G STUDIO BRANDING AGENCY (PTY) LTD
(Registration Number: 2007/022243/07)
COMPLIANCE NOTICE: PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
Good-Rabbit is committed to protecting the personal information of its personnel and patrons in line with the Protection of Personal Information Act 4 of 2013 (“POPIA”).
Our Privacy Policy can be viewed on our website (https://www.good-rabbit.com), or requested from our offices by contacting:
Information Officer: | Ina Dreyer |
Telephone: | +27(0)78 264 0682 |
Email: | web@good-rabbit.com |
1. IMPORTANT TERMS
1.1 “Personal Information:” “Information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person.”
1.2 “Data Subject:” “The person to whom personal information relates.”
1.3 “Responsible Party:” For purposes of this Notice, the Responsible Party is Good-Rabbit.
1.4 “Consent:” “Voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.”
1.5 “Processing:” “Any operation or activity or any set of operations, whether or not by automatic means, concerning personal information.”
1.6 “Record:” “Any recorded information…”
1.7 “Regulator:” “Information Regulator established in terms of Section 39.”
1.8 “Special Personal Information:” Personal information of a data subject relating to their religious or philosophical beliefs; race of ethnic origin; trade union membership; political persuasion; health or sex life; biometric information and criminal behaviour (to an extent).
2. NATURE AND PURPOSE OF PERSONAL INFORMATION
2.1 The nature of the information we require for processing is largely determined by the nature of our business (advertising, creative design and branding, web developing) as well as the obligations imposed upon us by other legislation and the general industry practice standards.
2.2 We collect and process this data mainly to attend to render branding and marketing services to our clients. Other purposes for collection and processing of personal information include:
2.2.1 Auditing;
2.2.2 Record-keeping in terms of applicable legislation, including obligations to make disclosure to authorities (and longer, where we hold consent from the client to do so); and
2.2.3 Dealing with employment applications and employee-related issues.
3. DATA PROCESSING PRACTICES
3.1 Any information you provide to us is treated with strictest confidentiality.
3.2 If we need to process your data further (i.e. for a purpose beyond that which was originally communicated to you), we will obtain your consent before doing so.
3.3 Where it is necessary to share the personal information you have provided to us with a third party, we undertake to limit this to what is needed for a specific purpose.
3.4 Third parties to whom we provide your personal information are bound to treat such information with the same level of confidentiality and care as we undertake to do.
3.5 In instances where it is necessary to obtain your personal information from a source other than yourself, we will inform you.
4. THE PROCESSING OF SPECIAL PERSONAL INFORMATION
4.1 In compliance with the provisions of POPIA, we will not collect, store or process your special personal information (as defined in 1.8 above), unless:
4.1.1 We have your consent to do so;
4.1.2 Processing of such special personal information is necessary to establish, exercise or defend a legal right / obligation; or
4.1.3 Processing of such special information is only for historical, statistical or research purposes.
5. RETENTION PERIOD OF CLIENT PERSONAL INFORMATION
5.1 By law, we are required to retain client information documents / documents containing client personal data for a minimum period of 5 years.
5.2 Where we hold consent from the client, documents will be retained for recordkeeping purposes until such consent is withdrawn.
6. SECURITY SAFEGUARDS
6.1 We undertake to take all reasonable and practicable steps, both in relation to physical and electronic records, to guard the integrity of the client personal information under our care.
6.2 Although we do all we can to avoid unauthorised access to the personal information of our clients, electronically transmitted and stored data always accompanies a certain element of risk.
6.3 Should a breach of personal information occur, we will, in compliance with the provisions of the Act, inform the relevant client (data subject) as well as the office of the Information Regulator.
7. THE RIGHTS OF THE DATA SUBJECT
7.1 As our client, you have the right to:
7.1.1 Have your personal information lawfully processed in accordance with the conditions as set out in POPIA;
7.1.2 Be notified that your personal information is being collected / has been assessed / acquired by an unauthorised person;
7.1.3 Establish whether we hold your personal information;
7.1.4 Request access to your personal information from us;
7.1.5 Request, where necessary, the correction, destruction or deletion of your personal information;
7.1.6 Object, on reasonable grounds, to the processing of your personal information; and
7.1.7 Lay a complaint to the Information Regulator or institute civil proceedings.
8. MARKETING
8.1 We will not use your personal information for marketing purposes without your consent.
8.2 Newsletters and website update, amongst other things, will not be sent to you unless you have “opted in” to receive such communication.
8.3 If you are currently receiving newsletters and other marketing-related communication from us, and should you wish not to receive such correspondence, please inform us and we will remove your details from our mailing list.