INTRODUCTION AND SCOPE
1.1. C. SMITH T/A PIKKIE PUBLIKASIES (Woemaboeke) (“we”, “us”, “our”) strive to ensure that our use of the Personal Information of data subjects is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving your experience as a customer and employee of Woemaboeke.
1.3. We offer (among others) the following services (“our Services”):
1.3.1 Printing and distribution of work- and textbooks 1.4. When you contract with us for our Services, access our Website, contact us, or otherwise interact with us we collect Personal Information about you.
1.5. By providing us with your Personal Information, you:
1.7. This Policy applies to all external parties with whom we interact, including but not limited to individual customers, representatives of customer organisations, visitors to our offices, and other users of our Services.
- WHAT PERSONAL INFORMATION DO WE COLLECT?
2.2. “Personal Information” refers to private information about an identifiable living natural or juristic person. Personal Information does not include information that does not identify a person or anonymized information.
2.3. The Personal Information we collect may differ according to the Services you receive from Woemaboeke. We may process various categories of Personal Information as follows:
2.3.1. Identity Information, when registering as a customer, including information concerning your name, company name, identity and registration numbers, marital regime, title, date of birth, gender, and legal status, languages, physical address;
2.3.2. Contact Information, which includes your billing address, service addresses, physical address, email address and telephone numbers;
2.3.3. Credit Information, to provide you with credit, including credit history reports from credit bureaus (with consent where required by law);
2.3.4. Criminal behaviour history, where permitted in respect of prospective employees and job applicants;
2.3.5. Employer Information, where required by law, to enforce or defend our customer’s legal rights in relation to debtors;
2.3.6. Financial Information, where permitted, including details of your existing bondholder and other secured lenders to assess our risk of providing credit to you;
2.3.7. Human Resources in respect of our own employees, including leave records, job applications, medical aid information to administer employment contracts and comply with our legal obligations;
2.3.8. Tax Information where permitted, which includes IRP5 records, PAYE records and VAT registration numbers;
2.3.9. Technical Information, which includes your internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, on the devices you use to access our Website.
2.3.10. Usage Information, which includes information as to your access to and use of our Website, products and Services.
2.3.11. Marketing and Communications Information, which includes your preferences in respect of receiving marketing information from us and your communication preferences.
- SPECIAL PERSONAL INFORMATION
3.1. Where we need to process your Special Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, and per applicable laws.
- HOW WE COLLECT PERSONAL INFORMATION?
4.1. You directly provide Woemaboeke with most of the Personal Information we process. We collect and process Personal Information in the following ways, namely:
4.1.1. through direct or active interactions with you;
4.1.2. through passive or automated collections;
4.1.3. in the course of providing our Services to you or your organisation, including where you register as a customer to use any of our Services or you opt-in to receiving any direct marketing from us;
4.1.4. in evaluating job applicants and onboarding Employees;
4.1.5. from third parties, where permitted.
4.2. Direct or active collection
4.2.1. We may require that you submit certain information to enable you to access portions of our Website, to make use of our Services, to facilitate the negotiation and conclusion of an agreement with us, or that is necessary for our compliance with our statutory, professional or regulatory obligations.
4.2.2. We also collect Personal Information when you communicate directly with us. For example:
(a) Via email, meetings and telephone calls;
(b) When you fill in forms;
(c) When you voluntarily complete a customer survey, provide feedback or ask for marketing information to be sent to you.
4.2.3. If you contact us, we reserve the right to retain a record of that correspondence or telephone call, which may include Personal Information.
4.2.4. The Personal Information we collect from you may include any of the categories listed in paragraph 3 above depending on what will be necessary to perform the Services.
4.3. Passive (automated) collection
4.3.1. We may passively collect certain categories of your Personal Information from the devices that you use to access and navigate our Website or to make use of our services (“Access Devices”) using server logs and your browser’s cookies.
