • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of personal information;
    • dissemination of personal information by means of transmission, distribution or making available in any other form; and
    • merging, linking, as well as restriction, degradation, erasure or destruction of personal information. 
  • Record means any recorded information regardless of form or medium, including any of the following:
    • writing on any material;
    • information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
    • label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
    • book, map, plan, graph or drawing; and
    • photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;

    in the possession or under our firm’s control, whether or not it was created by us; and regardless of when it came into existence.

  • Responsible party means VASTech SA (Pty) Ltd (registration number 1999/020890/07).
  • Special personal information is information that relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject. It also includes criminal behaviour relating to alleged commissions of offences or any proceeding dealing with alleged offences.