Privacy Policy

PRIVACY NOTICE AND POPIA SECTION 18 INFORMED CONSENT NOTICE


CONSENT TO PROCESS PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF INFORMATION ACT, 4 OF 2013 (POPIA)


(EMAIL, WEBSITE AND SOCIAL MEDIA PRIVACY / INFORMED CONSENT NOTICE)


Please read this Notice before you proceed to provide the required Personal Information. By providing us with your Personal Information, you consent to SERUSI (Pty) Ltd, hereinafter “the Company” processing your Personal Information, which the Company undertakes to process strictly in accordance with this section 18 informed consent document.


INTRODUCTION


The Company herein, being SERUSI (Pty) Ltd, and being a private company established and duly registered in accordance with the company laws of the Republic of South Africa, (hereinafter referred to as the "Company").

In terms of a law known as the Protection of Personal Information 4 of 2013, (POPIA) everyone has the right to privacy, including the right to the lawful collection, retention, dissemination and use of one's Personal Information.

In order to give effect to this right, the Company is under a duty to provide any person whose personal information is processed by it, known as a data subject, with a number of details pertaining to the use of and subsequent processing of the data subject's personal information, before such information is used or processed.

In accordance with this requirement, the Company sets out below:

The reasons why it will be required to process a data subject's personal information;

The conditions under which it will receive and use a data subject’s personal information;

How the Company will use and handle this personal information; as well as

The conditions under which it will provide its own personal information.


APPLICATION


This is the privacy policy of the Company, which is applicable to all the Company’s social media and electronic platforms, including websites and or email, whether owned by, established by, used by, hosted by and / or accessed by data subjects, which data subjects include, without detracting from the generality thereof, the Company’s entities, learners, Company employees and staff, contractors and service providers and / or other third parties who may access and make use of the Company’s social media and electronic platforms.



This privacy policy furthermore applies to:

the data subjects who may make use of, or access the Company social media and electronic platforms and all the processing of personal information by the Company as a result of a data subject making use of, or accessing the Company social media and electronic platforms except to the extent that a separate POPIA policy has been issued in respect of a specific service or product and related processing activities; and

all the personal information which is owned by the Company and which is provided to any responsible parties and / or operators as a result of a data subject accessing or making use of the Company social media and electronic platforms.


ACCOUNTABILITY


The Company takes the privacy and protection of a data subject's personal information very seriously and will only process a data subject's personal information in accordance with POPIA and the terms of this privacy statement.

In turn where the Company provides any of its personal information to a responsible party or operator, then such person will be required as a condition of receiving such information, to process such personal information in accordance with POPIA and the terms of this privacy statement.

Accordingly, the relevant data privacy principles relating to the processing of personal information, whether that belonging to the Company or that belonging to a data subject (including, but not limited to, the collection, handling, transfer, sharing, correction, storage, archiving and deletion) will apply without exception, save where POPIA provides for such an exception, to all and any personal information provided by the Company to another or received by the Company as a result of the use of the Company email, and / or social media and electronic platforms.


AGREEMENT TO BE BOUND AND CONSENT TO PROCESS


By accessing or using the Company website and URL’s, any sites housed under its domain names and / or social media platforms, and / or when sending or receiving emails using the Company email, the data subject;

Acknowledges that it has read and understood this section 18 informed consent notice and related provisions;

agrees to be bound by this section 18 informed consent notice and the privacy policy;

agrees to comply with this section 18 informed consent notice and privacy policy; and

gives the Company consent to process and further process the required personal information in accordance with this section 18 informed consent notice.


RECEIPT, USE AND SHARING OF PERSONAL INFORMATION BY THE COMPANY


The Company will receive personal information pertaining to a data subject when the data subject submits a query or request via the Company website, or by way of email, telephone or via social media.

On receipt of the request or query, the Company will thereafter use and process the data subject's personal information for a variety of purposes, depending on the query or request, which without detracting from the generality thereof may include:

for the purposes of identifying and / or verifying the data subject’s details;

for the purposes of providing information, products and / or services that the data subject, may have requested;

for employment application purposes;

for the purposes of managing any information pertaining to the data subject;

for general administration purposes;

for legal or contractual purposes;

to help the Company improve the quality of the Company products and services;

to help the Company detect and prevent fraud and money laundering;

for the purposes of recovering unpaid fees and / or any other amount due to the Company;

for the purpose of debt collection;

for the purposes of research, analytical and statistical purposes;

for the purpose of carrying out analysis of customer profiling;

for the purposes of identifying other products and services which might be of interest to the data subjects;

for the purposes of informing a data subject about the Company products and services.

In order to correctly handle any request or query, and in order to perform the purposes described above, the Company may from time to time share a data subject's personal information with the following parties:

the Company employees, which will only be done on a need-to-know basis;

the Company carefully selected business partners who provide products and services which may be of benefit to a data subject which will only be done on a need-to-know basis; and

the Company operators such as service providers and agents who perform services on our behalf which will only be done on a need-to-know basis and in terms of an operator agreement.

The Company does not share a data subject's personal information with any third parties who have not been described above, unless:

the Company is legally obliged to provide such information to another for legal or regulatory purposes;

the Company is required to do so for purposes of existing or future legal proceedings; the onward transmission or sharing of personal information is necessary for the pursuance or protection of the Company's legitimate interests or that of the data subject or a third party;

the Company is involved in the prevention of fraud, loss, bribery or corruption and is using another agent or service provider under a mandate to provide such service,

and under all of the abovementioned circumstances, the Company will take reasonable measures to ensure that such personal information is only provided to the recipient if such recipient undertakes to keep the information confidential and secure.

Where the Company has to transfer the data subject's personal information across the South African borders, it will ensure that before it does so, that it will ensure that the recipient thereof agrees to be bound by POPIA under and in terms of a set of binding corporate rules or binding agreements that provide an adequate level of protection and uphold the principles for the reasonable and lawful processing of such personal information.


