PRIVACY POLICY
BC WINES
BRANDVLEI WINE CELLAR PROPRIETARY LIMITED
(GROUP OF ENTITIES INCORPORATED IN THE REPUBLIC OF SOUTH AFRICA)
HEREINAFTER REFERRED TO AS ‘BC’
PRIVACY POLICY
LAST UPDATED 1 JULY 2021
READ THIS POLICY CAREFULLY BEFORE COMMUNICATING WITH BC, BROWSING ITS WEBSITES & OTHER ELECTRONIC PLATFORMS OR USING ANY OF THE SERVICES OR PRODUCTS OFFERED BY BC. YOUR CONTINUED COMMUNICATION WITH BC OR THE USE OF ITS WEBSITES AND PLATFORMS INDICATE THAT YOU HAVE BOTH READ AND CONSENT TO THE TERMS OF THIS POLICY. DO NOT COMMUNICATE WITH BC OR USE ITS WEBSITES OR ELECTRONIC PLATFORMS IF YOU DO NOT ACCEPT THESE TERMS. ALL SECTIONS OF THIS POLICY ARE APPLICABLE TO ANYONE WHO COMMUNICATE WITH BC, UNLESS A PARTICULAR SECTION EXPRESSLY STATES OTHERWISE.
- PREAMBLE
This is the privacy policy of Brandvlei Wine Cellar Proprietary Limited (hereinafter referred to as ‘BC’) and applies to all entities in the group as listed in Schedule 1. It further applies to the use of all our Websites and other Electronic Platforms, including mobile sites, mobile applications, emails or any other technology or services you use to access our Services and Products.
BC subscribes to the principles for processing personal information contained in POPIA and the auxiliary legislation referred to therein. We endeavour to ensure the quality, accuracy, security and confidentiality of Personal Information in our possession.
- INTERPRETATION AND DEFINITIONS
Interpretation
“We,” “us” or “our” in this privacy policy refers to BC as set out in Schedule 1.
The words of which the initial letter is capitalized have meanings as defined below. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
Account – if applicable, means a unique account created for You to access our Services and Products or any part or aspect thereof;
Biometric information – means information obtained through a technique of personal identification that is based on physical, physiological or behavioural characterisation, including blood-typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
Company – Brandvlei Wine Cellar Proprietary Limited (also referred to as ‘BC’), together with all Associated Affiliates, as set out in Schedule 1, from Doornrivier, Worcester, 6850, Western Cape, Republic of South Africa that may be contacted as set out in Section 3;
Cookies – are small files that are placed on your computer, mobile device or any other device used to access our Websites or other Electronic Platforms, containing the details of your browsing history on that particular Website or Electronic Platforms;
Country – refers to the Republic of South Africa;
CCTV Policy – BC’s CCTV policy attached hereto, marked SCHEDULE 2.
Data Subject – means the person to whom personal information relates.
Device – means a device that is used to access our Services or Products through or Websites or other Electronic Platforms or that is used to communicate with us, such as a computer, a cell phone or a digital tablet;
Personal information – means information relating to an identifiable, living, natural person and, where applicable, an identifiable, existing juristic person, including but not limited to —
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature, or further correspondence that would reveal the contents of the original correspondence;
(g) he views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person, or if the disclosure of the name itself would reveal information about the person.
POPIA – refers to the Protection of Personal Information Act, No. 4 of 2013, as may be amended from time to time;
Processing – means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including —
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use thereof;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information.
Record – means any recorded information —
(a) regardless its form or medium, including any of the following:
(i) Writing on any material
(ii) Information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored
(iii) A label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means
(iv) A book, map, plan, graph or drawing
(v) A photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced
(b) in the possession or under the control of a responsible party;
(c) whether or not it was created by a responsible party; and
(d) regardless of when it came into existence.
Responsible party – means BC, who determines the purpose of and means for processing personal information.
