JULY 1, 2021

ROYAL DECKING DATA PRIVACY POLICY

INTRODUCTION TO THE PROCESS OF PERSONAL INFORMATION ACT (REFER TO POPI ACT OR “POPIA”)

As you may become aware, the Protection of Information Act of 2013 (“POPI ACT”) has come into full effect and enforced on the 1st July 2021. At Royal Decking, we are committed to keep up with the changes in the legal environment, and ensuring that we take the necessary steps to make changes from both the operational and framework perspective. This privacy notice provides details of the personal information we collect from you, what we do with it, how you might access it and who it might be shared with.Protecting your privacy is important to us. The Protection of Personal Information Act (POPI) is aimed at protecting your personal information and prescribes what we can and cannot do with it. We are committed to protecting your personal information and ensuring that your personal information is processed in a manner that complies with POPI. The POPI Act focus on Eight Conditions for Lawful Processing (refer to Chapter 3 of full Act), therefore Royal Decking will ensure that we comply accordingly. It refers to these rules as conditions, and they largely cover what data you collect, what you can do with the data, and how you protect both the data and the data subject. Royal Decking will have a “Privacy Data Notice” for “Data Subjects”, setting out how your personal information will be used. This privacy policy is hereby incorporated into and forms part of our agreement with you. It explains how we deal with your personal information. This privacy policy applies to all personal information that Royal Decking collects from you.

WHAT WE DO WITH YOUR PERSONAL INFORMATION

We use your personal information only for the purpose for which it is collected. Among others, this purpose could be to provide a service, to conclude or perform a contract to which the data subject is party, assist us with administration, training, recruiting prospective employees or even to comply with a legal obligation. We may use your personal information for other similar purposes, including marketing and communications, but that will only occur in the case where we have your consent or another lawful justification for doing so. Direct Marketing plays a big role as a way to communicate and render a service to our clients/prospect clients that this form of communication will be specifically focused to cater to their needs. Marketing or Communication tools that Royal Decking use to communicate with its external stakeholders/ clients will be as follow:

  • Newsletters
  • Homemakers Magazine
  • Telephonically
  • WhatsApp
  • Emails

Please note that there might be a request to communicate or promote the products and services by other means of communication, therefore Royal Decking will still ensure that it comply regarding the POPI framework that focus on “Consent” from the “Data subject”.

WHAT PERSONAL INFORMATION DO WE COLLECT?

We only collect the minimum amount of information that is relevant to the purpose. If you interact with us on the internet, the personal information we collect depends on whether you just visit our website or, use our services. If you visit our website, your browser transmits some data automatically, such as your browsing times, the data transmitted and your IP address.

If you use our services, personal information is required to fulfil the requirements of that service.

Generally, we collect the following personal information. If there is any specific personal information to collect, we will indicate as such, at or near the time of collection.

  • Telephone number
  • Company Registration number
  • Physical address
  • Confidential Correspondence
  • Email address
  • Financial & banking details
  • Location information
  • Name, together with other identifying information
  • Identification Number
  • Education history
  • Employment history
  • In Addition to collecting personal information directly from you or Third parties, we also collect information from our cookies or any other analytical information that is link to our website, once you’ve visited Royal Decking website;

COOKIES INFORMATION:

When you visit our website, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us, or our business partners, to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.

WHO MIGHT WE SHARE YOUR PERSONAL INFORMATION WITH?

To maintain and improve our services, your personal information may need to be shared with or disclosed to our service providers, third parties that only provide specific services to Royal Decking to either improve or conclude a contract, other organisations such as ours or, in some cases, public or legal authorities.

If we transfer your personal information outside of South Africa, we apply the necessary safeguards which include, confirming whether the receiving country has the proper data protection law, ensuring that there is a binding agreement between parties or, if the transfer is internal to our organisation, commitment to binding corporate rules. Details of these safeguards may be obtained by contacting us directly.

HOW DO WE LOOK AFTER PERSONAL INFORMATION?

You have the right to request access to any of your personal information we may hold. If any of that information is incorrect, you may request that we correct it. If we are improperly using your information, you may request that we stop using it or even delete it completely.

IF YOU WOULD LIKE TO MAKE A REQUEST TO SEE WHAT PERSONAL INFORMATION WE HAVE/MIGHT’VE OBTAINED, YOU MAY MAKE A REQUEST FROM OUR ORGANISATION WEBSITE OR CONTACT US AS PER THE DETAILS ABOVE.

Where you have previously given your consent to process your personal information, you also have the right to request that we transmit your personal information to a different service provider.

Where it may have been necessary to get your consent to use your personal information, at any moment, you have the right to withdraw that consent. If you withdraw your consent, we will cease using your personal information without affecting the lawfulness of processing based on consent before your withdrawal.

COMPROMISE OF INFORMATION

In the event that any information under our control is compromised as a result of a breach of security, Royal Decking Components will take reasonable steps to investigate the situation and where appropriate, subject to section 22 of POPI, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Please don’t hesitate to contact Royal Decking at Popi@flash.za.com should you wish to enquire about our Data Privacy Policy and you can also view the full Process of Personal Information Act of 2013 (POPIA) (Link to PDF)
https://www.gov.za/documents/protection-personal-information-act

DEFINITIONS

According to the POPI Act “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, color, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

‘consent’’ means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;
‘‘data subject’’ means the person to whom personal information relates;
‘‘direct marketing’’ means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of— (a) promoting or offering to supply, in the ordinary course of business, any goods 30 or services to the data subject; or (b) requesting the data subject to make a donation of any kind for any reason;