This Privacy Policy describes how your Personal Information is collected, used, and shared:
- For Visitors to our website and offices - when you visit or make a purchase from www.sanhima.co.za (“the Website”)
- For EMPLOYEE(S)/CONTRACTOR(S)/SUPPLIERS – when you interact with us or enter into business or commercial agreements with us, including visiting our Website and or Premises
1. INTRODUCTION
1.1. The company San Hima South Africa, which is incorporated in South Africa, is dedicated to safeguarding the privacy and Constitutional rights of visitors, customers, employees, contractors and suppliers.
1.2. In compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA"), San Hima South Africa ensures that Personal Information collected and provided by users of its website and other parties engaging in commercial interaction with it is protected lawfully and transparently.
1.3. San Hima South Africa will only use and disclose Personal Information in accordance with this policy.
1.4. This Privacy & Policy is an integral part of the Terms and Conditions of the San Hima South Africa website.
2. DEFINITIONS
Definitions not declared elsewhere:
2.1. CHILD - means a natural person under the age of 18 years who is not legally competent, without the assistance of a legally competent person, to take any action or decision in respect of any matter concerning him- or herself;
2.2. DE-IDENTIFY - in relation to the Personal Information of a Data Subject, means to delete any information that-
2.2.1. Personally identifies the Data Subject;
2.2.2. can be used or manipulated by a reasonably foreseeable method to personally identify the Data Subject; or
2.2.3. can be linked by a reasonably foreseeable method to other information that personally identifies the Data Subject,
2.3. EMPLOYEE(S)/CONTRACTOR(S)/SUPPLIERS – means persons employed or contracted by or Suppliers to San Hima South Africa for any duration of time
2.4. KYC – means Know Your Customer information, to be obtained for legal compliance purposes
2.5. POPI - means the Protection of Personal Information Act 4 of 2013
2.6. PAIA - means the Promotion of Access to Information Act No. 2 of 2000
2.7. VISITOR – means any person who visits our website or physical offices, with or without the intention to purchase or enter into business or commercial arrangements with San Hima South Africa
3. PERSONAL INFORMATION WE COLLECT
3.1. "Personal Information" refers to information about a specific, identifiable, living, natural person, and, where applicable, a specific, existing juristic person. The "Data Subject" is the person or entity to whom the Personal Information relates, which can be you, a visitor to this website, or a customer who interacts with our company or a person who visits our office or an Employee, a Contractor or Supplier.
3.2. San Hima South Africa collects and processes Personal Information in order to provide Data Subjects with access to our services and products, to assist us in improving our offerings, and for the other purposes described below.
3.3. 2.3. By giving us your Personal Information directly, through our website, purchasing our products and services, and/or communicating with us electronically, or visiting our store or offices, you:
3.3.1. agree to this policy and consent to the processing and transfer of your Personal Information in accordance with this policy and the laws and regulations applicable at the time in the Republic of South Africa; and
3.3.2. authorise San Hima South Africa, our affiliates, and other third parties to process your Personal Information in accordance with this policy.
3.4. This Policy must be read together with any other legal notices or terms and conditions provided or made available to you on our Website and/or Premises or when you complete or use any documents provided by us to you in relation to any of our products and/or services.
3.5. San Hima South Africa collects the following types of information ("Device information") automatically from any Visitor to our website, including but not limited to:
3.5.1. your device/gadget,
3.5.2. your internet browser,
3.5.3. your Internet Protocol (IP) address,
3.5.4. your local time zone,
3.5.5. some of the cookies installed on your device that our system uses to recognise you when you return to our website in order to improve our service to you,
3.5.6. the specific web pages or products that you visit,
3.5.7. the websites or search terms that directed you to the Website, and
3.5.8. general information about how you interact with our Website.
3.6. 2.6 In addition, we collect Device Information through the following technologies:
3.6.1. "Log files" track Website activity and collect information such as your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
3.6.2. "Web beacons," "tags," and "pixels" are electronic files that record information about how you interact with the Website.
