What is personal information?
In South Africa, the Protection of Personal Information Act 4 of 2013 (“POPI”) was signed into law on 19 November 2013.
Personal information is defined by POPI as information that can identify or is about a natural or juristic person. Personal information is a name, email address, physical address, and any other information about a person’s race, gender, medical history, criminal history, religion, beliefs, and so on.
What is the processing of personal information?
Collecting, using, storing, and deleting or destroying personal information.
How does SaYes receive my personal information?
We receive, collect and store any information you enter on our website and other online platforms, or provide us in any other way. Users and Subscribers to our online platforms can be assured that their data is only processed for the purpose of completing a purchase, refund or exchange transaction, delivery of Goods, receiving information, promotions, general communications and updates from us. If you do not want us to process your personal information at any point, please contact us at firstname.lastname@example.org, or opt-out from the link provided in communications from us where this is available.
Cookies and analytic tools
This website uses various web analytic tools. These tools help us with information about how visitors use our site. With this anonymous information we are able to generate statistical reports. The data generated from statistical tools will never be used to collect personal data. Personal data (or personal information) is collected when a User or Subscriber provides us such information via our platforms.
Disabling and enabling cookies
Please follow your browser instructions for enabling and disabling cookies.
We take our responsibility under The Protection of Personal Information Act 4 of 2013 (also known as POPIA) seriously, and we have therefore put in place strict measures to ensure that any personal information we receive whilst providing a service is kept secure and is used only for the purpose for which it was collected.
What is POPIA about?
POPI prescribes a set of conditions and principles that regulate the collection, processing and use of personal information, and ensures the lawfulness of such actions. These principles and conditions have been enacted (made to law) to promote the constitutional right to privacy contained in section 14 of the South African Constitution and to protect a person’s personal information and the use of this information by third parties. Bear in mind that different countries have their own unique privacy laws.
Importantly, POPI protects persons from suffering damage and harm by requiring entities and parties who receive their personal details to protect the confidentiality and integrity of such information. POPI therefore places an important responsibility on parties who collect, store, use and destroy personal information, and also provides rights and solutions to persons whose rights have been infringed in terms of POPI. It requires the relevant parties dealing with personal information to take care of such information and protects the general public against the incorrect and unauthorised use of their personal information, whether used for purposes of identity theft, abusive marketing practices or other unauthorised purposes. It is important to be aware that POPI does not aim to stop the flow or sharing of personal information, but rather aims to establish and set guidelines and rules for how this must be done in line with international standards, to protect the privacy of the persons whose personal information is being processed.
Terms and Definitions
- Data Subject: The individual whose personal data is being processed and to whom personal information relates.
- Responsible Party: The responsible party is the individual or company, either public or private, that processes personal information and determines its purpose.
- Operator: A responsible party should not be confused with an operator who is a person processing the information on the instruction of the responsible party by contract or mandate and is not under the direct authority of the responsible party. When personal information is processed by an operator the responsible party still remains responsible for the processing.
- Personal information: In terms of POPI, personal information is any information relating to an identifiable, living natural person and, if applicable, to an existing identifiable juristic person (which is known as a “data subject”).
- Personal information may therefore include but is not limited to any of the following – information relating to race, gender, sexual orientation, medical history, criminal history, religion, beliefs, disabilities, marital status, pregnancy, language, education, finances, employment history, online identifiers, pseudonyms, physical address, telephone numbers, and biometric information. If processing a name of a person reveals that person’s personal information, then the name is also considered personal information.
- Processing: The processing of personal information involves any collection, use, storage, deletion, or destruction of personal information.
How we receive your personal information
We receive and process any information you enter on our website and other online platforms, or provide us in any other way. Users and Subscribers to our online platforms can be assured that their data is only processed for the purpose of processing a purchase, refund or exchange transaction, delivery of Goods, receiving information, promotions, general communications and updates from us.
