Kagiso Tiso Holdings (referred to as "The Company", "we", "us", "our") respect and acknowledge the importance of protecting your personal information.
Kagiso Tiso Holdings is a "responsible person" in terms of the South African Protection of Personal Information Act, 2013 ("POPIA") and a "controller" in terms of the General Data Protection Regulation ("EU GDPR") 2016/679 of the European Union in that it determines the purpose and the manner of processing of personal information .
Kagiso Tiso Holdings does not provide services intended for children and accordingly, we do not knowingly collect personal information relating to children.
2. What personal information we collect
When you interact with us, you may provide us with personal information, or we may collect personal information from you by law or under terms of a contract we have with you. You can choose not to provide personal information when requested. However, without your requested personal information, we may not be able to provide or continue to provide you with the products or services offered by Kagiso Tiso Holdings or allow you full access to our websites. If you refuse, we may have to cancel a product or service you have with us, but we will notify you if this is the case.
We will only collect, use, store and transfer the minimum personal information that we deem necessary to process for ordinary business purposes. Personal information we collect from you may include:
- Personal Identifying Information (PII), i.e. your first names/s and surname, email address, phone number and other contact information.
- Sensitive Personal Identifying Information (Sensitive PII), i.e. identity numbers, bank account numbers, passport information, biometric data, healthcare related information, medical insurance information, genetic data, student information, debit card numbers, driver's license information, religion, political beliefs, race, sexual orientation.
- Company name.
- Log-in and account information for authentication purposes and account access.
- Demographic data such as your gender, age, country, and preferred language.
- Data about how you and your PC or device interact with Kagiso Tiso Holdings Proprietary Limited, including web pages you visit when you use our websites and device, connectivity and configuration data.
If we link other data with your personal information as provided to us, we will treat that linked data as personal information.
3. How we collect personal information
We may collect your personal information in a variety of ways when you interact with us, including when:
- You access and use our websites.
- You apply for employment with us.
4. Purposes for which we collect and use personal information
We will only use your personal information when we are permitted to do so by law. Most commonly we collect and use personal information to:
- Update our records and keep contact details up to date.
- Fulfil legal, regulatory and contractual obligations.
5. Change of Purpose
We will only use your personal information for the purposes for which we originally collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Information Officer.
If we need to use your personal information for a purpose unrelated to the original purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal information without your knowledge or consent but only where this is required or permitted by law.
6. Sharing your personal information
We may share your personal information for the purposes above with:
- Employee Benefits and payroll service providers
- It is important to note that any third parties with whom we share personal information are contractually required to implement appropriate data protection and security measures and are not permitted to process personal information for any purpose other than the purpose for which they are given access.
- In connection with, any joint venture, merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
- In response to a request for information by a competent authority in accordance with, or required by any applicable law, regulation or legal process.
- Where necessary to comply with legal obligations, judicial proceedings, court orders or government orders.
- Where you consent to the sharing of your personal information.
7. Transfers across borders
It may be necessary for us to process, transfer and/or store your personal information in other countries, either to carry out your instructions or for ordinary business purposes. These countries may not have the same level of protection as is required by POPIA or the GDPR. Where this is the case, we will only process your personal information with your consent. If necessary, we will ask the party to whom we transfer your personal information to agree to our privacy principles, associated policies and practices so that your personal information will be protected to the same extent that it would have been had it been processed by us. Please contact us if you want further information on the specific mechanism used by us when transferring your Personal information out of South Africa or the European Economic Area.
8. Security of your personal information
Kagiso Tiso Holdings is committed to protecting your personal information from misuse, loss, unauthorised access, modification or disclosure by using a combination of physical, administrative and technical safeguards and contractually requiring that third parties to whom we disclose your personal information do the same.
Whilst Kagiso Tiso Holdings makes every effort to secure its websites, you should note that the internet is not completely secure; thus when you submit or post personal information online, you should be aware that Kagiso Tiso Holdings cannot guarantee the security of any personal information that you submit or post online.
9. What are your rights
Should you believe that any Personal Information we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through our Information Officer.
In the event that you wish to complain about how we have handled your Personal Information, please contact our Information Officer at firstname.lastname@example.org . Our Information Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your Personal Information has not been handled appropriately according to the law, you can contact www.justice.gov.za/inforeg and file a complaint with them.
In order to access, correct, update, block or delete your personal information, you have the right to:
- Request access to your personal information. This allows you to receive a copy of your personal information held by us and to check that we are lawfully processing it.
- Request correction of your personal information held by us. This allows you to have any of your incomplete or inaccurate information corrected, although we may need to verify the accuracy of the new information that you provide.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What we may need from you: We may need to request specific information from you to assist us to confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request in order to speed up our response.
Time limit to respond: We will endeavour to respond to all legitimate requests within 30 days. Occasionally it may take us longer than this if your request is particularly complex or if you have made a number of requests, in which case, we will notify you of the delay and keep you updated.
10. Links to third party websites and applications
Our websites may contain links to sites and applications operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party site or application and we are not responsible for any third party content or privacy statements. Your use of such sites and applications is subject to the relevant third party privacy statements.
11. Retaining your personal information
We retain your personal information for only as long as is necessary to fulfil the purposes for which it was collected, or to comply with legal obligations, resolve disputes, protect our assets, or enforce agreements. Depending on the purpose, retention periods will vary.
Any Personal Information held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive these notifications.
The criteria we use to determine retention periods, excluding marketing and service notifications, include whether:
- We are under a legal, contractual or other obligation to retain personal information including pursuant to data retention laws, as part of an investigation or for litigation purposes.
- Personal information is needed to provide our solutions and services business including performance improvement and to maintain accurate business and financial records.
- There are automated means to enable you to access and delete your personal information at any time. We will generally retain personal information for a shorter period of time, where this is not the case.
- The personal information is Special PII in which event we will generally retain this for a shorter period of time.
- You have consented to us retaining your personal information for a longer retention period, in which case, we will retain personal information in line with your consent.
13. How to contact us
14. Validity and document management
The Information Officer is the owner of this document, who checks and, if necessary, updates the document at least once a year.