3.7. When you make or attempt to make a purchase through the Website, San Hima South Africa collects the following types of Personal Information (referred to as "Order Information"), which includes, but is not necessarily limited to:
3.7.1. full names;
3.7.2. company names (if the purchases is a commercial entity)
3.7.3. identity numbers and company registration numbers;
3.7.4. physical and or postal addresses;
3.7.5. contact information such as telephone numbers and email addresses;
3.7.6. job title/description;
3.7.7. banking information and credit card details; and
3.7.8. financial information (including VAT and tax information) and
3.7.9. product information.
3.8. We may also obtain "Other Personal Information" from you when:
3.8.1. you visit our offices;
3.8.2. you interact with us even if you are not a customer (including records of communications you have with us, your attendance at our events, or interviews in the course of applying for a job with us, gaining employment with us or contracting work from us, or supplying goods or services to us or during the course of meetings with us)
3.8.3. obtained from a third party with permission to share your Personal Information with us (including but not limited to law enforcement agencies, credit agencies, etc); and
3.8.4. when you make your information public (e.g. on social media).
3.9. "Other Personal Information" may therefore include, but not necessarily be limited to:
3.9.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic origin, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth date of the person;
3.9.2. information relating to the education or the medical, financial, criminal or employment history of the person;
3.9.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identity or another particular assignment to the person;
3.9.4. the biometric information of the person;
3.9.5. the personal opinions, views or preferences of the person;
3.9.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
3.9.7. references and views or opinions of another individual about the person; and
3.9.8. the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;
3.9.9. Information about the organisation or company you present (whether contractor or supplier), including but not limited to legal and financial information.
3.10. When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information and any Other Personal Information.
4. DATA PROTECTION PRINCIPLES
4.1. We are dedicated to handling data responsibly and in line with data protection principles. This entails ensuring that Personal Information is:
4.1.1. Processed lawfully, fairly, and transparently;
4.1.2. Gathered for specific, clear, and legitimate purposes and not used further in a way that contradicts those purposes (with the exception of archiving, scientific research, or statistical purposes);
4.1.3. Sufficient, relevant, and limited to what is necessary for the intended purpose;
4.1.4. Accurate and updated when necessary, and any inaccurate personal data is erased or corrected promptly;
4.1.5. Kept in a way that allows for the identification of Data Subjects for only as long as required for the intended purpose; personal data may be stored longer for archiving, scientific research, or statistical purposes, as long as appropriate measures are in place to protect individuals' rights and freedoms;
4.1.6. Processed and stored securely, with measures in place to prevent unauthorized or illegal processing, accidental loss or damage.
5. HOW DO WE USE YOUR PERSONAL INFORMATION?
5.1. We will use and process your Personal Information in the ordinary course of:
5.1.1. For Visitors and Customers - providing you with products and services.
5.1.2. For Employees, Contractors and Suppliers – in the ordinary course of business and as may be required for legal compliance or contractual or financial purposes.
5.2. We will only use your Personal Information for the purpose for which it was collected. If we have to use your Personal Information for a secondary purpose, we will only do so if it is a legitimate interest and is closely related to the original and/or primary purpose for which the Personal Information was collected.