Services & Products – refer to any of BC’s Services and Products notwithstanding whether it is advertised and displayed on our Websites and other Electronic Platforms;
Service Provider – means any natural or juristic person who processes data on behalf of BC. It refers to third-party operators, companies or individuals employed or contracted by BC to facilitate the delivery of Services and Products to and on behalf of BC, who provide services related to the Services and Products or to assist BC in analysing data relating to the Services and Products and the use of our Websites and other Electronic Platforms to access it;
Third-party Social Media Service – refers to any website or other electronic social network through which you can log in or create an account to use our Websites and other Electronic Platforms;
Usage Data – refers to data collected automatically, either generated by the use of our Websites and other Electronic Platforms or from your application of our Services or Products itself (for example, the duration of a page visit, IP addresses, unique device identifiers and other diagnostics data and location information).
Website – refers to the website/s of BC.
You/your – means the individual or other legal entity on behalf of which such individual, as applicable, is accessing or using the BC Websites, Electronic Platforms, Services and Products.
- INTRODUCTION
This Policy explains the procedures and governing principles on how we process your Personal Information with regards to the collection, receipt, usage and disclosure, electronically and manually, when using our Websites and other Electronic Platforms or accessing our Services and Products.
This policy applies to all Personal Information collected from all Data Subjects with whom BC interacts, including but not limited to employees, contractors, customers, clients, service providers, suppliers and other third parties who conclude any type of agreement or contract with BC.
In adopting this Privacy Policy, we wish to balance our legitimate business interests and your reasonable expectation of privacy.
Although absolute security cannot be guaranteed, BC implemented, reasonable technical, administrative and operational security measures to protect your Personal Information against accidental or intentional manipulation, loss, misuse, destruction or unauthorised access to or disclosure of the information we process.
We will comply with POPIA when processing your Personal Information and will continue to maintain and improve security measures consistent with legal and technological developments.
In some circumstances we operate as a “responsible party,” with regards to the processing of your Personal Information (as defined in POPIA) and are therefore responsible for the legal processing of your Personal Information. In other circumstances we operate as an “operator,” with regards to the processing of your Personal Information on behalf of a third-party responsible party (as defined in POPIA) and in such circumstances the privacy policy and terms of use of such third-party shall apply.
We use your Personal Information to improve BC and its Products and service delivery. By using our Websites, Electronic Platforms, Services and Products, you agree to the collection and processing of Personal Information in accordance with this Privacy Policy.
By agreeing to the terms contained in this Privacy Policy, you consent to the use of your Personal Information in relation to:
o Our Websites, Electronic Platforms, Services and Products;
o Informing you of changes made to our Websites, Electronic Platforms, Services and Products;
o Responding to any queries or requests you may have;
o Developing a more direct and substantial relationship with you for the purposes described in this clause;
o Developing an online user profile;
o For security, administrative and legal purposes; o For direct marketing with the option ‘to opt out.’
Your information will not be stored for longer than is necessary for the purposes described herein or as required by applicable legislation.
If you are under the age of 18 years, you must always get consent from your parent or guardian before you use or access our Websites, Electronic Platforms, Services and Products, since you are not legally able to consent to this Privacy Policy without your parent’s or guardian’s consent. Please note that we may check whether your parent or guardian has given permission to use or access our Websites, Electronic Platforms, Services and Products and consequently sharing your Personal Information.
Please contact the Information Officer referred to below regarding your Personal Information that is processed by BC.
You have the right to lay a complaint at any time with the Information Regulator of South Africa. The Company would, however, appreciate the chance to deal with your concerns before you approach the Information Regulator’s Office, accordingly, please contact the Company in the first instance to assist you.
If you are dissatisfied with our resolution of your complaint, you have the right to refer it to the Information Regulator, the supervisory authority for protection of personal information in South Africa.
General enquiries email: inforeg@justice.gov.za
Complaints email: complaints.IR@justice.gov.za
To view the Company’s Promotion of Access to Information Act (PAIA) manual, visit our website for the link.
