UNISTO (PTY) LTD WEBSITE PRIVACY POLICY

Introduction

The purpose of this policy is to enable the organisation to:

  • comply with the law in respect of the data it holds about individuals;
  • follow good practice;
  • protect the organisation’ staff and other individuals
  • protect the organisation from the consequences of a breach of its responsibilities.

This policy applies to information relating to identifiable individuals, in terms of the Protection of Personal Information Act, 2013 (hereinafter POPI Act).

Scope

The organisation will:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently

The organisation recognises that its first priority under the POPI Act is to avoid causing harm to individuals. In the main this means:

  • keeping information securely in the right hands, and
  • retention of good quality information.

The Act aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, the organisation will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.

Cookies

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser to enable our systems to recognise your browser and to automatically collect information from your computer such as your IP address and other details about your computer which are automatically collected by our web server, operating system and browser type, for system administration and to report aggregate information to us. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

The “Help” menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer. However, because cookies allow you to take advantage of some of the Company’s essential features, we recommend that you leave them turned on. If you do leave cookies turned on, be sure to sign off when you finish using a shared computer.

Storage and Processing

All Personal Information which you provide to the Company will be held and/ or stored securely for the purpose of collection. Your Personal Information will be stored electronically in a database. Where appropriate, some information may be retained in hard copy. In either event, storage will be secure and audited regularly regarding the safety and the security of the information.

Where data is stored electronically outside the borders of South Africa, such is done only in countries that have similar privacy laws to our own or where such facilities are bound contractually to no lesser regulations than those imposed by POPI.

Once this information is no longer required, due to the fact that the purpose has been served, such Personal Information will be safely and securely archived for a period of 7 years, as per the requirements of the Companies Act, 71 of 2008, or longer, should this be required by any other law applicable in South Africa. Thereafter, all your Personal Information will be permanently destroyed. Information about our members is an important part of our business and we do not sell it to others. The Company shares customer information only as described below.

Third Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include sending postal mail and e-mail, removing repetitive information from customer lists, analysing data, and providing marketing services. Third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this privacy policy and as permitted by South African data protection legislation.

Business Transfers: As we continue to develop our business, we might sell or buy or subsidiaries or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy policy (unless, of course, the customer consents otherwise). Also, in the unlikely event that the Company or substantially all of its assets are acquired, personal information will of course be one of the transferred assets.

Protection of the Company and others: We release account and other personal information when we believe that such a release is appropriate to comply with the law; enforce or apply our customer or other agreements; or protect the rights, property or safety of the Company, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, sharing or otherwise disclosing personally identifiable information from customers for commercial purposes in a way that is contrary to the commitments made in this privacy policy. With your consent, other than as set out above, you will receive notice when information about you might go to third parties and you will have an opportunity to choose not to share the information.

Data Subject Requests

Subject access requests must be in writing. All staff is required to pass on anything which might be a subject access request to the POPI Act Information Officer without delay, and submitted to info@unisto.co.za

Requests for access to personal information will be handled in compliance with the POPI Act and in compliance with the Promotion of Access to Information Act (PAIA), as defined in the organisation PAIA Manual.