4.3.2. The categories of Personal Information we passively collect from your Access Device may include your:
a) Technical Information;
b) Usage Information; and/or
c) Any other Personal Information which you expressly permit us, from time to time, to passively collect from your Access Device.
4.4. Indirect collection (from third parties)
4.4.1. We may also receive your personal information indirectly from, among others, the following sources (including public parties):
a) our information technology suppliers;
b) from other Responsible Parties where we act as contracted outsourced processors (“Operators”) in performing our Services, including:
• Banks and other financial institutions;
• Retailers and credit providers;
• Medical institutions and insurers;
• Telecommunications providers;
c) law enforcement;
d) Credit bureaus (with your consent, where required by law).
4.4.2. When we collect your Personal Information from third parties it is either because you have given us express consent to do so, your consent was implied by your actions, or because you provided consent, either explicit or implicit, to the third party that provided this information to us.
5. HOW WE USE YOUR PERSONAL INFORMATION
5.1. We Process your Personal Information in the ordinary course of the business of providing our Services.
5.2. We also use the Personal Information we collect to maintain and improve our Website and to improve the experience of its users, and to facilitate the provision of our Services to you, and to comply with our statutory and regulatory obligations.
5.3. We use your Personal Information only for the purpose for which it was originally collected by the relevant Responsible Party and strictly in accordance with their instructions. We only use your Personal Information for a secondary purpose only if such a purpose constitutes a legitimate interest and is closely related to the original purpose and instructions for which the Personal Information was collected.
5.4. We may process your Personal Information during the course of various activities, including but not limited to, the following:
5.4.1. providing our Services at your request (or the request of a Responsible Party), including procurement and delivery of agricultural products on your behalf;
5.4.2. processing and collecting payment for our Services rendered;
5.4.3. provide customer support and respond to and communicate with you about your requests, questions and comments;
5.4.4. transfer of limited and necessary information to our Service Providers and other third parties where required to perform our obligations to you;
5.4.5. With your consent (where required by law), for relationship management and marketing purposes in relation to our Services, including, but not limited to, the development and improvement of our Services, marketing activities (promotions and special offerings), and for accounts management to establish, maintain and/or improve our relationship with you;
5.4.6. communicate with you and retain a record of our communications with you and your communications with us;
5.4.7. detect, prevent, manage and protect against actual or alleged fraud, security breaches, misuse, and other prohibited or illegal activity, claims and other liabilities;
5.4.8. protect our rights in any litigation that may involve you;
5.4.9. comply with our regulatory reporting obligations, including submissions to the South African Reserve Bank, Financial Intelligence Centre, South African Revenue Services, Debt Collections Council and/or other authorities;
5.4.10. for other lawful and legitimate purposes that are relevant to our business operations or regulatory functions.
5.4.11. conduct our recruitment and hiring process, which includes, referrals, capturing job applicant’s details and providing status updates to job applicants to protect our legitimate interest in ensuring a safe working environment.
5.4.12. operate, evaluate and improve our business units, including:
(a) developing new products and services;
(b) managing our communications;
(c) determining the effectiveness of our sales, marketing and advertising;
(d) analysing and enhancing our products, Services, websites and apps;
(e) maintaining the safety, security and integrity of our Website, products and services, databases, networks and other technology assets, and business;
(f) performing accounting, auditing, invoicing, procurement, reconciliation and collection activities; and
(g) improving and maintaining the quality of our customer service;
5.4.13. for the purpose otherwise described to you when collecting your Personal Information, or as otherwise outlined in POPIA.
5.5. Woemaboeke will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
6. LEGAL BASIS FOR COLLECTING AND PROCESSING INFORMATION
6.1. We will only collect and process your Personal Information where:
6.1.1. You have provided us with your consent (as permitted by law);
6.1.2. To perform in terms of a contract with you;
6.1.3. To protect your legitimate interests;
6.1.4. To pursue the legitimate interests of Woemaboeke and our customers which includes:
(a) providing Services to and managing our relationship with existing customers;
(b) fraud and financial crime detection and prevention;
(c) information, system, network, and cybersecurity;
(d) general corporate operations and due diligence;
(e) complying with a legal obligation, and/or enforcing and defending legal claims.
7. COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US
7.1. Where Woemaboeke is required to process certain Personal Information by law, or in terms of a contract that we have entered into with you, and you fail to provide such Personal Information when requested to do so, Woemaboeke may be unable to perform in terms of the contract in place or are trying to enter into with you. In such a case, Woemaboeke may be required to terminate the contract and/or relationship with you, upon due notice to you, which termination shall be done in accordance with the terms of that contract and any applicable legislation.
8. DISCLOSURE OF PERSONAL INFORMATION
8.2. We may disclose your Personal Information to our contracted Responsible Parties, Service Providers and Associates for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and appropriate data protection measures.
8.3. In addition, may disclose your Personal Information:
8.3.1. where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
8.3.2. With our contracted agents, advisers, consultants, service providers, suppliers, banking partners and other Operators who process Personal Information on our behalf and whose assistance we require to conduct our business operations and that:
(b) where such Personal Information is necessary for the performance of their obligations to or on behalf of Woemaboeke (i.e., records storage, payroll, server hosts); and
(c) based on our instructions, are not authorised by us to use or disclose the information except as strictly necessary to perform the services on our behalf as instructed or to comply with legal requirements.
8.3.3. With third party Operators to the extent that they require such specific Personal Information in the provision of services for or to us, which include hosting, development and administration, technical support and other support services relating to our Website and/or the operation of Woemaboeke’s business divisions. We will only authorise the processing of any Personal Information by a third-party Operator on our behalf by, among others, entering into agreements with those third parties governing our relationship with them and highlighting instructions, confidentiality, security and non-disclosure obligations.
8.3.4. If required by law;
8.3.5. to enable us to enforce, implement, or apply any other contract between you and us, or any contract where we act as an agent of the principal contracted with you;
8.3.6. to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents, brokers or any other third party;
8.3.7. to any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation);
8.3.8. With governmental agencies, exchanges and other regulatory or self-regulatory bodies, if required to do so by law or there is a reasonable belief that such is necessary for:
(a) compliance with the law or with any legal process;
(b) the protection and defence of the rights, property or safety of Woemaboeke, our customers, employees, contractors, suppliers, services providers, agents, brokers or any third party;
(d) the protection of the rights, property or safety of members of the public (if you provide false or deceptive information or make misrepresentations, we may proactively disclose such information to appropriate regulatory bodies).
9. STORAGE AND TRANSFER OF PERSONAL INFORMATION
9.1. We have engaged reputable and trusted organisations as outsourced processors (Operators), and in some cases, as sub-processors to provide data storage and cloud services to securely store your information. These servers and cloud storage run in secure premises located in South Africa.
9.2. We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation; Provided that if the location does not have substantially similar laws to those of South Africa, we will take reasonably practicable steps, including the imposing of suitable contractual terms and undertake a due diligence to ensure that your Personal Information is adequately protected in that jurisdiction.
10. SECURITY AND INTEGRITY
10.1. We take all reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration, and destruction through the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information. Unfortunately, despite our best efforts, no data transmission or storage can be guaranteed to be 100% secure. Therefore, we do not make any warranties or guarantees that content shall be entirely 100% secure nor do we accept any liability of whatsoever nature for loss of privacy resulting from any unauthorised disclosure and/or use of your Personal Information, unless such disclosure and/or misuse is as a result of our gross negligence. However, we are subject to the Protection of Personal Information Act 4 of 2013, which we comply with.
10.2. Access to our servers and the servers of the cloud-based database management services is restricted to authorised personnel. These servers and cloud storage implement appropriate security measures.
10.3. Personal Information including banking details, credit history, name and addresses are encrypted as it is transmitted over the internet using SSL. Woemaboeke’s internet servers are also protected by firewalls and access to personal information is limited to minimal authorised personnel of Woemaboek. The security of the Woemaboeke Website and IT systems is also tested regularly, and every effort is made to ensure that security is at an optimum level at all times.