The contact details of BC’s Information Officer are as follow:
NAME AND SURNAME OF INFORMATION OFFICER
JOHANNES ANDRIES JAKOBUS LE ROUX
Telephone Number: 023 340 4215
Mobile Number: 082 890 7204
Physical Address:
Doornrivier
Worcester
6850
Postal address:
P.O. Box 595
Worcester
6849
E-mail: jean@bcwines.co.za
Website address: www.bcwines.co.za
- PERSONAL INFORMATION WE COLLECT FROM YOU
Personal Information may be processed only if, given the purpose for which it is processed, such processing is adequate, relevant, not excessive, and in accordance with the relevant provisions of POPIA. The purpose must relate to a function or a Service or Product of BC.
BC collects and processes personal information pertaining to the proper functioning, management and governance of BC’s business.
Should you decide to register with or function as a user on our Websites or other Electronic Platforms, engage with BC and/or use any of the BC’s Services or Products, you thereby expressly consent to, and opt-in to BC collecting, collating, processing, and using the following types of Personal Information about you. We only collect and use the minimum Personal Information we need in order to provide and improve your experience of our Websites, Electronic Platforms, Services and Products.
- Personal Information may include, but is not limited to:
Email and/or physical address - First name and Last name
- Fixed line or Mobile phone numbers
- Usage Data
4.1. Information provided by you or from a responsible party authorised by you:
BC processes Personal Information which we either processes as responsible party, or which is received from another responsible party to whom you have provided your Personal Information with your consent that it may be shared with us as the Operator.
We collect your Personal Information through direct interactions with you and when you:
- submit an enquiry or application form and/or contact BC or request that we contact you;
- When you engage or interact with BC, for example through social media, e-mails, letters and phone calls;
- When you visit or browse our Websites;
- When you conclude a contract with us;
- When you complete any of BC’s documents, including our client forms, standard terms and conditions, surveys, promotional competitions or employment contracts, sign up for an account or subscribe or register to access or use any of our Websites, Electronic Platforms, Services and Products;
- When you make use or purchase any of BC’s various Services or Products.
If it is legally required BC will obtain your consent before collecting your Personal Information for the purposes of conducting its business or delivering of the Services or Products.
The third parties from whom we may collect your Personal Information include, but are not limited to, the following:
- Affiliated companies, subsidiaries and/or appointed third parties (such as authorised agents, partners, contractors and suppliers) of BC, for any of the purposes identified in this Privacy Policy;
- Your spouse, dependants, partners, employer, joint applicant or account holder and other similar sources;
- Individuals you have authorised, to share your Personal Information;
- Attorneys, tracing agents, debt collectors, other persons that assist with the enforcement of agreements and credit.
4.2. Information that is collected automatically:
BC receives and stores information which is transmitted automatically from your Device when you browse the internet and access our Websites or other electronic Platforms. This information includes Usage Data (that is collected automatically), information from cookies (which are described in clause 9 below), browser type, operating system used by you, type of mobile device you use, your mobile device unique ID, embedded web links, and other commonly used information-gathering tools, unique device identifiers and other diagnostic data. These tools collect certain standard information that your browser sends to websites such as your browser type and language, access times, and the address from which you arrived at the websites.
4.3. Information from Third-Party Social Media Services:
BC may allow you to create an account and log in to access our Services and Products through the following third-party Social Media Services:
If you decide to register through or otherwise grant BC access to a Third-Party Social Media Service, we may collect Personal Information that is already associated with your Third-Party Social Media Service's account, such as your name, your email address, your activities or your contact list associated with that account.
You may also have the option of sharing additional information with us through your Third-Party Social Media Service's account. If you choose to provide such Personal Information, during registration or otherwise, you are giving us permission to use, share, and store it in a manner consistent with this Privacy Policy.
Should your Personal Information change, please update it by providing us with updates of your Personal Information as soon as reasonably possible to enable us to update it. BC is under no obligation to ensure that your Personal Information or other information supplied by you is correct.
