- The Client controls how and why we process data, as such Clients voluntarily accept or reject the way in which we process personal data.
- We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
- We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
The right to an individual’s privacy is a fundamental right and is encapsulated in various legislature including the Protection of Personal Information Act, 4 of 2013 (“POPIA”) in South Africa.
Where any Client or data subjects within such Client-organisations are natural persons, and should we collect their personal data, we intend to process it, albeit as a controller or processer of personal data, in accordance with the principles of POPIA and the General Data Protection Regulations (“GDPR”). These regulations will apply to us if we process your personal information in South Africa or abroad, if at all.
This policy intends to explain how we process your personal information and is applicable to personal information of all data subjects, being both natural and, where applicable, juristic persons. By using ZASPACE services, you agree that you have read and agreed to be bound by these terms and conditions voluntarily by accepting these terms and conditions. It is however recorded that the GDPR applies to natural persons’ data only, and its applicability herein does not apply to the data of juristic persons. This does not however mean that less caution will be taken when dealing with data of juristic persons, as we strive to treat any information that is not ours with the utmost confidentiality and protection.
Our data protection measures are based on international best practices when processing or controlling your personal data. We adhere to the principles encasing accountability, processing limitations, purpose specification, information quality, security and data subject participation, fairness and lawfulness, transparency and minimalism.
Collecting of Information, Cookies, and Links
We collect information from you in the following ways:
- Through your communications with us;
- Through you sharing information that you provide on ZASPACE’s web platform sites or through one of our applications;
- Through third parties related to our business operations.
As a result of you dealing with us, as client or customer, we may collect and store some personal information from such as:
- your name;
- address, previous addresses and how long you have lived at those addresses;
- date of birth;
- your employer, previous employers and how long you have been in such employment;
- your email address;
- your telephone numbers; and
- the details of any references you supply, including the names and addresses of your referees
We don’t share any personally identifying information publicly or with third parties, except when required to by law.
How and why we process your personal information
We will only process information that you provide us with for the specific purposes for which it was disclosed to us and in as far as it is required, and in a reasonable manner that does not infringe your fundamental right to privacy.
The principle of minimalism will apply to the processing of your personal information in that such processing will not be excessive, irrelevant or inadequate.
If we have reasonable grounds to believe that your rights may be limited, we may need to disclose or use your personal information or use of our website or services to protect our business and/or the property, safety or other rights of our employees, partners, clients, suppliers or other users or to prevent fraudulent or unlawful use of this website.
Should you object to the processing of your personal information, we will immediately cease the processing associated with it.
In the event that we need to transfer your information across our borders, same will only be done as far as is necessary to meet our obligations to you and where you provide your consent. These cross-border flows of data shall only be received by parties who employ similar corporate rules and agreements and which flow from and are subject to similar legislation as that of national legislation.
It may happen that we merge, sell, purchase or restructure our business and may need to disclose personal information to the other party/ies to the transaction. Should this take place in the future, we will always seek that the information be treated as strictly confidential and that the relevant party is bound by this confidentiality and that such party employs similar standards of protection.
Depending on the type of discloser of the personal information, we may collect the following types of information when, for example, you fill out a request for us to contact you regarding our service offerings, or if we are already rendering services to you or your organisation:
- Full name of individual and/or organisation;
- Identity number or organisation registration number;
- Cell phone number and/or email address;
- Data of objects and machine information extracted using our technology.
Depending on the reason that the information was disclosed and the nature of the discloser of the information, we may use it for the following reasons:
- Performing our duties or responding to your requests;
- Monitoring and analysing our business, including performing statistical analysis and marketing research;
- Performing administrative tasks, audits and complying with legislation;
- Contacting you or requesting information from you;
- Any other reason that you give us permission for;
- If it is in the public interest or required by a competent authority;
- To assist your business in implementing a digital strategy;
- To translate vast data that is relevant into readable format and to transfer this to a usable platform;
- To send data to and from the cloud and/or the edge of a data system to the devices that our technology applies to.
