The processing of personal information
We provide this policy in accordance with POPI, detailing the lawful approach we take in the collection of information and in regard to the management, use and processing of all information collected from you and other legitimate sources and all subsequent dealings with your lawful representatives, credit reporting bodies and other entities listed in this policy.
In the course of our business we only process personal information in relation to our clients in terms of the services requested by them, which will be detailed in the agreement between us (“the lawful purpose”).
The types of personal information collected and processed
We gather information about yourself primarily from you.
Why we process personal information
We process personal information:
- to communicate offers in relation to our services or products that we think may be of interest to you
- unless you requested us not to, receive any communication related to offers in relation to products and services promoted by us via our website owned and operated by ImStaying NPC;
- unless you requested us not to receive any marketing materials which promote the goods and/or services of ImStaying NPC (including by way of electronic direct marketing activities);
By clicking ‘submit’ on our website you are expressly providing your consent to us to collect your details to process the information for the lawful purpose.
What laws authorise us to collect personal information?
How we collect personal information
We collect personal information in South Africa from these possible legitimate sources:
- from you; your name / email address / contact number
How we hold personal information securely
In all circumstances the information is held by us on our secure systems or data base. We undertake to take all reasonable and necessary steps to secure the integrity and confidentiality of your personal information and protect your information from misuse, loss, interference, unauthorised access, modification or unauthorised disclosure.
Electronic copies are held in a secure environment, with the application of appropriate passwords and other computer and software security techniques.
How we use your personal information provided
Once you have submitted your information and provided consent for us to use of your information, we are entitled to use your personal information as follows:
- to identify you as per the above;
- to check when was the last time you used our services, if at all;
- to inform you of goods, services and/or products which we think you may be interested in (unless you have opted out);
- to receive confirmation that you have granted us authority to act as the “responsible party” if information is held by a third party;
- for business purposes, such as analysing and managing our business, market search, audits, developing new products, improving our services and products, gauging customer satisfaction and providing customer service
- to transfer your information across borders; and
- for any purpose permitted by law
What do we do with your personal information?
We will use your personal information for the purposes of providing you with the services as per your agreement with us.
We do not sell, trade, share or rent your personal information to any third party for marketing purposes unless you have given your permission for us to do so.
We may, for an indefinite period, unless otherwise notified by you, use the information provided by you for promotional, marketing, research and profiling purposes. We will add your contact details to our database and may also send you emails from time to time about our offers and offers of our third-party advertisers. Every group email that is sent to our database also contains an “unsubscribe” option.
Should you at any point in time wish to opt out from the use, collection and processing of your personal information, this can be done by informing us at firstname.lastname@example.org. You may be informed about the goods, services and/or products through a range of communication methods, including telephone, SMS, email, social media, other electronic means and/or targeted advertising.
Parties we share your information with
- We may, from time to time, share your personal information with credit reporting bodies, credit providers and/or brokers and any other organisations which are involved in our affiliate/partner offering. We will only share your personal information for a lawful purpose.
- We ensure protection of your personal information, by only entering into agreements with third parties that have policies that comply with POPI. Compliance with POPIA ensures the personal information we have disclosed is used only for the specific lawful purpose we have requested on your behalf.
- We may disclose your personal information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of ImStaying NPC, its clients and others.
What kinds of website visitor information we collect
Unless requested not to, we may aggregate and hold the information we collect to research and help us understand broad demographic trends, but before we use or hold such aggregated data we remove anything and everything that identifies you personally. This generic de-identified and aggregated information may be shared with third parties and in this event, we undertake to never share any of this information if it is personally identifiable without your prior consent. We take your privacy seriously and we are committed to protecting it. If you would prefer not to participate in this generic de-identified data gathering, you can opt-out by notifying us at email@example.com.
From time to time we may have notifiable matters that we wish to communicate to you. You may request a hard copy, or emailed copy, of the notifiable matters or notify us that you opt out of this service at any time.
Transfer of information between us and a third-party supplier
The information you provide may be transferred across foreign borders.
This information transfer is permitted under Chapter 9 of POPI which authorises the access seeker (known as the responsible party) permission to transfer the information across foreign borders in the following circumstances:
- the person receiving the information (outside of the Republic), must be governed by laws, binding corporate rules, binding agreements or memorandum of understanding between two public bodies which provide an adequate level of protection; or
- You must consent to the transfer; or
- the transfer must be necessary for:
- the performance of a contract between you and the Responsible Party, or for the implementation of pre-contractual measures taken in response to your request;
- the conclusion or performance of a contract concluded in your interest between the Responsible Party and a third party; or
- the transfer is for your benefit and: –
- it is not reasonably practicable to obtain your consent for that transfer; and
- if it were reasonably practicable to obtain such consent, you would provide it.
How you may complain about our failure to comply with POPIA
There are 2 ways you may complain:
- Verbally, or in writing, by contacting firstname.lastname@example.org
- If you are a resident in South Africa, you can lodge a complaint to the Regulator completing the form as prescribed.
There is no charge for lodging a complaint.
How we will deal with such a complaint: We will write to you acknowledging receipt of the complaint. After appropriate investigation, the Privacy Manager will write to you as soon as practicable after a decision has been reached, outlining the decision and the reasons for reaching it.