You warrant that the Personal Information disclosed to BC is directly from you, especially when provided as the user on our Websites or Electronic Platforms or in connection to our Services or Products, and all such Personal Information is lawfully yours to provide. You also warrant that any Personal Information provided to BC from a third-party responsible party, was attained from you lawfully and provided to the Company with your express consent to the relevant responsible party to do so.
- WHEN DO WE COLLECT YOUR PERSONAL INFORMATION
BC will only process your Personal Information for lawful purposes relating to our business if:
- You have consented thereto;
- A person legally authorised by you, the law or a court, has consented thereto;
- It is necessary to conclude or perform under a contract BC has with you;
- If BC is legally required or permitted to;
- It is required to protect or pursue your, our or a third party’s legitimate interest; and/or
- You are a child, and a competent person (such as a parent or guardian) has consented thereto on your behalf.
- HOW WE USE YOUR PERSONAL INFORMATION
Any processing of your Personal Information will be for BC’s legitimate business purposes and as a necessary function of your engagement with us. You have expressly consented to this by using the Websites, Electronic Platforms, Services or Products of BC. BC will not, without your express consent:
6.1. use your Personal Information for any purpose other than as set out below:
6.1.1. in relation to the provision and monitoring of the Services and Products to you and/or access to the Websites and Electronic Platforms of BC, including, but not limited to, opening, managing and maintaining your accounts, contacts, agreements or relationship with us;
6.1.2. for security and identity verification, and to check the accuracy of your Personal Information;
6.1.3. to fulfil a contract with you, which includes the delivery of orders for Services and Products;
6.1.4. to contact you through any form of electronic or other communication as may be requested by you;
6.1.5. for internal record keeping of responsible third parties and the development of metrics of third-party searches;
6.1.6. to contact you with news, special offers and general information about other goods, services, events and functionalities which we offer that are similar to those that you have already purchased or enquired about (unless you have opted out from receiving marketing material from us);
6.1.7. to conduct affordability assessments, credit assessments and credit scoring (where applicable) and to develop credit models and credit tools; and/or
6.1.8. to improve the Websites and Electronic Platforms of BC by, for example, monitoring your browsing habits, or tracking your activities on the Websites and Electronic Platforms; or
6.1.9 for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services and Products, marketing and your experience; or
6.1.10 Comply with any legal or regulatory obligations such as criminal investigation purposes, tax or financial laws.
6.2. disclose your Personal Information to any third party other than set out below:
6.2.1. to the employees of BC and/or Service Providers who assist us to interact with you via our Websites and Electronic Platforms, email or any other method, for your use of the Services and Products, and thus need to know your Personal Information in order to assist us to communicate with you in a proper and efficient way;
6.2.2. to external responsible parties who already have your express consent to process and/or attain such Personal Information from and/or with us;
6.2.3. to the professional service providers of BC (such as the insurers or lawyers of BC where we believe that it is required under the contractual relationship with the Company’s service provider to do so);
6.2.4. to law enforcement authorities, government officials, fraud detection agencies, regulatory authorities, local and/or international tax authorities, credit bureaux, trustees, executors or curators appointed by a court of law or other third parties when BC believe that it is legally required to do so or when the Company believe in good faith that the disclosure of the Personal Information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity or the contravention of an applicable law or to investigate violations of this Privacy Policy;
6.2.5. to the Service Providers of BC (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, BC’s contracts dictate that these Service Providers may only use your information in connection with the services they perform for us, not for their own benefit and under the same standards we operate; and
6.2.6. Other parties that provide content, advertising services or functionality on our Websites and Electronic Platforms. These third parties include i) advertising service providers which help us and our advertising customers provide advertisements that are tailored to users’ interests, ii) audience-measurement companies which help us measure the overall usage of our Websites and Electronic Platforms and compare that usage with other online services, and iii) social networking services such as Facebook, Twitter, LinkedIn and Instagram that you may select to use to register for and log into some of our services and share things you find on our Websites and Electronic Platforms with your social network. We do not control the privacy practices of these or any other third-party services and recommend you read the privacy policies of these services before connecting to them. These third parties may collect or receive information about your use of our Websites and Electronic Platforms, including through the use of cookies, web beacons and other technologies, and this information may be collected over time and combined with information collected on various websites and online services.