The information assists us in developing our business and entering into business transactions which involve the provision of hardware and software related components and services in the geospatial sphere. We may share this information with third parties if it is necessary for us to deliver on our product offerings. We are required to maintain records of our processing activities and processing operations, which may be made available to you on sufficient notice.
Any information provided to us will only be kept for the duration for which it is required and to give effect to the purpose for which it was disclosed. If we are required by law or otherwise to keep your personal information for longer than required, we will ensure that it is de-identified. We will also not sell or share your information without your prior written consent. We will destroy or delete a record of your personal data should the personal data no longer be required, and such deletion or destruction shall be done in a manner that, as far as is practicably possible, prevents its reconstruction. Should we wish to retain your personal data, we will obtain your consent and ensure that appropriate safeguards are in place to protect same, and that it will only be used for historical, statistical or research purposes.
Any special personal information will not be processed unless your express prior consent has been obtained. Should the purpose for which we have processed your personal information have been realised, then we are bound to erase your personal information unless one of the grounds in Section 71 of POPIA is applicable.
We do not intend to directly or indirectly market to children, and this website, our applications and general business offering has not been designed for use by or intended for children. Minors therefore require the consent of competent person, and persons under the age of 18 years in South Africa require the consent of their parent or trustee.
Security and Breach
We respect your personal information and the confidential nature thereof, and we are committed to complying with the relevant laws that govern our interactions with users, clients, partners and the like.
Your personal data deserves protection from unauthorised access, accidental loss, modification, destruction and unlawful disclosure, regardless of whether your data is processed in paper form or electronically. For this reason, we implement appropriate, high quality and sophisticated security server technology which at a minimum complies with industry good practice, so that the integrity of your personal information may be protected.
Our employees and operators and anyone who processes your personal information are bound by terms of confidentiality and have been obligated to respect and uphold your privacy. Some of these measures include using firewalls, passwords and restricted access, physical recognition methods and the information is used internally by persons on a strict need-to-know basis. We do however urge you to assist us in our endeavour to keep your personal information safe and kindly request that you take reasonable measures to protect your personal information, as the nature of the internet and the technology industry lends itself to attempted unauthorized breaches of security protocols.
We will report any security breaches to the data regulator and / or inspectorate and to the affected data subject. This notification will be made as soon as is practicably possible after the scope and nature of the breach have been determined, considering any measures to restore the security of the information. We undertake to provide you with adequate information regarding any such breach and will comply with directions given by the inspectorate or registrar.
We will notify the Information Regulator within 72 hours of a breach and, if there is a high risk to the rights and freedoms of other persons, we will notify you. If any form of breach by an ZASPACE group company is committed, ZASPACE undertakes to assist you in establishing the facts of the matter and in asserting your rights against the group company concerned. The technical and organisational security measures for protecting personal data are updated continuously and according to industry best practice.
Notwithstanding any other rights you may have in law, you have the following rights that we intend to uphold and protect at all times in relation to the protection of your data:
- You may request how your information was collected, how it is stored and for what purpose;
- You are entitled to know who your data is being transferred to and for what purpose;
- You may at any time request that your data is updated and supplemented so that it is correct and complete at all times;
- Should a legal basis for the processing or controlling for your data cease to exist, you may request that your data is deleted permanently, subject to legal retention periods that may be applicable; and
What are cookies?
Cookies are small text files that contain information about browsing activity. Your computer or device will download these files when you visit a website and store them in your web browser.
When you revisit that same website or mobile app, the site will respond in a more personalized way – remembering your preferences, providing fast page load times etc.
When you consent to cookies on our service, these may be used to do the following:
Improve the way our Website works
Cookies allow us to store information in order to improve the way our Website works so that we can personalise your experience and allow you to use many of our useful features. For example Additionally, cookies allow us to serve you specific content, such as videos on our website. We may employ the learnings of your behaviour on our website to serve you with targeted advertisements on third-party websites in an effort to “re-market” our products and services to you.
Improve the performance of our Websites
Cookies can assist us to understand how websites are being used. For example, Cookies can tell us if you receive an error message as you’re browsing.