How we process your personal information
We receive, use, store and eventually destroy personal information (such as name, surname, email address, phone number, physical and postal address, etc.) you provide us when you become a customer or a supplier. The personal information that we collect is processed in line with the 8 conditions for lawful processing in the Protection of Personal Information Act. We therefore:
- Accept joint responsibility and accountability with you to responsibly manage and protect your Personal Information when providing our services and solutions to you;
- Undertake to receive, only from you, and process the Personal Information that is necessary for the purpose to assist you with your required transaction or solution, conclude the necessary related agreements and consider the legitimate legal interests of everyone concerned, as required by the Act and to respect your right to withdraw your consent for the processing of your Personal Information;
- Undertake to only use your Personal Information for the purpose for which it was collected;
- Undertake not to share or further process your Personal Information with anyone if not required for assisting you with your solutions or by the law;
- Undertake to be open and transparent and notify you as and when required by law regarding why and how your Personal Information needs to be collected;
- Undertake to safeguard and protect your Personal Information in our possession;
- Undertake to freely confirm what Personal Information we have, to update and correct the Personal Information, and to keep it for no longer than legally required. You have the right to ask for your personal information to be rectified or deleted.
SaYes requires its operators (suppliers) who process information personal on our behalf to have an agreement, which is known as an operator’s agreement, in place with us. Our suppliers may need to process personal information in order for us to provide a service to you.
Other reasons for processing your personal information include:
- To assist us in carrying out a transaction you requested and to maintain our relationship;
- To respond to your queries;
- To confirm and verify your identity or to verify that you are an authorised user for security purposes;
- For billing and other accounting purposes;
- To assess and process orders;
- To conduct credit reference searches or verification, only if you authorise this or if it’s a requirement to provide solutions to you;
- For operational purposes required to assist you with the solutions you require;
- For audit and record-keeping purposes;
- In connection with possible requirements by the Information Regulator or other Government agencies allowed by law, legal proceedings, or court rulings.
Consent to processing and correction of personal information
When you use any of our services you provide us your personal information and consent to the processing thereof. If you do not want us to process your personal information anymore, or wish to have your personal information rectified, please contact us at email@example.com, or opt-out from the link provided in communications from us where this is available.
SaYes collects information to improve the services we provide and to present you with information and services that will interest you. We also use your information to measure our success and performance. For example, aggregate information gives us an idea of the number of visitors we attract and how they navigate our websites.
Unless you voluntarily provide personal information for a specific purpose, we do not collect personal information from you. We will never combine any personal information about a user of our site with any aggregate information we collect about that user, whether collected on our site or our advertising service. If you choose to provide personal information during registration or when using our services, we use your personal information to provide you with particular product or services that you request. If your personal information changes, you may correct, update or delete it by emailing our Customer Support at sales@SaYes.co.za.
SaYes will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. However, we may transfer personal information in connection with a sale or merger of SaYes or the division responsible for the services provided to you. We may also share your personal information, such as your email address, mailing address, etc., with our technical consultants, third party auditors and other third parties who make our site available, enhance its functionality or provide associated services and/or who deal with you in processing your orders and/or delivering content, samples, products, services and gifts and prizes. These third parties are not allowed to use personal information except for the purposes of providing the applicable services. In addition, we reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our website. Our site and services are maintained in South Africa. By using the site and/or services, you authorize the export of personal information to South Africa and its storage and use as specified in this policy.
Other Information We Collect and Use
Third Party Website Links
Some of our websites provide links to third party websites, such as those of our affiliates, business partners and advertisers. We have no access to or control over their practices. Because SaYes does not control the information policies or practices of these third party websites, you should review their privacy policies to learn more about how they collect and use personal information.
SaYes stores all data using industry standard security devices, such as firewalls and encryption protocols, to safeguard against unauthorized access to our data. We have put in place reasonable physical, electronic, and managerial procedures coupled with carefully developed security procedures to protect your information from loss, misuse or unauthorized alteration. When we ask for sensitive information, such as credit card numbers, we protect it through the use of the Secure Socket Layer (SSL) protocol which provides encryption during transmission. We have put in place policies to restrict access to your information by our employees. Our employees are trained to safeguard your information.
Protection for Children
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their children’s’ online activity. We do not knowingly collect personal information from anyone under the age of 13.
If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best to promptly remove such information from our records.
We may change our processes from time to time
We may decide to change how we implement our obligations under the POPI Act. We will notify our customers of changes via email or post updates to our website at https://www.sayes.co.za/privacy-policy.
If you have questions regarding our POPIA compliance, please contact us at:
SaYes Pet Care (Pty) Ltd
Phone: 086 00 SAYES
Information Officer: Dr Cizelle Naudé
Contact the Information Regulator
Complaints email: complaints.IR@justice.gov.za
General enquiries email: firstname.lastname@example.org.