We also share our research and statistical information with various third parties. However, this information does not include your personal information, cannot be linked to you and you cannot be identified from these statistics.
We will not use your Personal Information for any other purpose without your permission.
We keep your information for as long as we need it to provide our Websites and Electronic Platforms, Services or Products to you, and are required or allowed by law or the contract between you and us, or you have agreed to us keeping your information.
- YOUR RIGHTS
7.1 You have the right to ask us not to contact you for marketing purposes. Use any of the various “opt out” options that will be provided when we send you marketing communications, alternatively you may contact the Information Officer.
7.2 You also have the right to request access to the information we have collected about you and request that we correct or update any incorrect or incomplete information or delete your information (where there is no good reason for us to continue to process it). Such request can be submitted by using BC’s PAIA manual, which is available from our Information Officer. For any personal information held by any third-party responsible party, you must approach that responsible party for the realisation of your personal information rights with them, and not with BC.
- LINKS TO OTHER WEBSITES & SHARING YOUR INFORMATION
8.1 Our Websites and Electronic Platforms may contain links to other websites, mobile applications and/or services of third parties that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit, since the connection will enable such third party to collect and share information about you.
BC have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services and have not evaluated these parties and their practices.
8.2 Your privacy is important to us. We will never sell, exchange, share or rent your Personal Information to any unauthorized third party without your permission, other than within the scope of this privacy policy.
If at any stage, after you have given us your consent, you no longer wish us to use or share your personal information with an affiliate party; you may at any stage withdraw your consent. By choosing to withdraw your consent with affiliated third parties there may be an impact on our offering to you, and it will be explained to you on your request to withdraw your consent.
- COOKIES PROVISIONS
9.1 The Websites and Electronic Platforms of BC may use of “cookies” to automatically collect information and data through the standard operation of the internet servers. Cookies are small text files a website can use (and which we may use) to recognise repeat users, facilitate the user’s on-going access to and use of a website and allow a website to track usage behaviour and compile aggregate data that will allow the website operator to improve the functionality of the website and its content, and to display more focused advertising to a user by way of third-party tools.
9.2 The type of information collected by cookies is not used to personally identify you. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. Please note that cookies may be necessary to provide you with certain features available on our website, and thus if you disable the cookies on your browser you may not be able to use those features, and your access to our website will therefore be limited. If you do not disable “cookies,” you are deemed to consent to our use of any personal information collected using those cookies, subject to the provisions of this Privacy Policy.
9.3 For more information on the exact cookies and technical data used, please contact the Information Officer who will gladly provide a full technical breakdown of same cookies and technical data.
- INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
10.1 We may transfer your Personal Information to recipients outside of the Republic of South Africa.
10.2 Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the legal and other related services that are required by BC clients.
- CHANGES TO THIS PRIVACY POLICY
This version of the Privacy Policy was last updates on 1 July 2021 and replaces any preceding privacy policies.
We reserve the right, in our sole discretion to amend (including without limitation, by the addition of new terms and conditions) this Privacy Policy from time to time.
You are advised to review the Privacy Policy whenever you visit or use our platforms for any such amendments. Save as expressly provided to the contrary in this Privacy Policy, the amended version of the Privacy Policy shall supersede and replace all previous versions thereof. Changes to this Privacy Policy are effective when they are posted on our platforms.
POLICY ON CLOSED-CIRCUIT TELEVISION
(In terms of the Protection of Personal Information Act, 4 of 2013)
This Policy on Closed-Circuit Television (‘CCTV’) was drafted in accordance with the Responsible Party's pursuit of crime prevention. This Policy on CCTV aims to put this endeavour into practice and to protect the wellbeing of the Responsible Party's employees and visitors. The policy seeks to ensure that the CCTV system is managed in such a way that it does not infringe on the rights of those involved. The policy may also be reviewed from time to time if the need arises.