10.4. When processing payment card details, we comply with the applicable Payment Card Industry Data Security Standard (PCI-DSS standard).
10.5. We periodically review our Personal Information collection, storage and processing practices, including physical and digital security measures.
10.6. Woemaboeke has established and implemented data breach management procedures to address actual and suspected data breaches and will notify you and the relevant regulatory authorities of breaches where Woemaboeke is legally required to do so and within the period in which such notification is necessary.
11. RETENTION AND DELETION
11.1. We may retain and process some or all of your Personal Information if and for as long as:
11.1.1. we are required or permitted by law, or contract with you, to do so;
11.1.2. it is for lawful purposes that are related to our performance of our obligations and activities; or
11.1.3. you agree to us retaining it for a specified further period.
11.2. Unless there is a lawful purpose for us to continue processing or storing your Personal Information, we will destroy your Personal Information in the following circumstances:
11.2.1. the Personal Information is no longer necessary for the purpose for which it was collected or processed; or
11.2.2. you withdraw your consent to the processing of your Personal Information; or
11.2.3. you object to the processing of your Personal Information; and
11.2.4. there are no other lawful grounds for us to continue processing your Personal Information.
11.3. We determine the appropriate retention period for Personal Information by considering, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. We will always comply with applicable legal, regulatory, tax, accounting, labour, or other requirements as they apply to the retention of Personal Information.
11.4. We will destroy your data using effective methods including, among others, shredding.
12. MAINTENANCE, CORRECTIONS AND ACCESS
12.1. We are required to take all necessary steps to ensure that your Personal Information is accurate, complete, not misleading and up to date.
12.2. Anyone about whom we maintain Personal Information may request to inspect and, if appropriate, correct the Personal Information held by us. It is your responsibility to inform us, or the persons responsible for the maintenance of your Personal Information, should your Personal Information be incorrect, incomplete, misleading or out-of-date by notifying us at contact details in paragraph 2.2 above. We may require additional information from the requesting party to assure itself of the legitimate basis for the request and the identity and authority of the requestor. Upon receipt and verification of the corrected Personal Information, we will adjust our data or records accordingly.
12.3. A request for correction/deletion of Personal Information or destruction/deletion of a record of Personal Information must be submitted using the prescribed Form 2 which is available on the Information Regulator’s website.
13. DATA MINIMISATION
13.1. We have service level agreements with third parties who send us Personal Information (either in our capacity as a Responsible Party or Operator). These state that only relevant and necessary information is to be provided as it relates to the processing activity we are carrying out.
13.2. We have destruction procedures in place where a data subject or third party provides us with Personal Information that is surplus to our requirements.
14. YOUR DATA PROTECTION RIGHTS
14.1. Data protection laws may grant you with, among others, the following rights:
14.1.1. Request access to your Personal Information – enabling you to receive a copy of the Personal Information retained about you;
14.1.2. Request the correction of your Personal Information – to ensure any incomplete or inaccurate Personal Information is corrected;
14.1.3. Request erasure of your Personal Information – where there is no lawful basis for the retention or continued processing of your Personal Information;
14.1.4. Object to the processing of your Personal Information for a legitimate interest (or those of a third party) – under certain conditions where you feel it impacts your fundamental rights and freedoms;
14.1.5. Request restriction of processing of your Personal Information – to restrict or suspend the processing of your Personal Information to limited circumstances;
14.1.6. Withdraw consent given in respect of the processing of your Personal Information at any time – withdrawal of consent will not affect the lawfulness of any processing carried out before your withdrawal notice. But may not affect the continued processing of your Personal Information in instances where your consent is not required.
14.2. If an above request/objection is to be made, please use the contact information at paragraph 2.2 above and we will revert within 30 calendar days.