RECEIPT, USE AND SHARING OF THE COMPANY PERSONAL INFORMATION


The Company on receipt and in response to a query or request received from a data subject, referred to under section 5 above, will transmit via its website, or by way of email, telephone or via social media, its own personal information, which personal information on receipt by the requesting or receiving data subject may only be used for the purpose relating to the initiating of the request or query and for no other purpose. Furthermore, the recipient undertakes that it will not share this information with any other party, or save it only where it has been given express permission to do so by the Company.


INFORMATION QUALITY / OPENNESS / DATA SUBJECT PARTICIPATION


Whilst the Company will make every effort to ensure the integrity and accuracy of a data subject's personal information, this may not at all times be possible. Following this, the data subject accepts the responsibility for keeping its / her or his information up to date, and undertakes to inform the Company of any changes to its / his or her personal information. This can be done by accessing the prescribed change of details form on the Company’s website / Privacy (POPIA) Page and submitting same to the Company’s Information Officer.

A data subject has a right of access to any personal information which the Company may have and where applicable may ask the Company to correct any inaccuracies in or to any such personal information. This request must be done by way of a formal Company PAIA process, which is accessible on the Company’s website /Privacy (POPIA) Page. A data subject may contact the Company's Information Officer at the following address: info@serusi.co.za should you have any questions, complaints or objections regarding the processing of its personal information.


SECURITY OF PERSONAL DATA


The Company makes all reasonable efforts to keep its website secure at all times, however advise that it cannot guarantee the security of any information provided to us or by us through the Company website, email, internet or social media sites. The Company cannot be held responsible for any loss or unauthorized use or interception of information transmitted via these sites, such as the internet which is beyond the Company's reasonable control.

The Company website may contain links to other websites outside of the Company control. The Company is not responsible for the content, privacy or security of these other third party-controlled websites.

The Company has placed cookies on its website which makes contact with your / a data subject's device to help make its website better. A data subject may change these cookie settings by accessing the relevant settings. When the settings are not amended or changed, the Company will accept that you are happy that these cookies access and make use of your details.

The Company may make use of social plug-ins of social networks such as Facebook, YouTube, LinkedIn, Google+ and Twitter. Please note that the Company has no influence on or control over the extent of the data retrieved by the social networks' interfaces and the Company can accordingly not be held responsible or liable for any processing or use of personal information transmitted via these social plug-ins. For information on the purpose and extent of the data retrieval by the social network concerned, and about the rights and settings possibilities for the protection of your private sphere, please refer to the data protection information provided by the social network in question.

Note that all Telephone calls may be recorded and / or monitored for security and quality assessment purposes.

Subject to the provisions above, the Company has implemented the appropriate technical and organizational security measures which are required in order to protect all personal data which it holds from and / or against unauthorized access, accidental or willful manipulation, loss or destruction.


THIRD PARTY INFORMATION AND THAT BELONGING TO MINORS


If a data subject provides the Company with personal information on behalf of another, the Company will not be able to process the query or request unless such query or request is accompanied by the required permission and consent from the third party to process the third party's personal information.

If a data subject is under the age of 18, such person's personal information will only be processed if the minor's parent or legal guardian gives the required consent or permission to the processing.

The Website is not designed or intended for use by children under the age of 18, and our Products and Services may not be purchased by children under the age of

18. We do not intentionally gather personal information from visitors who are under the age of 18. If you are under the age of 18, you are not permitted to submit any personal information to us. If you are under the age of 18, you should use the Website only with consent of a parent or guardian.


CONTACT DETAILS


You can contact the Company and the appointed Information Officer, in relation to this Privacy policy and consent notice, by writing to us at info@serusi.co.za or by phoning our office number.


REVISION OF POLICIES


We reserve the right to and may from time to time update this Privacy / Informed Consent Notice. Any such revision will be published as an amended version on our website. Any change to this Policy will be posted as an updated version and readers are advised to visit and re-read this policy on a regular basis.


EMPLOYEE PROCESSING NOTICE


(Informed Consent Notice: Employees, Applicants, Directors) IN TERMS OF SECTION 18

THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013


PURPOSE OF THIS NOTICE


We, SERUSI (Pty) Ltd as your employer and in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (“POPIA”), which regulates and controls the processing of a person’s Personal Information in South Africa, which processing includes the collection, use, and transfer of a person’s Personal Information.

For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:

"consent” means the consent, which you give to us to process your Personal Information. This consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied; implied meaning that consent may be demonstrated by way of your actions;

"Data Subject" means you, the person who owns and who will provide us with your Personal Information for processing, which reference is found under POPIA;

"Operator" is any person who processes your Personal Information on our behalf as a sub-contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centers, service providers, auditors, legal practitioners, organs of state, government, provincial and municipal bodies;

"Personal Information" means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:

your name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;

vehicle registration;

dietary preferences;

financial history;

information about your next of kin and or dependants;


information relating to your education or employment history; and

“Special Personal Information” is Personal Information, relating to race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition;

"processing" / “process” or “processed” means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing;

“Purpose” means the reason why your Personal Information needs to be processed by us;

"Responsible Party” means us, the person who is processing your Personal Information;

“you” means you, the potential or actual employee, director, learner or bursary holder, known under POPIA, as the Data Subject, who will be providing us, the Responsible Party with your Personal Information, for processing.


In terms of POPIA, where a person processes another’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.


In order to comply with POPIA, a person processing another’s Personal Information must:


provide the Data Subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; and


get permission or consent, explicitly or implied, from the owner / Data Subject, to process the Personal Information, unless such processing:


is necessary to carry out actions for the conclusion or performance of a contract to which the owner / Data Subject of the Personal Information is a party;

is required in order to comply with an obligation imposed by law; or

is for a legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interests of i) the owner / Data Subject of the Personal Information; ii) the person processing the Personal Information; or iii) that of a third party to whom the Personal Information is supplied; or




is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.


In accordance with the requirements of POPIA, and because your privacy and trust are important to us, we set out below how we, and our affiliates and associated companies (hereinafter referred to as “the Group”, “we”, “us”, or “our”) collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.