All terms used herein, but not necessarily specifically defined, will carry the same meaning as in the Responsible Party's Policy regarding the Protection of Personal Information & Privacy, to which this policy constitutes a Schedule.
- DEFINITIONS
1.1 CCTV – refers to a Closed-Circuit Television system.
1.2 POPIA – refers to the Protection of Personal Information Act, 4 of 2013.
1.3 BUSINESS PREMISES – any portion of a premises on which the Responsible Party operates business, including, but not necessarily limited to, any building, structure, hall, room, office, recreation area, land or demarcated area that is under the control of the Responsible Party and to which a member of the public is accessed or can usually be admitted.
- INTRODUCTION
2.1 The Responsible Party has installed CCTV infrastructure on the premises where it conducts business.
2.2 The cameras are positioned to cover the main routes in the area, points of access to and the Business Premises itself. Footage recorded is stored for a limited period of time.
2.3 This policy applies to all persons entering the Responsible Party's Business Premises. Any such person submits to the policy.
- LIABILITY
3.1 The Responsible Party shall process Personal Information (as recorded in the CCTV material) strictly according to the provisions of POPIA at all relevant times, considering the individual's constitutional right to privacy.
3.2 Authorisation for the recording and location of, as well as access to CCTV material (data), rests with the Responsible Party. Access to the data via the Responsible Party systems will be allowed, provided that the person concerned has been granted prior consent - as set out below or if otherwise legally permissible.
3.3 To the extent that the Responsible Party provides the data to parties and businesses, as indicated below, the Responsible Party deals in the capacity of 'operator', as defined in POPIA. Insofar as the Responsible Party can be regarded as the party responsible for processing the data, it acts as the 'responsible party', as defined in POPIA.
3.4 The Responsible Party will fulfil its obligations under POPIA, depending on the capacity in which it acts under any circumstances.
3.5 The Responsible Party will process Personal Information, considering the purpose for which it is handled, and will do so in a manner that will ensure that the information is complete, relevant and not excessive.
3.6 Details and records of all information processed by the Responsible Party shall be maintained to the extent required by legislation.
- PURPOSE
4.1 The purpose of this policy is to set out the Responsible Party's use of CCTV in accordance with the provisions of the relevant legislation. The Responsible Party will specifically strive to -
4.1.1 process the data in a legal and reasonable manner without violating the privacy of the data subject;
4.1.2 process the data where it is intended to protect the legitimate interests of members of the public, as well as the Responsible Party;
4.1.3 protect Personal Information, with due regard for each individual's constitutional right to privacy, when the Responsible Party or its representatives process such information, subject to justifiable limitations;
4.1.4 balance the individual's right to privacy with other rights, especially the right of members of the general public to safety and security;
4.1.5 make individuals aware of their rights and remedies to protect their Personal Information from any processing inconsistent with legislation;
4.1.6 adhere to voluntary and mandatory measures, including measures introduced by the Information Regulator to promote and comply with the rights that POPIA seeks to protect;
4.2 The purpose of the Responsible Party's CCTV network is to –
4.2.1 identify crime and to deter criminals and help prevent crime;
4.2.2 improve the safety of those who live, work, trade and visit in the areas covered by the CCTV network;
4.2.3 assist in the arrest and prosecution of offenders (including but not limited to the use of footage, as well as videos, as evidence in criminal or civil proceedings);
4.2.4 assist law enforcement agencies, including private response and security companies, with investigations into any suspected or actual crime captured on the CCTV network;
4.2.5 identify vehicles who may have been involved in criminal activity in order to notify the appropriate authorities thereof;
4.2.6 to reduce vandalism, theft and property-related offences at the Responsible Party premises;
4.2.7 promote the safety, protection and well-being of members of the general public;
4.2.8 to prevent any form of harassment of any person (or persons), or to investigate such harassment in a meaningful manner with a view to prompt and meaningful action against any offender(s);
4.2.9 to prevent any form of undesirable and / or public misconduct, or to investigate such misconduct in a meaningful manner with a view of acting against any offender (s).