5.3. In general, in respect of Visitors, we use the Personal Information we collect to fulfil any orders placed by Visitors through the Website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Furthermore, in the ordinary course of business, we use this Personal Information (including but not necessarily limited ) to/for:
5.3.1. Interact with you;
5.3.2. Provide you with relevant information or advertising relating to our products or services based on the preferences you have shared with us;
5.3.3. To communicate by responding to inquiries, requests, comments and questions whether received in person, telephonically, via e-mail or any other electronic medium. If we are contacted, we may use personal information to respond;
5.3.4. To provide services and fulfil our contractual obligations to customers;
5.3.5. Host competitions or promotions offered through our website;
5.3.6. Establish and confirm your identity;
5.3.7. Perform credit checks as needed;
5.3.8. Screen our orders in order to detect and prevent fraud, crime, money laundering, and other wrongdoing, identify and analyse issues, risks, and emerging trends related to our services, as well as investigate and help prevent security issues and abuse;
5.3.9. Keep our customer databases up to date;
5.3.10. To maintain customers' account information for billing, managing their accounts, and other administrative or financial record-keeping purposes such as auditing or financial record keeping, which may involve contacting them;
5.3.11. Market, conduct product research, and develop new products/markets including but not limited to analysing our performance, keeping a record of our interactions with customers to improve our service, and assessing the quality of our services and identify areas for improvement, including staff training;
5.3.12. Any legal or statutory compliance that is required, including but not limited to legal proceedings;
5.3.13. Process complaints against us;
5.3.14. Specifically relevant for EMPLOYEE(S)/CONTRACTOR(S)/SUPPLIERS - For internal business purposes, which may include but is not specifically limited to :
5.3.14.1. administrative and operational tasks;
5.3.14.2. monitoring our business,
5.3.14.3. carrying out market analysis and statistical research,
5.3.14.4. business development;
5.3.14.5. financial management, business audits and analyses, fraud prevention; and
5.3.14.6. compliance with legal requirements; to comply with reporting and other legal obligations in terms of contracts or the law in general;
5.3.14.7. any other purpose if the law allows or requires it.
5.4. We use the Device Information that we collect to help us screen for potential risk and fraud (specifically, your IP address), and to improve and optimise our Website in general (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns).
6. PAYMENT INFORMATION:
6.1.1.All online transactions at San Hima South Africa are processed by Payfast. More information is available at https://www.payfast.co.za. All payments are processed on PayFast's PCI-DSS Level 1 compliant secure infrastructure. Payfast employs 256-bit encryption and Extended Validation SSL. Only two of South Africa's four major banks use this, the highest level of encryption currently available. Within the Payfast database, all sensitive information is encrypted.
6.1.2.Payfast employs GEO IP tracking to determine where transactions are coming from and to look for discrepancies between this and the card's issuing country. More information is available at https://www.payfast.co.za/security-fraud/.
7. SHARING YOUR PERSONAL INFORMATION
7.1. San Hima South Africa will not sell, rent, or otherwise disclose your Personal Information to any third party without your consent, provided that by using our website and/or subscribing to any of our services, you expressly and informedly consent to San Hima South Africa disclosing your Personal Information to third parties in the following ways:
7.1.1. to third-party companies hired by San Hima South Africa to provide services to us, such as website hosting and development. These companies require access to your Personal Information in order to carry out their functions and for no other reason –
7.1.1.1. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
7.1.1.2. We also use Google Analytics to help us understand how our customers use the Website--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
7.1.1.3. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
7.1.2. to transfer San Hima South Africa's customer database/s, including Personal Information contained therein, to any third party who acquires all or substantially all of our company's or our website service's assets or shares, whether through a sale, merger, acquisition, or otherwise;
7.1.3. to governmental agencies, exchanges, and other regulatory or self-regulatory organisations if required by law or if we believe such action is required to:
7.1.3.1. comply with the law or any legal process;
7.1.3.2. protect and defend our rights and property, as well as the rights and property of our customers and organisations we partner with or conduct business with;
7.1.3.3. prevent fraud or abuse, misuse, or unauthorised use of our website; and/or
7.1.4. safeguard our customers' or the public's personal safety or property (if you provide false or deceptive information about yourself or misrepresent yourself as being someone else, San Hima South Africa will disclose such information to the appropriate regulatory bodies and commercial entities).
8. BEHAVIOURAL ADVERTISING
8.1. As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
8.2. You can opt out of targeted advertising by:
8.3. [[ INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED.
8.4. COMMON LINKS INCLUDE:
8.5. FACEBOOK - https://www.facebook.com/settings/?tab=ads
8.6. GOOGLE - https://www.google.com/settings/ads/anonymous
8.7. BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
8.8. Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
9. DO NOT TRACK
9.1. Please note that we do not alter our Website’s data collection and use practices when we see a Do Not Track signal from your browser.
