Who are we?
Gouritz Cluster Biosphere Reserve NPC (“GCBR”) is a Non Property Company register in terms of section 21 of the Companies Act, 1973 (Act 61 of 1973) as an association incorporated not for gain to manage the Biosphere Reserve in terms of the requirements of UNESCO’s Man and the Biosphere (MAB) Programme. We are a Responsible Party in terms of the Protection of Personal Information Act, 4 of 2013 (POPIA) with respect to your Personal Information and as such we want to take certain steps to make sure that you are fully aware of exactly who we are, the types of Personal Information we process, how we process it, who we may need to share it with, as well as what your rights are in relation to our processing of your Personal Information in terms of POPIA.
As will become clear to you in this notice, we process all Personal Information in order to enable us to do business with you and to provide products and services to you as requested. In this notice, “you” means you as an individual or an entity with whom we are dealing and whose Personal Information we may need to collect and process in order to provide the requested services and for any of the purposes described below.
What Personal Information do we collect and process?
Please note that in accordance with Section 18 of POPIA you are hereby expressly informed of the fact that when you engage with us, or we engage with you, you may need to provide us with the following Personal Information, including but not limited to:
• Your first and last name;
• Your identity number or passport number;
• Your entity name;
• Your entity registration number;
• Phone/ mobile number;
• Your banking details and other financial information pertaining to you or the entity you represent;
• Physical address;
• Property information in general;
• Email address or other contact details.
You should know that we collect and record all internet communications (including IP addresses), all correspondence we have with you irrespective of the medium of communication, details of your dealings with us and any visits to our website(s). In addition, we collect and generate information in relation to your profile as a client of ours.
Unless we are specifically required to do so, in which case we will inform you and obtain your consent, we do not collect any special Personal Information as defined in section 26 of POPIA, including your religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion health or sexual orientation or biometric information.
What do we do with your Personal Information and why do we collect it?
We take the privacy of our data subjects (clients, employees, suppliers etc.) very seriously and we only collect and process Personal Information for specific purposes which are connected to our legitimate business purposes, which we generally need in order to comply with our obligations towards you and also to comply with obligations which are imposed upon us in terms of applicable laws regulating us.
The Personal Information you provide to GCBR in your dealings with us, is primarily processed for the purposes of enabling us to comply with our contractual and lawful obligations. However, we do want to highlight a few specific instances which are also connected to our legitimate business purposes:
• To provide or manage any information, products and/ or services requested by you pursuant to your dealings with us.
• To evaluate whether or not to offer, extend or modify any offering or services requested by, or provided to you.
• Using, processing, sharing/ transferring or engaging in analytics of your Personal Information for legitimate business purposes and for the purposes of new business or product development.
• To establish your needs, requirements and preferences in relation to the products and/ or services provided by us from time to time.
• To allocate unique identifiers to you for the purpose of processing your Personal Information, securely storing, retaining, and recalling your Personal Information from time to time, regardless of whether you conclude an agreement with us or not.
• For general administration purposes pertaining to our administration.
• To improve the quality of our products and services.
• To analyse your Personal Information collected for research and statistical purposes.
• To transfer your Personal Information across the borders of South Africa to other jurisdictions should it be required in the legitimate pursuit of the GCBR’s business requirements.
• To investigate and attempt to resolve any queries, complaints or requests you may have from time to time.
• To verify that the Personal Information provided is true and accurate.
• To, unless you expressly “opt out”, process your Personal Information as defined above for the purposes of marketing and advertising to you of products and services provided by us.
• To, for the purposes of enhancing the scope of products and services we can offer to you or the method of delivery of same, share or transfer all or any part of your Personal Information to a third party who is a potential business partner or actual provider/ supplier of outsourced services to us.
In supplementation of the above purposes, we are legally required to collect and process certain Personal Information for very specific purposes, such as to comply with our obligations as a managing agent.
Who do we share your Personal Information with?
For us to maintain the high standards of product and service delivery you have come to appreciate, we are required to share your Personal Information with some of our suppliers, service providers and business partners (“approved third parties”). We use service providers and suppliers who we trust, who we have agreements with and they are required to keep your Personal Information secure and confidential, and to only use it for purposes which we have agreed to and if we are comfortable that they are securing your Personal Information. If you are interested in who these approved third parties are, you can ask us and direct your enquiry to the General Administrator, Marinda van As at firstname.lastname@example.org.
Where do we store your Personal Information and how long do we store it for?
First, you should know that we only store your Personal Information for as long as what we need to in order to fulfil a purpose for why we initially collected it, which may include either complying with our obligations towards you as a customer, or to comply with applicable laws that require us to do so. All your Personal Information is stored securely by GCBR.
What are your Rights?
It is important that you know that you have certain rights in terms of POPIA and we want you to know exactly what they are and how they relate to us. As a data subject in relation to the GCBR, you have the following rights:
• You have the right to always be informed – we will always do our best to make sure that you know what Personal Information is being collected, how it is being collected, how it is being used, how long it will be kept and whether it will be shared with third parties. We don’t have any agenda, and we will always be transparent about the way in which we process your Personal Information. You are also always welcome to ask us and we will tell you.
• You have the right to access your Personal Information – You can ask us at any time what Personal Information of yours we hold and we will afford you access to it in the most effective way possible.
• You have the right to correct your Personal Information – You can ask us to update your Personal Information or even delete any information which is no longer accurate because we want to make sure your information is accurate and complete, but we do need your help.
• You have the right to object to our processing of your Personal Information – we do not want to process your information if you don’t want us to, but just bear in mind it may influence our ability to fulfil our obligations towards you.
• You have the right to lodge a complaint – If you feel that we are not processing your Personal Information lawfully, we encourage you, and would always appreciate it, if you spoke with us first and laid a complaint to our Information Officer, Marinda van As at email@example.com. However, you are more than welcome to lodge a complaint with the information regulator if you feel that we are not complying with POPIA.
The contact details of the Information Regulator are:
The Information Regulator (South Africa)
JD House 27 Stiemens Street, Braamfontein, Johannesburg, 2001
PO Box 31533
Braamfontein, Johannesburg, 2107
With that said, we have (and continue to) implement reasonable security measures and protocols to protect the Personal Information we hold. These measures are to protect any Personal Information we hold from being disclosed without authorisation, from loss, damage, destruction or unauthorised access. As you will appreciate nothing is 100% secure in this day and age and therefore, we ask that if you suspect that either you, or we, have had an information security breach, please notify us immediately so that we can take action.
Should you have any queries or even questions regarding this privacy notice and the GCBR’s POPIA compliance efforts, please direct your queries and questions to our General Administrator, Marinda van As at firstname.lastname@example.org.