4.3 Data recorded by the CCTV network will not be used for purposes other than those referred to above and/or for any purposes not permitted under POPIA.
4.4 Data will under no circumstances be disclosed or distributed to the media or any similar party unless such disclosure or distribution is specifically required or authorised in terms of legislation.
- SCOPE AND FUNCTIONING OF THE CCTV NETWORK
5.1 The Responsible Party’s CCTV network uses mounted cameras designed and placed to record footage of individuals' movements, as well as the registration plates of vehicles on public and/or private roads and in public spaces.
5.2 The CCTV network will be operated and data shall be made available strictly according to the requirements of the relevant legislation, considering each individual's right to privacy.
5.3 All data captured on the CCTV network will be reviewed by the operational staff of the Responsible Party and will be monitored to assist in the identification and prevention of crime, as well as in the interests of public safety and security.
5.4 The software used in combination with the data recorded by the CCTV network can identify registration plates of vehicles. Registration plates may be compared to the database of registration plates of vehicles involved in crime or of interest to the South African Police Service. If any information matches, those monitoring the CCTV network will be informed accordingly. The Responsible Party does not have the capacity to search for registration plate details on the National e-Natis database, so no information will be accessible about the owner of a specific vehicle (e.g. identity number, name and physical address) unless, for example, such information was included when the vehicle was reported as stolen.
5.5 The South African Police Service or those working with them may be asked to respond to information recorded by the CCTV network.
5.6 All data will be stored on the computer servers of the Responsible Party or the Responsible Party's service provider and will be identified using an automatic recording sequence.
5.7 The retention period of the data recorded by the CCTV system may be extended or shortened in terms of any legal instruction that the Information Regulator or other competent authority may issue from time to time. Data may also be stored for a longer period if required for further investigations.
5.8 At the end of this retention period, the data will be permanently removed and/or destroyed under the guidelines set out in POPIA.
5.9 The CCTV network will be installed at strategic locations and in such a way that all cameras are clearly visible and identifiable by the public.
5.10 All sub-titles that appear on the data in question, such as the location of the camera and the time and date, will be safely preserved and stored so that it is impossible to tamper with it.
- PUBLIC AWARENESS OF CCTV
6.1 Before the installation and use of the CCTV cameras, all reasonable attempts shall be made to advise those who live and/or travel in the vicinity of the cameras of the intention to do so.
6.2 To ensure that all members of the public are aware that they are in an area protected by a CCTV network, clear notices to such effect shall be displayed in the areas.
- DATA PRESERVATION AND PROTECTION
7.1 Data will only be preserved for a limited period unless it is required or requested for purposes set out in this policy, which requires the data to be stored for a longer period of time. Appropriate precautions will be implemented to preserve such data for longer periods, as required by POPIA.
7.2 Data preserved for investigation purposes must be strictly managed and subject to limited access.
7.3 All data will be stored on the secure servers rented or owned by the Responsible Party. All data will be stored in such a way that damage or unauthorized destruction or access is prevented.
7.4 Data may not be downloaded without a written request. The request must specify the reason for downloading the data, as well as the period that the data will be stored, along with strict security undertakings. The Responsible Party may refuse the request if it is not satisfied with such reasons provided.
- ACCESS TO CCTV DATA
8.1 Only specified persons within the Responsible Party shall have access to the data to view what the cameras have recorded. However, this will only be allowed on a need- to-know basis.
8.2 These individuals will include the following from time to time –
8.2.1 Responsible Party’s Information and Deputy Information Officers;
8.2.2 Persons or institutions whose legitimate interests or rights may be directly affected;
8.2.3 Law Enforcement Officers
8.2.4 SAPS
8.2.5 Specified employees appointed to monitor and track the data.
8.3 Everyone who enters into the necessary confidentiality and security agreements in terms of which each individual is granted access to any data, shall undertake to obtain only such data when and as is necessary. They are not entitled to share or distribute any data unless it is in accordance withthe terms of the agreements concluded with the Responsible Party andneeded to give effect to the purpose in terms of which the data was capturedor as required by the relevant legislation.