10. CROSS-BORDER PERSONAL INFORMATION TRANSFERS
10.1. According to Section 72 of the POPIA, Personal Information may only be transferred outside of the Republic of South Africa if certain conditions are met. In terms of cross-border transfer of Personal Information, San Hima South Africa complies with the requirements outlined in Section 72 of the POPIA.
11. YOUR RIGHTS
11.1. If you are a European resident, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, updated, or deleted – this paragraph should be read jointly with paragraphs 14 and 15 below. If you would like to exercise this right, please contact us through the contact information below.
11.2. Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
12. HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION
12.1. We agree to provide you with access to your Personal Information and to provide mechanisms through which any Personal Information discovered to be inaccurate or incomplete can be corrected or amended as soon as possible, subject to any legal requirement or rule requiring such Personal Information to be retained.
12.2. Prior to viewing, amending, correcting, or removing your Personal Information, we will require you to identify yourself and the portion of information that you wish to amend, correct, or remove.
12.3. In order to view your Personal Information, please contact customercare@sanhima.co.za.
12.4. A request for the amendment, correction or removal of Personal Information may be declined if the process of the request is unlawful, unreasonably repetitive, requires disproportionate technical effort, jeopardises the privacy of others or would be impractical.
12.5. Please be aware that any such access or correction request may be subject to the payment of a legally allowable fee, which we will inform you of at the time of your request.
12.6. It is critical that any information you provide to us directly is accurate and correct. Please notify us as soon as you are able or become aware that any information we have on file for you is no longer correct. Providing false or inaccurate information in order to obtain a product or service may also result in the restriction or cancellation of our services (including, but not limited to, warranties and guarantees).
13. DATA RETENTION
13.1. When you place an order through the Website, we will maintain your Personal Information for our records as a minimum (whichever is the later ):
13.1.1. to the extent and duration that we have a legitimate interest and legal requirement to process your Personal Information depending on, amongst others, KYC requirements, the nature and lifespan of our services or products provided to you notably with regards to product warranties, guarantees or product exchanges, or
13.1.2. until you request that your information is to be deleted,
13.2. When you are an Employee / Contractor / Supplier, we will maintain your Personal Information and Corporate Information for our records as may be legally required per Financial record keeping, Audit & Legal requirements for company document retention obligations as defined in South African legislation.
13.3. Children / MINORS
13.3.1. The Website is not intended for individuals under the age of 18.
14. YOUR RIGHTS AS A DATA SUBJECT
14.1. You have several data privacy rights as a Data Subject. These rights include the ability to request from San Hima South Africa access to, correction of, or deletion of your personal data, as well as the restriction of processing pertaining to your data, or to object to the processing of your Personal Information. For more information on how to exercise these rights, please see the PAIA/POPIA Manual, which is available at www.sanhima.co.za.
14.2. All the rights of a Data Subject are contained in POPIA. The information on these rights can be found on the Information Regulator's website at https://www.justice.gov.za/inforeg/, to whom you have the right to make a complaint, if we do not resolve your concern.
15. TASK CARRIED OUT IN THE PUBLIC INTEREST
15.1. Where we need to perform a task that we believe is in the public interest, then the data subject’s consent will not be requested. The assessment of the public interest will be documented and made available as evidence where required.
16. LEGITIMATE INTERESTS
16.1. If the processing of specific Personal Information is in the legitimate interests of the organisation and is judged not to affect the rights and freedoms of the Data Subject in a significant way, then this may be defined as the lawful reason for the processing. The reasoning behind this view will be documented in such instance.
17. CHANGES
17.1. We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
18. DATA OFFICER
18.1. The CFO is the information officer in terms of POPI.
19. CONTACT US
19.1. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at sales1@sanhima.co.za or by mail using the details provided below:
1 Cycad Heights, Cycad Estate, Polokwane, LP, 0699, South Africa