These cookies collect data that is mostly aggregated and anonymous.
What type of cookies do we use?
The cookies that we use are as follows:
Strictly necessary cookies
These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies, several website services that we offer cannot be accessed.
These are cookies that allow our website to remember choices you make (such as your user name, language or the region you are in) and to provide improved, more personal features. These cookies can remember changes you have made to text size, fonts and other parts of web pages you can customise. They may also be used to provide services you have asked for previously.
These cookies collect data on how you use and interact with our website. For example which pages you visit most often. These cookies are used to improve how our website works.
How to disable cookies
By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.
Section 51 of the Act requires Private Bodies to compile a Manual setting out the procedure and requirements to be adhered to in seeking to obtain access to information held by that Private Body. The section also stipulates the minimum requirements a Manual has to comply with. To this end section 51 of PAIA requires the Manual to contain, amongst others, the following:
- The postal and street address, phone and fax number and, if available, electronic mail address of the head of the body;
- Contact details of the Head of the Private Body;
- Categories of information available without formal request, if any;
- A description of the records available in accordance with other legislation;
- Sufficient detail to facilitate a request for access to a record of the Private Body;
- A description of the categories of subjects and of the information or categories of information;
- A description of the subjects on which the body holds records and the categories of records held on each subject,
- Such other information as may be prescribed
- Purpose of processing
- the Protection of Personal Information Act (PoPIA), Personal Information must be processed for a specified purpose. The purpose for which Personal Information is processed by Vodacom will depend on the nature of the Personal Information and the particular Data Subject. This purpose is ordinarily disclosed, explicitly or implicitly, at the time when Personal Information is collected.
- Access to Personal Information
- POPIA provides that a Data Subject may, upon proof of identity, request the Responsible Party to confirm, free of charge, all the information it holds about the Data Subject and may request access to such information, including information about the identity of third parties who have or have had access to such information. Further, POPIA provides that where the Data Subject is required to pay a fee for services provided to him/her, the Responsible Party must provide the Data Subject with a written estimate of the payable amount before providing the service and may require that the Data Subject pay a deposit for all or part of the fee.
- Categories of Data Subjects
- > ZASPACE holds information and records on the following categories of Data Subjects: a) employees / personnel of ZASPACE; b) clients of ZASPACE; c) any third parties and/or suppliers with whom ZASPACE conducts its business services; d) contractors of ZASPACE; e) partners and agents f) service providers of ZASPACE.
(This list of categories of Data Subjects is non-exhaustive)
- The categories of recipients to whom the information is supplied
- Depending on the nature of the Personal Information, ZASPACE may supply information or records to the following categories of recipients: a) statutory oversight bodies, regulators, law enforcement agencies or judicial commissions of enquiry making a request for information; b) any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for personal information or discovery in terms of the applicable rules (e.g the Information Regulator ); c) South African Revenue Services, or another similar authority; d) Emergency Service Organisations (if you make an emergency call), including your approximate location; e) anyone making a successful application for access in terms of PAIA; f) subject to the provisions of POPIA and the National Credit Act No. 34 of 2005, ZASPACE may share information about a client’s creditworthiness with any credit bureau or credit provider.
- Planned transborder flows of information
- If you are visiting our websites from a country other than South Africa the various communications will necessarily result in the transfer of information across international boundaries.
ZASPACE may also need to transfer your information to other ZASPACE or ZASPACE group of companies or service providers in countries outside South Africa, in which case we will fully comply with applicable data protection legislation. This may happen if our servers or suppliers and service providers are based outside South Africa, or if our services are hosted in systems or servers in ZASPACE Operating Companies outside South Africa including Europe or India and/or if you use our services and products while visiting countries outside this areas. Other countries outside South Africa may not have data protection laws which are similar to those of South Africa, however, ZASPACE will ensure that your Personal Information is protected and enter into appropriate agreements to achieve this.