8.4 Any security Company contracted by the Responsible Party to monitor the data must at all times be registered with the regulatory authority for the private security industry.
8.5 The South African Police Service or other authorised law enforcement agents may, at short notice, make use of the material for observational purposes and to conduct detective work and the prevention of crime and to assist in such investigations.
8.6 An institution making a request must provide the Responsible Party with a summons, or information in terms of section 205 of the Criminal Procedure Act, Act 51 of 1977, before footage referred to in the summons can be made available or, in the case of the South African Police Service's investigating officer, a case number.
8.7 All footage made available to the South African Police Service or other authorised law enforcement agency at their request, or where criminal activity is suspected, will be recorded in a CCTV access register. The following details are needed –
8.7.1 Investigating officer's rank and name;
8.7.2 Details of the incident;
8.7.3 Sign-out and acknowledgement of receipt of all evidence; and
8.7.4 Any other information deemed necessary by the Responsible Party.
8.8 Where cameras are monitored via mobile equipment such as a smartphone, tablet or similar devices, the Information Officer will ensure that no unauthorized person can view the content.
8.9 The Information Officer or other designated officer will also be responsible for ensuring that –
8.9.1 the CCTV network and its use are annually reviewed;
8.9.2 the CCTV footage is stored and processed safely under this policy, as well as POPIA and any other relevant legislation;
8.9.3 footage is preserved and stored and that all electronic records are managed similarly to any other sensitive record within the organisation;
8.9.4 data is discarded in a manner as required by POPIA;
8.9.5 any data stored at an external facility is secured by encryption;
8.9.6 access control is applied and adhered to by all persons with access to any data;
8.9.7 the footage is viewed and disclosed in accordance with legal obligations as well as in terms of this policy;
8.9.8 persons using or maintaining the CCTV systems are properly trained and aware of their obligations under POPIA and other relevant legislation;
8.9.9 each system is maintained regularly and that the systems are upgraded as deemed necessary; and
8.9.10 each passive CCTV system is indicated by means of proper directions to make the public aware that they are being monitored.
8.10 Any unlawful disclosure of any data, or any violation of any provision of POPIA, shall, as far as necessary, be reported to the Information Regulator, with associated details regarding the breach, as required by POPIA.
- ACCESS TO DATA BY PRIVATE INDIVIDUALS
9.1 Under the Act, individuals have the right to access any data involving themselves and may, without charge, request the Responsible Party to view the data and confirm whether the individual concerned is captured on the CCTV network.
9.2 Individuals concerned about a possible violation of their privacy may request to view the camera activities by contacting the parties responsible for checking the data.
9.3 Any request to access data must include –
9.3.1 The exact date and time when the footage was recorded;
9.3.2 Information to identify the individual (if necessary);
9.3.3 Proof of identity;
9.3.4 The location or area of the CCTV camera that collected the data; and
9.3.5 Reason for which access to the footage is requested.
9.4 The person responsible for monitoring the data in question should respond to the request as soon as possible.
9.5 Under POPIA, the party responsible for monitoring the data in question may provide a record or description of the data in their possession. A downloadable copy of the data will only be provided if the Responsible Party is of the opinion that the requested data does not contain personal data of anyone other than the party that made the request and that the data will be securely stored and maintained.
9.6 A reasonable tariff will be payable for access to the data, which tariff will be determined in reference to the time, technical expertise and resources required to retrieve the data and, where necessary, to clean and desensitize the data to prevent any violation of a third party's rights. The party that makes the request will be provided with a quotation for such fee as required by POPIA.
9.7 If the Responsible Party is unable to comply with the request, the reasons for this must be documented. The individual will, where possible, be informed of such reasons.
9.8 Data will only be disclosed to third parties based on a subpoena, or otherwise if the relevant legislation requires such disclosure.
9.9 Third parties will only be granted access to the data in terms of the provisions of the Promotion of Access to Information Act (PAIA), Act 2 of 2000, if applicable.