APPLICATION


This Processing Notice applies to the following persons:

Applicants: persons who wish to apply for an employment position within our Group, or who wish to apply for a learnership or bursary.

Employees and Directors: persons who are employed by us or who have been appointed as directors or committee members.


PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION


Your Personal Information will be processed by us for the following purposes:

Employment: potential - legitimate purpose: To conduct and communicate with you regarding recruiting and human resource administration, to manage recruitment including legal eligibility for work and vetting.

Due diligence purposes - legitimate purpose: To carry out ongoing due diligence exercises including obtaining and verifying your details and / or credentials, such as receiving and verifying your identity, education, qualifications and employment history, medical and health history and related records, financial, credit and tax status and history, and or any employee performance related history.

Employment: actual - to contract with you: To conclude an employment contract with you, to manage hires, promotion and succession planning; and to conduct and communicate with you regarding your employment and to perform human resources administration, financial administration, comply with labour, Tax and B-BEEE laws, management and organizational administration, training, and skills development, including performance assessments and disciplinary matters.

Employment benefits - legitimate purpose and to manage the contract: To manage your benefits, including administering remuneration, relocation, insurance, payroll, pensions and other employee benefits and tax, including disclosure to other affiliates within the Group and to others such as payroll providers, accountants, occupational health providers, insurers, pensions administrators, hosting service providers and legal advisers;

Operational issues - compliance with law and manage the contract: To communicate, enforce and ensure you comply with policies, including in relation to claims, disciplinary actions or legal requirements and conducting investigations and incident response, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law;


Occupational health - compliance with laws: To manage occupational health and absence and fitness for work and notifying family members in emergencies;

Travel - contractual: To facilitate business travel, travel-related support including conference attendance, bookings, and emergency support services;

B-BBEE - compliance with laws: To monitor equal employment opportunities, in respect of diversity categories including but not limited to age, gender, ethnicity, nationality, religion, disability, sexual orientation, and marital or family status;

IR and Labour relations - compliance with laws: To manage membership to trade unions and collective agreements for administering collective employee arrangements where these are in place

Communications - legitimate purpose: To make contact with you and to communicate with you generally or in respect of our requirements, or instructions, or to respond to you in order to comply with your specified or general instructions.

Risk assessment and anti- bribery and corruption matters - legitimate purpose: For internal and external auditing, assurance and risk management purposes; and to carry out organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and / or to exercise our rights and to protect our and others’ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.

Legal obligation and public duties: To comply with the law and our legal obligations, including to register with Regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc, to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority.

Security purposes - legitimate purpose and to comply with laws: To permit you access to our offices, facilities, operations or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for providing IT access and support and for employee authentication and for data and cybersecurity purposes.

For internal research and development purposes - consent required: For statistical analysis and research purposes in the context of employment, including predictive modelling and people planning.

Effectuate the sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings)

Legitimate interest: to comply with our legal obligations and to change our business structure we may disclose your Personal Information in connection with proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants. We may also provide relevant parts of your Personal Information to any potential acquirer of or investor in any part of the Group’s business for the purpose of that acquisition or investment.



DETAILS OF THE PERSONAL DATA OR INFORMATION WE COLLECT FROM YOU


In order to engage and / or interact with you, for the purposes described above, we will have to process certain types of your Personal Information, as described below:

Your contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your previous employers, memberships or affiliations, including professional bodies and trade unions, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons pertaining to your application for employment or actual employment with the Organization.

Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, nationality and immigration status, demographic data, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.

Specific identifiers, known as Special Personal Information, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race, disability-related information (B-BBEE related), religion (correct and fair treatment related), sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history, (to protect our legitimate interests and to perform risk assessments), as well as children’s details (benefits related) and Biometrics such as finger prints, which are required in order to provide you with access to our facilities, give you access to our IT infrastructure, for security monitoring purposes and in order to comply with health and safety requirements in the workplace.

Demographic Information, such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, personal or household / familial financial status and metrics, and similar data, which are required for various legitimate interests, as well as contractual and / or lawful reasons pertaining to your actual employment with the Organization.

Your Image, still pictures, video, voice, and other similar data, which are required in order to provide you with access to our facilities, give you access to our IT infrastructure, for security monitoring purposes as well for other lawful reasons pertaining to your employment with the Organization.

Public issued Identity Information, such as government-issued identification information, tax identifiers, social security numbers, other government-issued identifiers, and similar data, which are required to comply with laws and public duties




as well for other lawful reasons pertaining to your employment with the Organization.

Tax and Financial Information, banking details, and tax registration number and status, which are required to perform contractual matters and / to comply with tax laws and public duties.

IT Information, including IT security-related information (including IT user names and passwords, authentication methods, and roles), and similar data, which are required for various legitimate interests, contractual and / or lawful reasons pertaining to your actual employment with the Organization.

Health history and records, which is classified as Special Personal Information, such as medical status and history, examinations, blood type, medical aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.

Social Media and Online activities and presence, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.


SOURCES OF INFORMATION - HOW AND WHERE WE COLLECT YOUR PERSONAL INFORMATION FROM YOU


Depending on your requirements, we will collect and obtain Personal Information about you either directly from you, from certain third parties or from other sources which are described below:


Direct collection: You provide Personal Information to us when you:

interact with us;

enquire about, or apply for a position within our Organization, including requesting or signing up for information;

express an interest in working with us or apply for a job or position or bursary, learnership or sponsorship with us;

take up a job or position with us;

conclude a contract with us;

communicate with us by phone, email, chat, in person, or otherwise;

complete a questionnaire, or other information request form.


Automatic collection: We collect Personal Information automatically from you when you:

search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms;

access, use, or download content from us;

open emails or click on links in emails or advertisements from us;

Otherwise interact or communicate with us.


Collection from third parties: We collect Personal Information about you from third parties, such as:

recruitment or employment agencies, previous employees and colleagues;

your previous employer;

regulators, professional or industry organizations and certification / licensure agencies that provide or publish Personal Information related to you;

third parties and affiliates who deal with or interact with us or you;

service providers and business partners who work with us and that we may utilize to deliver services;

SAP, Home Affairs, Credit bureaus and other similar agencies;

Government agencies, regulators and others who release or publish public records;

Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.