- Security measures implemented to ensure the confidentiality and privacy of the information which is to be processed
- ZASPACE is committed to implementing leading data security safeguards. For this reason, ZASPACE has specialised security teams who constantly review and improve its measures to protect your Personal Information from unauthorised access, accidental loss, disclosure or destruction.
If ZASPACE has an agreement with another organisation to provide it with services or a service on its behalf to process your Personal Information, then ZASPACE will make sure they have appropriate security measures and only process your Personal Information in the way we have authorised them to. These organisations will not be entitled to use your Personal Information for their own purposes. If necessary, our security teams will conduct a due diligence them to make sure they meet the security requirements we have set.
Communications over the internet (such as emails) are not secure unless they have been encrypted. Further, your communications may go through a number of countries before being delivered, as this is the nature of the internet. Consequently, we cannot accept responsibility for any unauthorised access or loss of Personal Information that is beyond our control.
- 2. Definitions
The following words shall bear the same meaning as under PoPIA:
“Act/PAIA” means the Promotion of Access to Information Act No. 2 of 2000
“Consent” means a voluntary, specific and informed expression of will in terms of which a Data Subject agrees to the processing of Personal Information relating to him or her
“Data Subject” means the person to whom Personal Information relates
“Information Officer” means the head of ZASPACE as contemplated in section 1 of PoPIA
“Minister” means the Minister of Justice and Correctional Services
“Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person including:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
- the blood type or any other biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
“PoPIA” means Protection of Personal Information Act, Act No 4 of 2013
“Private body” means a natural person who carries or has carried on any trade, business or profession in that capacity, a partnership or juristic person
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
“Public body” means any department of state or administration in the national, provincial or local sphere of government or functionary exercising pubic power or exercising public function in terms of any legislation;
“Responsible party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
“Requester” in relation to –
(a) a public body, means any person making a request for access to a record of that public body (or authorised representative);
(b) a private body, means any person, including, but not limited to, a public body or an official thereof, making a request for access to a record of that private body (or authorised representative).
Particulars Required in terms of the Section 51(1)(a) of PAIA
To confirm whose particulars to be included, in particular, telephone, email and fax
Privacy & Information Officer
Woodlands Office Park, 20 Woodlands Drive
Woodlands Office Park, 20 Woodlands Drive
Categories of data subjects
ZASPACE holds information and records on the following categories of data subjects:
- employees / personnel of ZASPACE;
- any third party with whom ZASPACE conducts its business services;
- contractors of ZASPACE;
- suppliers of ZASPACE; and
- service providers of ZASPACE.
(This list of categories of data subjects is non-exhaustive.)
The categories of recipients to whom the information is supplied
Depending on the nature of the Personal Information, ZASPACE may supply information or records to the following categories of recipients:
- statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data;
- any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules (i.e. the Competition Commission in terms of the Competition Act No. 89 of 1998);
- South African Revenue Services, or another similar authority;
- anyone making a successful application for access in terms of PAIA; and
- subject to the provisions of POPIA and the National Credit Act No. 34 of 2005, ZASPACE may share information about a client’s creditworthiness with any credit bureau or credit providers industry association or other association for an industry in which ZASPACE operates.
Planned transborder flows of information –
If you are visiting our websites from a country other than the country in which our servers are located, the various communications will necessarily result in the transfer of information across international boundaries.
We may need to transfer your information to other ZASPACE or ZASPACE group companies or service providers in countries outside South Africa, in which case we will fully comply with applicable data protection legislation. This may happen if our servers or suppliers and service providers are based outside South Africa, or if our services are hosted in systems or servers in ZASPACE Operating Companies outside South Africa including Europe or India and/or if you use our services and products while visiting countries outside this area. These countries may not have data-protection laws which are similar to those of South Africa.
Security measures implemented to ensure the confidentiality and privacy of the information which is to be processed –
We are committed to implementing leading data security safeguards.
We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal information, we will make sure they have appropriate security measures and only process your information in the way we have authorised them to. These organisations won’t be entitled to use your personal information for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we have set.
Communications over the internet (such as emails) are not secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.