15. DIRECT MARKETING
15.1. Woemaboeke would like to send you information about its product and service offerings we believe may be of interest to you.
15.2. If you have agreed to receive direct marketing, you may opt-out at any stage.
15.3. You have the right to, at any time, to stop Woemaboeke or any of its member entities from contacting you for direct marketing purposes.
15.4. If you no longer wish to be contacted for direct marketing purposes, please email info@woemaboeke.
15.5. Once you have chosen to opt-out, we may send you written confirmation of receipt of your opt-out request (which may be in electronic form), and we will thereafter not send any further direct marketing communication to you. However, you may continue to receive communication from Woemaboeke on matters of a regulatory nature, which are not marketing related.
16.1. Our Website and our Services are not targeted at people under the age of 18. We will not knowingly collect Personal Information in respect of persons in this age group without express permission to do so, unless permitted by law.
17. THIRD-PARTY SUB-PROCESSORS/OPERATORS
17.1.1. IT systems and infrastructure;
17.1.2. Debt collection services;
17.1.3. Human resources;
17.1.5. Hosting and email infrastructure;
17.1.6. Credit reference agencies;
17.1.7. Direct marketing / mailing services.
17.2. We conduct strict due diligence and Know-Your-Customer procedures in respect of our external Operators prior to forming a business relationship. We obtain company documents and references to ensure the Operator is adequate, appropriate and effective for the task we employ them for.
18.1. We may place small text files called “cookies” on your device when you visit our Website. Cookies do not contain Personal Information, but they do contain a personal identifier allowing us to associate your Personal Data with a certain device. Cookies serve useful purposes for you, including:
18.1.1. Remembering who you are as a user of our Website to remember any preferences you may have selected on our Website, such as saving your username and password, or settings (“functional cookies”);
18.1.2. allowing our Website to perform its essential functions. Without these cookies, some parts of our Website would stop working (“essential cookies”);
18.1.3. monitoring how our Website is performing, and how you interact with it to understand how to improve our website or Services (“site analytics”).
18.2. Your internet browser may accept cookies automatically and you can delete cookies manually. However, no longer accepting cookies or deleting them may prevent you from accessing certain aspects of our Website where cookies are necessary.
19. THIRD-PARTY COOKIES
19.1. We do not allow for third party cookies on our Website.
20. PRIVACY POLICIES OF OTHER WEBSITES
20.1. Our Website may contain links to other websites, apps, tools, widgets, and plug-ins that are run by third parties. If you visit a third-party website or social media site, you should read that website/ social media’s privacy notice, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties and social media sites. Any personal information you give to those organizations is dealt with under their privacy notice, terms and conditions, and other policies.
20.2. If YOU disclose your personal information directly to any third party other than Woemaboeke, WOEMABOEKE SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF YOUR DISCLOSURE OF YOUR PERSONAL INFORMATION TO SUCH THIRD PARTIES.
21. GOVERNING LAW
22. CHANGES TO THIS POLICY
23. QUERIES, COMPLAINTS, AND INFORMATION REGULATOR
23.2. If you are located outside of South Africa, you may contact the appropriate regulatory authority in your country of domicile.
ANNEXURE – DEFINITIONS
“Associates” means Woemaboeke subsidiaries and the management, employees and consultants of Woemaboeke or any of its subsidiaries;
“Operator” means any person or entity that Processes Personal Information on behalf of a Responsible Party.
“Personal Information” means information or data relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to information relating to –
- race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
“Responsible Party” means the entity that decides how and why Personal Information is Processed. Responsible Parties may instruct Operators to processes Personal Information on their behalf.
“Service Provider” means third party providers of various services with whom Woemaboeke engages, including, but not limited to, retailers, manufacturers and suppliers of agricultural and related products, providers of information technology, communication, file storage, data storage, copying, printing, distribution/logistics, accounting or auditing services, counsel, investigators, attorneys, employee provident/pension fund administrators, and our insurers and professional advisors;
“Special Personal Information” means Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.