HOW WE SHARE YOUR INFORMATION


We share Personal Information for the purposes set out in this Processing Notice with the following categories of recipients:

Our employees, the Group and our affiliates. We may share your Personal Information amongst our employees, affiliates and the companies within our Group for employment, HR, IR, business and operational purposes.

Your Contacts and other employees. We may share your Personal Information with others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provide you with goods or services and who we pay in connection with such access. We may also share your Personal Information with other employees in the Organization.

Business Partners and Third-Party Service Providers, as well as Operators. We may share your Personal Information with our third-party service providers to perform tasks on our behalf and which are related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and to assist us in offering, providing, delivering, analysing, administering, improving, and personalizing such services or products.

Third Party Content Providers. We may share your Personal Information with our third-party content providers to perform tasks on our behalf and to assist us in providing, delivering, analysing, administering, improving, and personalizing content related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and may to this end pass certain requests from you to these providers.

Cyber Third-Party Service Providers. We may share your Personal Information with our third-party cyber service providers to perform tasks on our behalf and which are related to our relationship with you, including those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behaviour, and other products or services. These third-party service providers may also collect Personal Information about or from you



in performing their services and/or functions. We may also pass certain requests from you to these third-party service providers.

Advertisers. We may share your Personal Information with advertisers, advertising exchanges, and marketing agencies that we engage for advertising services, to deliver advertising, and to assist us in advertising our brand and products and services.

Users. We aggregate information from public records, phone books, social networks, marketing surveys, business websites, and other sources made available to us to create listings and profiles that are placed into user listings and directories. Additionally, if you choose to include your Personal Information in any reviews, comments, or other posts that you create, then that Personal Information may be displayed other users as part of your posting.

Regulators and law enforcement agencies. We may disclose your Personal Information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request.

Other Disclosures. We may disclose your Personal Information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the group, our employees, any users, or the public.

In the Event of Merger, Sale, or Change of Control. We may transfer this Processing Notice and your Personal Information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control (such as the result of a bankruptcy proceeding).


HOW WE SECURE YOUR INFORMATION


The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing personal information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of personal information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.

Your Personal Information will be stored electronically which information, for operational reasons, will be accessible to persons employed or contracted by us on a need-to-know basis, save that where appropriate, some of your Personal Information may be retained in hard copy.

Once your Personal Information is no longer required due to the fact that the purpose for which the Personal Information was held has come to an end, such Personal Information will be retained in accordance with our Group records retention schedule, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Privacy Statement, (b) meet the timelines determined or recommended by regulators, professional bodies, or


associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.


ACCESS BY OTHERS AND CROSS BORDER TRANSFER


We may from time to time have to disclose your Personal Information to other parties, including our holding company or subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.

Where Personal Information and related data is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect personal information, we cannot guarantee its absolute security.


YOUR RIGHTS


You as a Data Subject you have certain rights, which are detailed below:

The right of access - You may ask us free of charge to confirm that we hold your personal information, or ask us to provide you with details, at a fee, how we have processed your personal information, which can be done by following the process set out under our PAIA Manual which can be accessed on our website on our Data Privacy Page (or POPI Page).

The right to rectification - you have the right to ask us to update or rectify any inaccurate personal information, which can be done by accessing the update / rectification request Form which is located on our website on our Data Privacy Page.

The right to erasure (the ‘right to be forgotten’) - where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period has expired, you may request that we delete the personal information, which can be done by accessing the request for erasure Form which is located on our website on our Data Privacy Page.

The right to object to and restrict further processing - where we do not need your consent to process your personal information, but you are not in agreement with such processing, you object to us processing such Personal Information which can be done by accessing the objection request Form which is located on our website on our Data Privacy Page.



Date updated

Updated by

Signed

Information Officer Approval

Page - 9 - of 12



Approved 20.09.2021



Supplied by FHBC (Wellington) (Pty) Ltd

© FHBC (Wellington) (Pty) Ltd




The right to withdraw consent - where you have provided us with consent to process your personal information, you have to right to subsequently withdraw your consent, which can be done by accessing the withdrawal of consent request Form which is located on our website on our Data Privacy Page.

The right to data portability - where you want your Personal Information to be transferred to another party, which can be done under certain circumstances, please contact our Information Officer. Contact details of the Information Officer can be located on our website on our Data Privacy Page.


CHANGES TO THIS PRIVACY STATEMENT


As our Group changes over time, this Processing Notice is expected to change as well. We reserve the right to amend the Processing Notice at any time, for any reason, and without notice to you other than the posting of the updated Processing Notice on Website and in this regard encourage you to visit our Website frequently in order to keep abreast with any changes.


CONTACT US


Any comments, questions or suggestions about this privacy notice or our handling of your Personal Information should be emailed to tania.vantonder@peri.co.za . Alternatively, you can contact us at the following postal address or telephone numbers:


Information Officer Details: Information Officer:

Tania van Tonder

Physical Address: 15 Range Road

Blachkeath 7580

Postal Address: PO Box 2668

Belville 7535


Telephone Number: +27 (0)21 880 7777 Email address: tania.vantonder@peri.co.za

Our telephone switchboard is open 8:00 am – 4:45 pm GMT, Monday to Thursday and 08:00 am – 3:30 pm on Fridays. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.



Date updated

Updated by

Signed

Information Officer Approval

Page - 10 - of 12



Approved 20.09.2021



Supplied by FHBC (Wellington) (Pty) Ltd

© FHBC (Wellington) (Pty) Ltd


PROCESSING PERSONAL INFORMATION


If you process another’s Personal Information, you will keep such information confidential and will not, unless authorised to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and related to the duties assigned to you.

You will also observe the POPIA Policy which sets out the rules and regulations regarding the processing and protection of Personal Information (including Special Personal Information) and/or data to which the Employee has access in the course and scope of the Employee's duties, and shall report any infringement relating to the manner in which Personal Information or other data is processed to the Company without delay.


COMPLAINTS


Should you wish to discuss a complaint, please feel free to contact us using the details provided above.

All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at < https://www.justice.gov.za/inforeg/>.


ACCEPTANCE


By providing us with the Personal Information which we require from you as listed under this Processing Notice:

You acknowledge that you understand why your Personal Information needs to be processed;

You accept the terms which will apply to such processing, further processing, including the terms applicable to the transfer of such Personal Information cross border;

Where consent is required for any processing as reflected in this Processing notice, you agree that we may process this particular Personal Information;

You confirm that you have shared this Processing Notice with employees, contractors and subcontractors and have received from them the required consent to provide us with their respective Personal Information for processing as provided for and described under this Processing Notice, and where consent is required for any processing as reflected in this Processing notice, such persons have agreed that we may process this particular personal information.


Furthermore, should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and / or the required permissions in respect of the processing of that Organization or entities’ Personal Information.


Date updated

Updated by

Signed

Information Officer Approval

Page - 11 - of 12



Approved 20.09.2021



Supplied by FHBC (Wellington) (Pty) Ltd

© FHBC (Wellington) (Pty) Ltd



CONSEQUENCES OF YOU WITHHOLDING CONSENT OR PERSONAL INFORMATION


Should you / the Data Subject refuse to provide the Company with your Personal Information, which information is required by the Company for the purposes indicated above, together with the required and requisite consent to process the aforementioned Personal Information, then the Company will be unable to engage with you / the Data Subject and / or enter into any subsequent relationship with you / the Data Subject.



PROCUREMENT PROCESSING NOTICE IN TERMS OF SECTION 18

THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013



PURPOSE OF THIS STATEMENT


We, SERUSI (Pty) Ltd referred to as we, us, the Company, the Organization and / or SERUSI as a commercial entity and in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (“POPIA”), which regulates and controls the processing of a person’s Personal Information in South Africa, which processing includes the collection, use, and transfer of a person’s Personal Information.


For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:


"consent” means the consent, which you give to us to process your Personal Information. This consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied; implied meaning that consent may be demonstrated by way of your actions;


"Data Subject" means you, the person who owns and who will provide us with your Personal Information for processing, which reference is found under POPIA;


"Operator" is any person who processes your Personal Information on our behalf as a sub-contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centres, service providers, auditors, legal practitioners, organs of state, government, provincial and municipal bodies;


"Personal Information", means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:


your name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;

vehicle registration;

dietary preferences;






financial history;

information about your next of kin and or dependants;

information relating to your education or employment history; and


Special Personal Information including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition;


"processing" / “process” or processed” means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing;


“Purpose” means the reason why your Personal Information needs to be processed by us;


"Responsible Party” means us, the person who is processing your Personal Information;


“you” means you, the Data Subject under POPIA, who will be providing us, the Responsible Party with your Personal Information, for processing.


In terms of POPIA, where a person processes another’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.


In order to comply with POPIA, a person processing another’s Personal Information

must:


provide the Data Subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; and


get permission or consent, explicitly or implied, from the owner / Data Subject, to process the Personal Information, unless such processing:


is necessary to carry out actions for the conclusion or performance of a contract to which the owner / Data Subject of the Personal Information is a party;


is required in order to comply with an obligation imposed by law; or



is for a legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interests of i) the owner

/ Data Subject of the Personal Information; ii) the person processing the Personal Information; or iii) that of a third party to whom the Personal Information is supplied; or


is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.


In accordance with the requirements of POPIA, and because your privacy and trust are important to us, we set out below how we, collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.


APPLICATION

This Privacy Statement applies to the following persons:


Interactors: persons who interact with us, physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, or who come onto our sites and / or who enter our offices or facilities.


Users of our Sites: persons who use our websites, applications, mobile applications, or social media portals or platforms whether in order to find out more about us, to make enquiries about us, or our products or services or where persons want to do business with us be it providing or selling to us or receiving or buying from us, certain goods and services, etc.


Applicants: persons who wish to apply for a vacant position, employment opportunity or a sponsorship from us.


Customers and Clients: persons who are desirous of, or who do use and / or purchase our products or services, who receive marketing communications and / or who communicate with us physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.


Contractors, Vendors and Service Providers: persons who are desirous of, or who do provide us with goods, and services, or who we provide goods and services to, including consultancy and infrastructure related services and who we interact and communicate with, either physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.








Regulators and Public Bodies: persons who we engage with in order to discharge legal and public duty obligations, including but not limited to SARS, National Treasury, Department of Labour, and any other such Regulator and/or Public Body.


Business partners: whether in their capacity as operators or not, who provide services, goods and other benefits to us, our employees or to our customers, clients and service providers, such as medical aids, pension or provident funds, administrators, financial service providers, advertising, marketing or PR agencies, wellness or health and medical providers.


PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION


Your personal information will be processed by us for the following purposes:


Due diligence purposes - legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, including your business details, medical status, health history and related records, education and employment history and qualifications, credit and financial status and history, tax status, B-BBEE status, and or any performance or vendor related history (as may be applicable).


Contract purposes -assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you.


To process transactions and render or provide or receive goods and services - conclusion of a contract: To perform under any contract which has been concluded with you, including carrying out all contractual obligations, exercising all contractual rights, assessing or communicating requirements, manufacturing, packaging, ordering, delivering, and / or responding to, or submitting queries, complaints, returns or engaging in general feedback, or acting in such a manner as to personalize any goods or services, and to make recommendations related to us or our or your operations.


Attending to financial matters pertaining to any transaction- conclusion of a contract: To administer accounts or profiles related to you or your organization including registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general.


Communications- legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.


Risk assessment and anti- bribery and corruption matters-legitimate purpose: To carry out vendor, organizational and enterprise wide risk assessments, in order to


detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and operations or facilities and / or to exercise our rights and to protect our and others’ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.


Legal obligation and public duties: To comply with the law and our legal obligations, including to register with Regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority.


Security purposes: legitimate purpose and to comply with laws: to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.


Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and or other notifications, programs, events, or updates that you may have registered asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.


Internal research and development purposes - consent required: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.


Sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings) – our Legitimate interest- To proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings).


WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?


In order to engage and / or interact with you, for the purposes described above, we will have to process certain types of your personal information, as described below:


Your or your employer or organization’s contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone



number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons.


Specific identifiers, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race (B-BBEE related), religion (correct and fair treatment related), sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters ( to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history ( to protect our legitimate interests and to perform risk assessments), as well as children’s details (benefits related).


Account Information, including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and / or in order to provide you access to services.


User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.


Device & Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug- in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.


Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates,


purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.


Location Data, such as the location of your device, your household, and similar location data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.


Demographic Information, such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, personal or household/familial financial status and metrics, military status, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.


Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.


Identity Information, such as government-issued identification information, tax identifiers, social security numbers, other government-issued identifiers, and similar data, which are required to comply with laws and public duties.


Financial Information, such as billing address, credit card information, billing contact details, and similar dat., tax numbers and VAT numbers, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place and / or which are required to comply with laws and pubic duties.


Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, status as a veteran, nationality and immigration status, demographic data, disability-related information, application information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.


Health records such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties (as may be applicable).


Social Media and Online Content, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries (as may be applicable).



SOURCES OF INFORMATION - HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?


Depending on your requirements, we will collect and obtain personal information about you either directly from you, from certain third parties (such as your employer or regulators), or from other sources which are described below:


Direct collection: You provide personal information to us when you:


Use our websites, applications, mobile applications, or social media portals or platforms.

Interact with us.

Enquire about, or search for our goods or services.

Create or maintain a profile or account with us.

Conclude a contract with us.

Purchase or subscribe to our goods or services.

Use our goods or services.

Purchase, use, or otherwise interact with content, products, or services from third party providers who have a relationship with us.

Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms.

Register for or attend one of our events or locations.

Request or sign up for information, including marketing material.

Communicate with us by phone, email, chat, in person, or otherwise.

Complete a questionnaire, survey, support ticket, or other information request form.

When you submit a quotation, or offer to do business with us, a tender or when you conclude a contract with us.

When you express an interest in an employment position or sponsorship.


Automatic collection: We collect personal information automatically from you when you:


Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms.

Use our goods or services (including through a device).

Access, use, or download content from us.

Open emails or click on links in emails or advertisements from us.

Otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).


Collection from third parties: We collect personal information about you from third parties, such as:


Your organization and others with whom you have a relationship with that provide or publish personal information related to you, such as from our customers or from others when they create, post, or submit user content that may include your personal information.

Regulators, professional or industry organizations and certification / licensure agencies that provide or publish personal information related to you.

Third parties and affiliates who deal with or interact with us or you.

Service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services or to enhance your experience.

Marketing, sales generation, and recruiting business partners.

SAP, Home Affairs, CIPC, SARS, Credit bureaus and other similar agencies.

Government agencies, regulators and others who release or publish public records.

Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.


HOW WE SHARE INFORMATION


We share personal information for the purposes set out in this Privacy Statement and with the following categories of recipients:


the Company, our Holding Company, our employees and our affiliates. We may share your personal information amongst our employees, Holding Company, and affiliates for business and operational purposes.


Your Organization and Contacts. We may share your personal information with your organization and others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provides you with access to our goods or services and who pay us in connection with such access. We may also share your personal information with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s).


Business Partners. We may share your personal information with our business partners to jointly offer, provide, deliver, analyse, administer, improve, and personalize products or services or to host events. We may also pass certain requests from you or your organization to these business providers.


Third Party Content Providers. We may share your personal information with our third-party content providers to perform tasks on our behalf and to assist us in providing, delivering, analysing, administering, improving, and personalizing content related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and may to this end pass certain requests from you or your organization to these providers.



Third Party Service Providers. We may share your personal information with our third-party service providers to perform tasks on our behalf and which are related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and to assist us in offering, providing, delivering, analysing, administering, improving, and personalizing such services or products.


Cyber Third-Party Service Providers. We may share your personal information with our third-party cyber service providers to perform tasks on our behalf and which are related to our relationship with you, including those who provide technical and/or customer support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behaviour, and other products or services. These third-party service providers may also collect personal information about or from you in performing their services and/or functions on our Services. We may also pass certain requests from you or your organization to these third-party service providers.


Advertisers. We may share your personal information with advertisers, advertising exchanges, and marketing agencies that we engage for advertising services, to deliver advertising, and to assist us in advertising our brand and products and services. Those advertising services may also target advertisements on third party websites based on cookies or other information indicating previous interaction with us and/or ourselves.


Users. We aggregate information from public records, phone books, social networks, marketing surveys, business websites, and other sources made available to us to create listings and profiles that are placed into user listings and directories. Additionally, if you choose to include your personal information in any reviews, comments, or other posts that you create, then that personal information may be displayed other users as part of your posting.


In the Event of Merger, Sale, or Change of Control. We may transfer this Privacy Statement and your personal information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control (such as the result of a bankruptcy proceeding).


Regulators and law enforcement agencies. We may disclose your personal information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request.


Other Disclosures. We may disclose your personal information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the Company, our employees, any users, or the public.


SECURITY OF INFORMATION


The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing personal information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of personal information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.


Your Personal Information will be stored electronically which information, for operational reasons, will be accessible to persons employed or contracted by us on a need-to-know basis, save that where appropriate, some of your Personal Information may be retained in hard copy.


Once your Personal Information is no longer required due to the fact that the purpose for which the Personal Information was held has come to an end, such Personal Information will be retained in accordance with our Company records retention schedule, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Privacy Statement, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.


ACCESS BY OTHERS AND CROSS BORDER TRANSFER


We may from time to time have to disclose your Personal Information to other parties, including our holding company, trading partners, agents, auditors, organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be subject to an agreement or binding corporate rule which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.


Where Personal Information and related data is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA.


However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially



acceptable measures designed to protect personal information, we cannot guarantee its absolute security.


YOUR RIGHTS


You as a Data Subject you have certain rights, which are detailed below:


The right of access - You may ask us free of charge to confirm that we hold your personal information, or ask us to provide you with details, at a fee, how we have processed your personal information, which can be done by following the process set out under our PAIA Manual which can be accessed on our website on our Data Privacy Page (POPI Page).


The right to rectification - you have the right to ask us to update or rectify any inaccurate personal information, which can be done by accessing the update / rectification request Form which is located on our website on our Data Privacy Page.


The right to erasure (the ‘right to be forgotten’) - where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period has expired, you may request that we delete the personal information, which can be done by accessing the request for erasure Form which is located on our website on our Data Privacy Page.


The right to object to and restrict further processing - where we do not need your consent to process your personal information, but you are not in agreement with such processing, you object to us processing such Personal Information which can be done by accessing the objection request Form which is located on our website on our Data Privacy Page.


The right to withdraw consent - where you have provided us with consent to process your personal information, you have to right to subsequently withdraw your consent, which can be done by accessing the withdrawal of consent request Form which is located on our website on our Data Privacy Page.


The right to data portability - where you want your Personal Information to be transferred to another party, which can be done under certain circumstances, please contact our Information Officer. Contact details of the Information Officer can be located on our website on our Data Privacy Page.


CHANGES TO THIS PRIVACY STATEMENT


As our Company changes over time, this Processing Notice is expected to change as well. We reserve the right to amend the Processing Notice at any time, for any reason, and without notice to you other than the posting of the updated Processing Notice on Website and in this regard encourage you to visit our Website frequently in order to keep abreast with any changes.



CONTACT US


Any comments, questions or suggestions about this privacy notice or our handling of your Personal Information should be emailed to info@peri.co.za. Alternatively, you can contact us at the following postal address or telephone numbers:


Information Officer Details:


Information Officer: Tania Van Tonder


Physical Address: 15 Range Road, Blackheath Industrial, 7580 Postal Address: PO Box 2668, Bellville, 7550

Telephone Number: +27 (0) 21 880 7777 Email address: info@peri.co.za

Our telephone switchboard is open 8:00 am – 4:30 pm GMT, Monday to Thursday and 8:00 am – 3:00 pm on Fridays. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.



PROCESSING PERSONAL INFORMATION


If you process another’s Personal Information, you will keep such information confidential and will not, unless authorised to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and related to the duties assigned to you.


You will also observe the Company’s POPIA Policy which sets out the rules and regulations regarding the processing and protection of Personal Information and/or data to which the Employee has access in the course and scope of the Employee's duties, and shall report any infringement relating to the manner in which Personal Information or other data is processed to the Company without delay.


COMPLAINTS


Should you wish to discuss a complaint, please feel free to contact us using the details provided above.


All complaints will be treated in a confidential manner.


Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at https://www.justice.gov.za/inforeg/.



ACCEPTANCE


By providing us with the Personal Information which we require from you as listed under this Processing Notice:


You acknowledge that you understand why your Personal Information needs to be processed;


You accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross border;


Where consent is required for any processing as reflected in this Processing notice, you agree that we may process this particular Personal Information;


You confirm that you have shared this Processing Notice with employees, contractors and subcontractors and have received from them the required consent to provide us with their respective Personal Information for processing as provided for and described under this Processing Notice, and where consent is required for any processing as reflected in this Processing notice, such persons have agreed that we may process this particular personal information.


Furthermore, should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and / or the required permissions in respect of the processing of that Organization or entities’ Personal Information.


CONSEQUENCES OF YOU WITHHOLDING CONSENT OR PERSONAL INFORMATION


Should you / the Data Subject refuse to provide the Company with your Personal Information, which information is required by the Company for the purposes indicated above, together with the required and requisite consent to process the aforementioned Personal Information, then the Company will be unable to engage with you / the Data Subject and / or enter into any subsequent relationship with you / the Data Subject.


PERMISSION TO PROCESS OTHER THIRD PARTY PROVIDED INFORMATION

Where you provide us with another person’s Personal Information for processing, you

confirm and warrant that that you have obtained the required permission from such person

(s) to provide us with their Personal Information for processing and indemnify and hold us harmless against any liability or loss which may be incurred by us or our employees as a result of any breach of such warranty.



SEC 18- NOTICE FOR JOB APPLICATIONS

TO BE INCLUDED IN ALL JOB ADVERTISEMENTS AND APPLICATION FORMS


Personal Information and POPIA


When you apply for this position you will have to provide the COMPANY with certain information which is personal to you, including your name and identity number, race, contact details, next of kin, criminal history, education and expertise, as well as your workplace history ("Personal Information").


In terms of a law known as the Protection of Personal Information 4 of 2013, (POPIA) everyone has the right to privacy including the right to the lawful collection, retention, dissemination and use of one's Personal Information. In order to give effect to this right, the Company is under a duty to provide you with a number of details pertaining to the use of and subsequent processing of your Personal Information, before such information is used or processed.


In accordance with this requirement, the Company sets out under the attached document known as the "Section 18 informed consent document" the reasons why your Personal Information is required and how the Company will use and handle this information.


Kindly ensure that you download this document by clicking here ……hyperlink…., or access the relevant document on our Website under our POPIA page, or if not able to, ensure that you request a copy thereof from the Company.


Once downloaded, please read the document before you provide the Company with the required Personal Information. By providing us with your Personal Information, you consent to us processing your Personal Information, which we undertake to process strictly in accordance with the section 18 Informed Consent Document.


OFFER OF EMPLOYMENT LETTER - SHORT NOTICE – SECTION 18 – INFORMED CONSENT NOTICE

(INFORMATION TO BE INCLUDED IN AN OFFER OF EMPLOYMENT LETTER)

Please note that in order to enter into an employment relationship with yourself, we will require and will receive from you certain Personal Information, which is personal to you, including your name and identity number, race, contact details, next of kin, criminal history, education and expertise, as well as your workplace history ("Personal Information").


In terms of a law known as the Protection of Personal Information 4 of 2013, (POPIA) everyone has the right to privacy including the right to the lawful collection, retention, dissemination and use of one's Personal Information. In order to give effect to this right, the Company is under a duty to provide you with a number of details pertaining to the use of and subsequent processing of your Personal Information, before such information is used or processed. In accordance with this requirement, the Company sets out under the document, known as the "Section 18 Informed Consent Document for Employees", the reasons why your Personal Information is required and how we will use and handle this information.


Kindly ensure that you download this document by clicking here www.hyperlink. ... or if not able to, access the document on our website under our POPI page, or ensure that you request a copy thereof from us.


Once downloaded, please read the document and take note that the terms set out thereunder will apply to all your Personal Information, which you have or will continue to provide to the Company. By providing us with your Personal Information, you consent to the Company processing your Personal Information, which the Company undertakes to process strictly in accordance with the aforementioned section 18 Informed Consent Document.


WEBPAGE PRIVACY POLICY

We are committed to protecting your Personal Information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your Personal Information, please contact us at info@serusi.co.za.


This Privacy Policy governs the privacy policies and practices of our Website. Please read our Privacy Policy carefully as it will help you make informed decisions about sharing your Personal Information with us.


We last updated our Privacy Policy on 1 December 2024.


Information we collect:


As a Visitor, you can browse our Website to find out more about us, our services and experience. You are not required to provide us with any Personal Information as a visitor. We collect your Personal Information when you choose to use the “Contact Us” feature to express an interest in obtaining information about us or our services or to enquire about any information on our Website. We ask for First Name, Last Name, Email Address and/or Mobile Number. If you Contact Us, you may also voluntarily share information related to you or your business. Generally, you control the type of information you provide to us when using our Website. The Personal Information that we collect depends on the context of your interaction with us and the Website, the choices you make and the products and features you use. The Personal Information we collect can include the following:


Automatically collected information:


When you use our Website, we automatically collect certain computer information by the interaction of your mobile phone or web browser with our Website. Such information is typically considered non-personal information.


Cookies:


Our Website uses “Cookies” to identify the areas of our Website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to personalise the Content that you see on our Website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our Website correctly or at all. We never place Personally Identifiable Information in Cookies.


Third-party tracking tools:


We also use third party tracking tools to improve the performance and features of our Website. These third-party tracking tools are designed to collect only non-personal information about your use of our Website. However, you can understand that such tools are created and managed by parties outside our control. As such, we are not responsible for what information is actually captured by such third parties or how such third parties use and protect that information.


Log information:


We automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website to which you’re headed when you leave our website. This information also includes the IP address of your computer/proxy server that you use to access the Internet, your Internet Website provider name, web browser type, type of mobile device, and computer operating system. We use all of this information to analyse trends among our Users to help improve our Website.


We use the information we receive from you as follows:


To allow us to make contact based on the query you submit under “Contact Us”.

To customising our Website for your experience. We may use the information you provide to us along with any computer information we receive to customise our Website.

For data aggregation purposes. We retain the right to collect and use any non- personal information collected from your use of our Website and aggregate such data for internal analytics that improve our Website and Service as well as for use or resale to others. At no time is your Personally Identifiable Information included in such data aggregations.


Transfer of your personal information:


Your information, including Personal Information, may be transferred to, and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other Personal Information.


Disclosure of your personal information:


If we are involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.


Under certain circumstances, we may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).


Retention of your personal information:

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with the applicable laws), resolve disputes, and enforce our legal agreements and policies.


Information regarding your data protection rights:


Under the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR) we are a Responsible Party / Data Controller of your Personal Information.


If you are from the European Economic Area (EEA) or South Africa Area (RSA), our legal basis for collecting and using your Personal Information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it.


We may process your personal information because:


We need to perform a contract with you, such as when you choose to engage with us for our services;

You have given us permission to do so;

The processing is in our legitimate interests and it’s not overridden by your rights;

For payment processing purposes;

To comply with the law;

If you are a resident of the European Economic Area (EEA) or South Africa Area (RSA), you have certain data protection rights. In certain circumstances, you have the following data protection rights;

The right to access, update or to delete the Personal Information we have on you;

The right of rectification;

The right to object;

The right of restriction;

The right to data portability; and

The right to withdraw consent.


Please note that we may ask you to verify your identity before responding to such requests.


You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local Data Protection Authority in the European Economic Area (EEA) or South Africa Area (RSA).


Service providers:


We may work with third-party companies and individuals to facilitate our Website (“Service Providers”), to provide our Website on our behalf, to perform Website-related services or to assist us in analysing how our Website is used. These third-parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


Analytics:


Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.


You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.


For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/


Links to third-party websites:


Our Website may contain links to other websites that are not under our direct control. These websites may have their own policies regarding privacy. We have no control of or responsibility for linked websites and provide these links solely for the convenience and information of our visitors. You access such linked Websites at your own risk. These websites are not subject to this Privacy Policy. You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilise your personal information. In addition, these websites may contain a link to Websites of our affiliates. The websites of our affiliates are not subject to this Privacy Policy, and you should check their individual privacy policies to see how the operators of such websites will utilise your Personal Information.


Our email policy:


We, fully comply with national laws regarding SPAM. You can always opt out of receipt of further email correspondence from us. We agree that we will not sell, rent, or trade your email address to any unaffiliated third-party without your permission.


Special Note About Children:


The Website is not designed or intended for use by children under the age of 18, and our Products and Services may not be purchased by children under the age of 18. We do not intentionally gather personal information from visitors who are under the age of 18. If you are under the age of 18, you are not permitted to submit any personal information to us. If you are under the age of 18, you should use the Website only with consent of a parent or guardian.



Updates to our privacy policy:


We reserve the right to modify this Privacy Policy at any time. If we make material changes to this policy, we may notify you on our Website, by a blog post, by email, or by any method we determine. The method we chose is at our sole discretion. We will also change the “Last Updated” date at the beginning of this Privacy Policy. Any changes we make to our Privacy Policy are effective as of this Last Updated date and replace any prior Privacy Policies.


If you have any questions about our Privacy Practices or this Policy, please contact us at info@serusi.co.za


Share by: