Data Privacy Statement

1. INTRODUCTION

1.1 This Privacy Policy (hereinafter referred to as the “Policy”) applies to the use of the website of the Southern African German Chamber of Commerce and Industry NPC (hereinafter referred to as “SAGC”) and any interactions between SAGC and a data subject.

1.2 SAGC, through this Policy, wishes to inform data subjects of the scope and purpose for which personal information is processed by SAGC in connection with the data subject’s use of SAGC’S website or through any interactions with SAGC.

1.3 SAGC gathers, stores and uses the data subject’s personal information only in line with the contents of this Policy and with applicable data protection provisions, such as: -

1.3.1 The European General Data Protection Regulation (GDPR); and

1.3.2 The Protection of Personal Information Act 4 of 2013 (POPI).

1.4 SAGC is committed to safeguarding the privacy of data subject’s personal information and SAGC takes protection of privacy and personal information very seriously. SAGC treats your personal information as confidential and in accordance with the applicable statutory data protection provisions.

1.5 This Policy hereby notifies the data subject that SAGC, in terms of this Policy, collects personal information, as per section 18 of POPI and Article 12(1) of the GDPR.

2. SCOPE

This Policy applies to all data subjects (i.e. persons (whether a natural or juristic person) to whom the personal information relates), and the personal information SAGC processes and collects, whether it was provided to SAGC through the use of its website, or through any other form of communications with SAGC, such as email, telephone, or otherwise.

3. SAGC AND ITS CONTACT DETAILS

3.1 The responsible party is SAGC, with registration number 1963/002981/08 is a non-profit company duly incorporated and registered in South Africa in accordance with the laws of the Republic of South Africa, with its registered office at 47 Oxford Road, Forest Town, Johannesburg, 2193.

3.2 SAGC’S Information officer is available for questions related to SAGC’S managing of personal information or more information on issues relating to the protection of personal information and may be contacted using the details provided below:

3.2.1 Information Officer:   Mr. Bastian Lidzba.

3.2.2 Postal Address:          P.O. Box 87078, Houghton, 2041.

3.2.3 Street Address:          47 Oxford Road, Forest Town, Johannesburg, 2193.

3.2.4 Telephone Number:   011 486 2775.

3.2.5 Email Address:           Blidzba(at)germanchamber.co.za.

4. LEGAL BASIS FOR DATA PROCESSING

4.1 Where SAGC obtains consent to process the data subject’s personal information, Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, serves as the legal basis for data processing.

4.2 As far as the data subject’s personal data is processed because processing is required to fulfil a contract or as part of a contract-like relationship with the data subject, Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI serves as the legal basis for data processing.

4.3 As far as SAGC processes the data subject’s personal data to fulfil a legal obligation, Article 6(1)(c) of the GDPR and section 11(1)(c) serves as the legal basis for data processing.

4.4 As a legal basis for data processing, Article 6(1)(f) of the GDPR and section 11(1)(f) is taken into further consideration if the processing of the data subject’s personal data is required to protect a legitimate interest of SAGC or a third party and the data subject’s interests.

4.5 SAGC undertakes not to use personal information other than for the purpose for which it was provided or collected, and in accordance with SAGC’S legitimate interests and legal obligations.

4.6 SAGC collects, processes, and uses personal information only to the extent necessary to establish, design or modify legal relationships with SAGC.

5. WESBITE USE

5.1 GENERAL USE

5.1.1 SAGC collects personal information from data subjects who visit SAGC’S website. Additional personal information may be collected from the data subject for certain of the services on offer, such as registering to join as a member, or contacting the SAGC for any reason. SAGC provides specific details in relation to this aspect in the corresponding section of this Policy.

5.1.2 When SAGC requests personal data, only the data that is mandatory must be provided. Further information can be provided on a voluntary basis. SAGC will indicate whether it is a required field or optional details.

5.2 CONTACT FORM

5.2.1 Should a data subject send SAGC an inquiry using the contact form on SAGC’S website, SAGC may collect the following personal information from the data subject: -

5.2.1.1 Name and surname;

5.2.1.2 Company;

5.2.1.3 Email address;

5.2.1.4 Telephone number;

5.2.1.5 Date and time of registration;

5.2.1.6 The browser which was used; and

5.2.1.7 The operating system which was used.

5.2.2 The contact information the data subject provides therein, will be processed by SAGC for the purpose of responding to the data subject’s inquiry and any follow-up questions which may arise by virtue of SAGC’s response to the inquiry.

5.2.3 It is mandatory to supply certain information to allow SAGC to respond to your request, whereas the supply of additional information is voluntary. Data subjects will recognise the mandatory information which must be supplied by an asterisk “*” which appears in the relevant field.

5.2.4 The information contained in the contact form is processed based on: -

5.2.4.1 The data subjects’ consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time.

5.2.4.2 Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI, to the extent that such contact with SAGC is aimed at concluding or entering into a contract.

5.2.4.3 SAGC’s legitimate interest in responding to the data subject’s inquiry in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.2.5 SAGC will not share the information provided by the data subject to any third parties.

5.2.6 SAGC will process the information provided by the data subject on the contact form until such time as the data subject requests its deletion, revokes its consent or where it may be inferred from the circumstances that the request has been resolved, whereafter the personal information will be deleted.

5.3 APPLICATION FOR MEMBERSHIP WITH SAGC

5.3.1 SAGC offers opportunities for data subjects to apply for membership with the SAGC. Data subjects may apply for membership on SAGC’s website, or via email by submitting the relevant membership application.

5.3.2 In order to consider an application for membership, the SAGC will collect, inter alia, the following information: -

5.3.2.1 The name and surname of the data subject applying for membership;

5.3.2.2 Their position in the company at which they are employed;

5.3.2.3 Their date of birth;

5.3.2.4 Their phone number;

5.3.2.5 Their email address;

5.3.2.6 The name of the company at which they are employed;

5.3.2.7 The name of the company’s managing director;

5.3.2.8 The address of the company;

5.3.2.9 The postal address and code of the company;

5.3.2.10 The city in which the company operates;

5.3.2.11 The company’s telephone number;

5.3.2.12 The company’s website;

5.3.2.13 The VAT registration number of the company;

5.3.2.14 The date and time of registration;

5.3.2.15 The browser which was used; and

5.3.2.16 The operating system which was used.

5.3.3 The supply of information in order to apply for membership with the SAGC is mandatory, failing which SAGC will be unable to process the data subject’s application for membership.

5.3.4 SAGC will process the personal information on the application to elect whether to approve the application for membership or otherwise and will not share the personal information collected with any other person.

5.3.5 SAGC will process the personal information provided during the application process based on: -

5.3.5.1 the data subject’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time; and

5.3.5.2 actions which are necessary to conduct the conclusion of a contract to which the data subject is party in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI; and

5.3.5.3 SAGC’s legitimate interest in gaining new members in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.3.6 The personal information collected by SAGC during the application process will be stored by SAGC until such time as the application process is completed. In the event that a data subject’s application is denied, the personal information in respect of the application will be deleted.

5.3.7 Once an application is approved SAGC will process the data subject’s personal information further, in order to issue an invoice.

5.3.8 Once payment of membership fees is duly received by SAGC, the data subject will become a registered member of the SAGC, and their personal information will be stored by SAGC as long as the data subject remains registered as a member with SAGC.

5.3.9 The data subject’s registration information will be subsequently deleted should the data subject cancel its registration with SAGC. However, statutory retention periods remain unaffected.

5.4 NEWSLETTER

Data subjects are able to subscribe for a free newsletter on SAGC’S website. When subscribing, SAGC collects the following personal information from the data subject:

5.4.1.1 Title;

5.4.1.2 First name;

5.4.1.3 Surname;

5.4.1.4 Email address;  

5.4.1.5 The date and time of registration;

5.4.1.6 The browser which was used; and

5.4.1.7 The operating system which was used.

5.4.2 SAGC ensures that it obtains the data subject’s consent at the time that it collects this personal information as well as its agreement to the contents of this Policy.

5.4.3 SAGC collects this information in order to provide the data subject with its newsletter.

5.4.4 SAGC will process the personal information provided during the application process based on: -

5.4.4.1 the data subject’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time; and

5.4.4.2 the actions which are necessary to conduct the performance of a contract to the extent that the data subject is a registered member of SAGC in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI; and

5.4.4.3 SAGC’s legitimate interest in keeping data subjects informed of relevant news and opportunities which may be of interest to them in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.4.5 The supply of the information is entirely voluntary and a failure to supply the information will mean that SAGC cannot provide the data subject with its newsletter.

5.4.6 Except to the extent that SAGC discloses personal information to its email marketing service provider, SAGC will not disclose the data subject’s personal information to any other person.

5.4.7 SAGC will process the information it collects for the purposes of sending the newsletter for as long as the data subject remains subscribed to the newsletter.

5.4.8 In order for SAGC to optimise its newsletter, SAGC makes use of personalised newsletter tracking, which records the clicking behaviour following delivery of the newsletter.

5.4.9 SAGC processes this information in accordance with its legitimate interest to improve the quality of its newsletter in terms of Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.4.10 Information regarding the clicking behaviour of persons who view the newsletter is stored by SAGC and is not shared with any third parties.

5.4.11 At all times, data subjects who have subscribed to the newsletter may revoke their consent, or object to the processing of their personal information for the purposes of receiving the newsletter. To exercise this right, data subjects can simply opt out of receiving further electronic communications by clicking the unsubscribe button at the bottom of every email SAGC sends, or by emailing SAGC directly.

5.4.12 Upon revocation of consent, or upon receipt of an objection to processing for these purposes, SAGC will delete the data subject’s personal information.

5.5 SERVER LOG FILES

5.5.1 SAGC automatically collects and stores information in so-called server log files, which a data subject’s server automatically transmits to SAGC. The information collected includes, but is not limited to:

5.5.1.1 Browser type and browser version;

5.5.1.2 Operating system used;

5.5.1.3 The internet service provider;

5.5.1.4 The date and time on which SAGC’S website was accessed; and

5.5.1.5 IP address; and

5.5.1.6 Websites which are accessed by the data subject through SAGC’S website.

5.5.2 SAGC collects and temporarily stores the data subject’s IP Address, to enable it to transmit the contents of its website to the data subject’s device, which includes, but is not limited to text, images and files. In order for these actions to occur, the data subject’s IP Address must be stored by SAGC for the entire duration of the data subject’s session.

5.5.3 SAGC’S use of server log files ensures that SAGC’S website is functional, operates optimally and maintains the security of its information technology systems.

5.5.4 The supply of such information by the data subject is mandatory in order to ensure that SAGC can make the content of its website available to data subjects and a failure to provide such information means that data subjects will be unable to use SAGC’S website.

5.5.5 The legal basis for processing is SAGC’S legitimate interests in the proper and user-friendly functioning of its website in terms of Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.5.6 The information collected by the SAGC through server log files is not used for marketing purposes.

5.5.7 The information collected through server log files will be deleted as soon as possible once the purpose for its collection has been fulfilled. As a general rule, the information collected in server log files is deleted following the expiry of a period of 7 (Seven) days. Where information is stored for a longer period, SAGC ensures that the IP Address of the data subject is deleted or altered to ensure that the data subject can no longer be identified from such information.

5.6 USE OF COOKIES

5.6.1 SAGC uses both technically necessary cookies and cookies for analysis purposes on its website.

5.6.2 Through technically necessary cookies SAGC collects, stores and transmits the following information: -

5.6.2.1 fonts = standard cookie variable which is used by SAGC to reload the fonts in the browser during an update.

5.6.2.2 fullcss = standard cookie variable which SAGC uses to reload the CSS file in the browser during an update.

5.6.3 The information collected through this cookie is stored for a maximum period of 730 (Seven Hundred and Thirty) days.

5.6.4 In addition, SAGC uses cookies which enable an analysis of the web surfing behaviour of data subjects.

5.6.5 When visiting the SAGC website, the data subjects are informed via web banner about the use of cookies for analytical purposes, it is also pointed out that the storing of cookies can be disabled in the browser settings, there is also an explanation of how to do this.

5.6.6 Through analysis cookies, SAGC collects stores and transmits the following information by using a service provided via the Consent Manager of the Piwik PRO Analytics Suite: -

5.6.6.1 _pk_id = which is used to recognize visitors and hold their various properties. If the data subject consents to the use of such technology, it will only be stored for a period of 13 (Thirteen) months where after it will be deleted. However, if the data subject does not consent to the use of this technology, the information is only stored for 30 (Thirty) minutes, where after it will be deleted.

5.6.6.2 _ppms_privacy = Stores visitor’s consent to data collection and usage. This information will be stored for 365 (Three Hundred and Sixty Five) days, where after it will be deleted.

5.6.6.3 _pk_ses = Shows an active session of the visitor. This information is stored for 30 (Thirty) minutes, where after it will be deleted.

5.6.7 The information collected through cookies and analytics either does not contain personal information or is anonymised by SAGC to ensure that a data subject cannot be identified from the information collected in this manner.

5.6.8 SAGC collects this information in order to: -

5.6.8.1 Facilitate the use of its website;

5.6.8.2 Allowing access to certain sections of SAGC’S website;

5.6.8.3 Improve the quality of the website and its contents;

5.6.8.4 Learn how the website is used so that SAGC can continue to optimize its offerings; and

5.6.8.5 Identify and remedy errors in order to make adjustments or improvements as well as to identify and track abuse.

5.6.9 Cookies are stored on the data subject’s device and transmitted to SAGC. As such, data subjects have full control on the SAGC’S use of such cookies and the supply of such information by a data subject is entirely voluntary.

5.6.10 Data subjects are able to alter their cookie setting in their internet browsers and can disable or restrict the transmission of cookies. Saved cookies are can also be deleted by data subjects at any time.

5.6.11 When accessing the SAGC website, data subjects are informed about the use of cookies for analytical purposes with a cross reference to this Policy and instructions on how the storage of cookies in the browser settings can be prevented.

5.6.12 However, data subject may only have access to a restricted version of SAGC’S website, or not at all, if the data subject rejects the storage of cookies or deletes the necessary cookies.

5.6.13 The legal basis for processing is: -

5.6.13.1 Based on the data subject’s consent in terms of Article 6(1)(a) of the GDPR and Section 11(1)(a) of POPI; and/or

5.6.13.2 SAGC’S legitimate interests in the proper and user-friendly functioning of its website in terms of Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

5.6.14 SAGC does not share the information it collects via cookies to any other person. However, SAGC’s website and analytics service providers may have access to such information through the performance of their duties.

5.7 PIWIK PRO

5.7.1 SAGC’S website uses "Piwik PRO Analytics Suite" as their website / app analytics software and consent management tool. SAGC collects data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. Here is more information regarding the scope of data collected by Piwik PRO What data does Piwik PRO collect? | Piwik PRO help center.

5.7.2 SAGC uses such technology in order to calculate metrics such as bounce rate, page views, sessions and the like to understand how the SAGC’s website / app is used. SAGC may also create visitor’s profiles based on browsing history to analyse visitor behaviour, show personalized content and run online campaigns.

5.7.3 SAGC hosts such a solution using Microsoft Azure located in Germany and this data is stored for 25 months, where after it will then be deleted.

5.7.4 Piwik PRO does not send the data collected herein to any other sub-processors or third parties and does not use it for its own purposes. Here is more information on Pikiw PRO’s data collection: Piwik PRO privacy policy - Piwik PRO.

5.8 SURVEY MONKEY

5.8.1 SAGC makes use of ‘’Survey Monkey’’ as a platform for conducting surveys, in order to gather information on a data subject’s view on a particular topic.

5.8.2 SAGC collects the following personal information from the data subjects when conducting surveys:

5.8.2.1 Data subjects name, surname and email address;

5.8.2.2  company’s name;

5.8.2.3 Their position at the company;

5.8.2.4 The number of employees working at the company;

5.8.2.5 The company’s annual turnover; and

5.8.2.6 When the company was established in South Africa.

5.8.3 The above is not a closed list, depending on the topic of the survey, additional personal information may be collected. Should the data subject feel uncomfortable or not wish to share the abovementioned personal information, they may enter ‘’N/A’’ into the required field.

5.8.4 SAGC will process the information it collects for the purposes of gathering information on data subject’s view on a particular topic. SAGC does not transfer the personal information received from the surveys outside of the Republic of South Africa.

5.8.5 The data subject’s supply of the personal information in the survey is entirely voluntary and should the data subject elect not to provide the information sought in the survey, the data subject’s particular views cannot not be taken into consideration.

5.8.6 The results which emanate from the surveys which are conducted, could potentially be shared via publications through third parties, including members of the SAGC and individuals who visit SAGC’s website. However, all results which are shared will not disclose the data subject’s identity and will ensure that all the personal information remains anonymous. Survey Monkey collects the following personal information from the data subjects when conducting surveys:

5.8.6.1 Contact information;

5.8.6.2 Usage information on Survey Monkey’s website;

5.8.6.3 Device and browser data;

5.8.6.4 Information from page tags;

5.8.6.5 Log data;

5.8.6.6 Referral information; and

5.8.6.7 Information from third parties and integration partners.

5.8.7 The personal information which is collected by Survey Monkey may be processed in and transferred and disclosed in the United States of America and countries in which their affiliates are located and where their service providers are located and have servers. Survey Monkey ensures that the recipients of the personal information offer an adequate level of protection by entering into the appropriate back-to-back agreements as well as Data Processing Agreements.

5.8.8 Survey Monkey processes the data subject’s personal information in order to fulfil their primary goal which is to improve upon and ensure that their services and messaging is relevant for all users, whilst also ensuring that the personal information of all users is respected and protected.  For more information, visit the Survey Monkey privacy statement at https://www.surveymonkey.com/mp/legal/privacy/?ut_source=legal&ut_source2=privacy&ut_source3=inline#data-transfers-and-privacy-shield-certification.

5.9 WEBSITE SECURITY

5.9.1 SAGC’s website uses Secure Socket Layer (SSL) encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries data subject’s send to SAGC as the site operator, or the information which is provided when applying for membership with SAGC on the website.

5.9.2 Data subjects can recognize an encrypted connection in their browser's address bar when it changes from "http://" to "https://" and the system-specific lock icon is displayed in your browser's address bar.

5.9.3 If SSL encryption is activated, the data you transmit to SAGC cannot be read by third parties.

6. EMAIL AND TELEPHONE CONTACT WITH SAGC

6.1 Where data subjects contact SAGC for any reason, SAGC may collect the following information: -

6.1.1.1 Name and surname;

6.1.1.2 Company;

6.1.1.3 Email address; and/or

6.1.1.4 Telephone number.

6.1.2 The contact information the data subject provides therein, will be processed by SAGC for the purpose of responding to the data subject’s inquiry and any follow-up questions which may arise by virtue of SAGC’s response to the inquiry.

6.1.3 It is mandatory to supply the information which is necessary to allow SAGC to respond to your request, whereas the supply of additional information is voluntary. A failure to provide the mandatory information means that SAGC is unable to respond to your request.

6.1.4 The information collected from the data subject during a telephone call or upon receipt of an email is processed based on: -

6.1.4.1 The data subjects’ consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time.

6.1.4.2 Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI, to the extent that such contact with SAGC is aimed at concluding or entering into a contract.

6.1.4.3 SAGC’s legitimate interest in responding to the data subject’s inquiry in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

6.1.5 SAGC will not share the information provided by the data subject to any third parties, unless SAGC requires a third-party service provider to assist in responding to the request.

6.1.6 SAGC will process the information provided by the data subject during the telephone call or in the email until such time as the data subject requests its deletion, revokes its consent or where it may be inferred from the circumstances that the request has been resolved, whereafter the personal information will be deleted.

7. REGISTERED MEMBERS

7.1 SAGC collects the personal information of registered members, including, where applicable, that of its representatives, from the information contained on the membership application form or where such information is provided by registered members to SAGC.

7.2 SAGC collects this information, in order to: -

7.2.1 add members to the members data base;

7.2.2 provide services to members;

7.2.3 communicate with members;

7.2.4 inform members of upcoming events, news or opportunities which may be of interest; and/or

7.2.5 afford members access to specific events for which they have registered.

7.3 SAGC will process the personal information of its registered members based on: -

7.3.1 the member’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time; and

7.3.2 actions which are necessary to conduct the performance of a contract to which the member is party in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI;

7.3.3 the protection of members legitimate interests to receive the services due to them in terms of Article 6(1)(d) of the GDPR and section 11(1)(d) of POPI; and

7.3.4 SAGC’s legitimate interest in providing its members with its products and services in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

7.4 The supply of the relevant information is mandatory to the extent that it pertains to their membership, or their registration to a particular event and a failure to supply such information means that the membership of the data subject cannot be maintained, and the data subject will not be afforded access to the relevant event.

7.5 The personal information of SAGC members, including, where applicable, that of its representatives, who form part of the SAGC member data base is operated by Fusion Software ], and is stored on their secure servers located in Johannesburg.

7.6 We ensure that the personal information we transfer to the international organisation is securely protected, treated confidentially and processed lawfully in terms of a written contract to that effect.

7.7 Where a data subject’s membership expires, their personal information may be processed for the purposes of inquiring whether they wish to renew their membership.

7.8 In the event that data subjects do not wish to renew their membership, or cancel their membership with SAGC, SAGC ensures that the personal information is restricted and is only processed to the extent necessary to comply with obligations imposed by law, such as the requirement to retain documents in accordance with statutory retention periods.

8. EVENTS

8.1 From time-to-time SAGC hosts events which may be attended by data subjects (whether registered members of SAGC or otherwise) where such data subject have registered to attend.

8.2 Where a data subject registers to attend an event hosted by SAGC, SAGC collects personal information from the data subject such as, their name, surname, email address, the name of the company they work for, their job title, the country and region in which they are resident, telephone number, the date and time of their registration, the browser that was used as well as the operating system used, and whether they are registered members of the SAGC or otherwise.

8.3 The information is collected by SAGC in order to: -

8.3.1 register the data subject for the particular event;

8.3.2 furnish the data subject with an invoice for attendance at the event, where SAGC charges a fee for attending;

8.3.3 afford the data subject access to and attendance at the event, provided, where applicable payment has been duly received; and

8.3.4 provide data subjects with any relevant materials to be used at the event.

8.4 SAGC processes the personal information of data subjects who attend events based on:

8.4.1 the data subject’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time;

8.4.2 actions which are necessary to conduct the performance of a contract to which the data subject is party in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI;

8.4.3 the protection of members legitimate interests to attend at the event in terms of Article 6(1)(d) of the GDPR and section 11(1)(d) of POPI; and

8.4.4 SAGC’s legitimate interest in securing the attendance of data subjects at the event in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

8.5 It is mandatory to supply certain information to allow SAGC to register you to the event, whereas the supply of additional information is voluntary. Data subjects will recognise the mandatory information which must be supplied by an asterisk “*” which appears in the relevant field.

8.6 Should a data subject fail to provide the necessary mandatory information, SAGC will be unable to register the data subject for the event and they will not be afforded access.

8.7 Where a fee is payable to attend an event, SAGC will share the personal information of the data subject, in order to issue an invoice.

8.8 SAGC wishes to inform data subjects that it takes photographs at events which are uploaded onto its website under the “Gallery” section. In certain cases, photographs may contain images of data subjects who attend at the event. By attending events hosted by SAGC, data subjects acknowledge that photographs, which may contain images of them, may be uploaded on the SAGC website in line with SAGC’S legitimate interest to promote the popularity of its events in accordance with section 11(1)(f) of POPI.

8.9 Should a data subject appear in a photograph on SAGC’S website and wish for the photograph to be removed. They may request such removal by sending an email to SAGC or its information officer and requesting the removal of the photo in question.

8.10 Attendance lists of the relevant events are retained by SAGC for historical and statistical purposes.

9. GUEST SPEAKERS

9.1 From time-to-time SAGC hosts events and may mandate guest speakers to present at such events.

9.2 Where guest speakers are requested to present at a particular event, SAGC collects the following personal information: -

9.2.1 Name and surname;

9.2.2 Job title;

9.2.3 Company name;

9.2.4 Email address;

9.2.5 Telephone number;

9.2.6 Banking information (where necessary).

9.3 The information is collected by SAGC in order to: -

9.3.1 Make the necessary arrangements for the guest speaker to present at the event;

9.3.2 Inform attendees of a particular event who the guest speaker is;

9.3.3 Enable the SAGC to pay the guest speaker for their services (where applicable).

9.4 SAGC processes the personal information of guest speakers who attend and present at events based on:

9.4.1 the guest speaker’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of POPI, which consent may be revoked at any time;

9.4.2 actions which are necessary to conduct the performance of a contract to which the guest speaker is party in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI;

9.4.3 the protection of the guest speaker’s legitimate interests to attend and present at the event in terms of Article 6(1)(d) of the GDPR and section 11(1)(d) of POPI; and

9.4.4 SAGC’s legitimate interest in securing the attendance and presentation of the guest speaker at the event in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

9.5 It is mandatory for the guest speaker to supply the personal information in order to allow SAGC to secure the guest speakers attendance, whereas the supply of additional information, which is not necessary to make the necessary arrangements for the guest speaker to attend and present at the event is voluntary.

9.6 Should a guest speaker fail to provide the necessary mandatory information, the guest speaker will be unable to attend or present at the relevant event.

9.7 Attendance lists of the relevant events are retained by SAGC for historical and statistical purposes.

10. MARKETING ACTIVITIES

10.1 Marketing is an important way in which SAGC conducts business and is key to its continued success. SAGC ensures that its direct marketing activities are conducted strictly in accordance with this policy, the GDPR and POPI.

10.2 SAGC will only direct market via electronic communication to its registered members, or to data subjects who have provided their consent to receive such marketing materials.

10.3 In order to enable such direct marketing activities, SAGC will collect information from the data subject such as the data subject’s: -

10.3.1 Name;

10.3.2 Email address;

10.3.3 Job title;

10.3.4 Industry;

10.3.5 Company name; and

10.3.6 Telephone number.

10.4 For registered members of SAGC this information is collected from the relevant membership application form, or where it is provided by the relevant member. For non-members, this information is collected from the data subject when it is voluntarily provided on SAGC’s website or on the registration form for specific events.

10.5 SAGC processes the personal information of its members, and data subjects who have provided their consent, for the purpose of staying in touch and informing them of products and services, upcoming events, webinars, promotions, news and other opportunities.

10.6 SAGC processes this personal information based on: -

10.6.1 the data subject’s consent in terms of section 11(1)(a) of POPI; or

10.6.2 actions which are necessary for the performance of a contract to which the data subject is party in terms of section 11(1)(b) of POPI; and

10.6.3 SAGC’s legitimate interest in informing its members of relevant events, opportunities and news in accordance with section 11(1)(f) of POPI.

10.7 The supply of such personal information for the purposes of direct marketing is entirely voluntary and a failure to provide such information would mean that SAGC is unable to keep data subjects informed of events, news and opportunities.

10.8 SAGC uses various communication tools to enable it to effectively market, inter alia, its products and services, such as: -

10.8.1 CleverReach GmbH & Co. KG - a company registered with the commercial register of the local court of Oldenburg (registration number HRA 4020), Germany, provides a web-based autonomous direct communication software at the website address cleverreach.com as well as associated services (“CleverReach”). CleverReach is operated by CleverReach GmbH & Co. KG. Click here to read their Terms and Conditions (https://www.cleverreach.com/en/terms-of-service/)

10.9 In order to conduct our marketing activities, SAGC may transfer your personal information to the persons listed above, which may include the transfer of your personal information outside of the Republic of South Africa.

10.10 SAGC ensures that the personal information being transferred to the international organisations listed above are securely protected, treated confidentially and processed lawfully in terms of a written contract to that effect.

10.11 Save as aforesaid, the personal information of data subjects on our marketing data base is not shared with any other person.

10.12 At all times, members and non-members have the right to object to the processing of their personal information for the purposes of direct marketing. To exercise this right, data subjects can simply opt out of receiving further electronic communications by clicking the unsubscribe button at the bottom of every email SAGC sends, or by emailing SAGC directly.

10.13 SAGC may also process the personal information of data subject to direct market in other ways, which do not involve electronic communications. In such cases, data subjects are also entitled to object to the processing of their personal information in terms of section 11(3)(b) of POPI.

10.14 To exercise this right, data subjects can inform SAGC of their objection to such processing.

10.15 Where a data subject has objected to the processing of their personal information for the purposes of direct marketing, either in terms of electronic communication or otherwise, SAGC will remove the relevant data subject from its marketing data base and will ensure that it no longer processes the data subject’s personal information for these purposes. However, the legality of the processing which took place prior to such objection will not be affected.

11. THIRD PARTY SERVICE PROVIDERS

In certain cases, SAGC makes use of third-party service providers to assist it in performing its functions and duties. Where SAGC transfers personal information to its third-party service providers, it commits them to safeguarding the security of the personal information which is provided to them in terms of written contracts which oblige them treat such information as confidential and not disclose it and to adopt appropriate security measures to protect the relevant personal information from unauthorised access. The processing of personal information in such cases is performed: -

11.1 Where necessary to conclude and/or perform in terms of a written contract to which the data subject is party in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of POPI;

11.2 Where it complies with an obligation which is imposed in terms of law in terms of Article 6(1)(c) of the GDPR and section 11(1)(c) of POPI;

11.3 To protect the legitimate interests of the data subject in terms of Article 6(1)(d) of the GDPR and section 11(1)(d) of POPI; or

11.4 In pursuit of our legitimate interests to render services which are of a high quality in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of POPI.

12. TRANSFER OF PERSONAL INFORMATION OUTSIDE OF THE REPUBLIC OF SOUTH AFRICA

12.1 Save as specified in this Policy, SAGC will not transfer the personal information of a data subject outside of the Republic of South Africa.

12.2 In cases where personal information is transferred to third parties based outside of the Republic of South Africa, SAGC will only transfer such information in terms of a written contract which obliges recipients to: -

12.2.1 Treat the personal information as confidential and not disclose it;

12.2.2 Establish and implement appropriate security measures to protect the personal information against unauthorised access;

12.2.3 Effectively upholds the principles of reasonable processing as set out in POPI; and

12.2.4 Limit the further transfer of such personal information in terms of provisions which are substantially similar to the provisions of section 72 of POPI.

13. USE OF SOCIAL MEDIA

13.1 On SAGC’S website, data subjects may find links to various social media platforms, which can be recognized by the provider's respective logo.

13.2 In most cases, social media plugins automatically track a data subject’s IP Address other logged browser behaviour once the data subject visits a page. SAGC uses the Sharrif method to ensure that social media platforms do not automatically track data subjects, until such time as a data subject clicks on the relevant share button.

13.3 Clicking on the link will open the corresponding social media page, for which this privacy policy does not apply. Please check the relevant privacy policies of the individual providers for details on the applicable terms and conditions

13.4 Before calling up the relevant hyperlinks, the data subject’s personal information is not transferred to the respective provider.

13.5 LinkedIn

13.5.1 SAGC’S uses LinkedIn's social networking plugin, from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you click this button, your browser connects to LinkedIn to perform the functions of the plugin. However, no personal data is stored by you through LinkedIn, nor is your use recorded via a cookie. For more information, visit the LinkedIn privacy statement See www.linkedin.com/legal/privacy-policy. In addition, we refer you to the general handling and deactivation of cookies on our general presentation in this privacy policy.

13.6 YouTube Videos

13.6.1 From time-to-time SAGC may include YouTube videos on its website, which are stored on the servers of YouTube and are playable through SAGC’S website via an embedding. Embedding the videos is done with the advanced privacy option enabled. When you play these videos, a data subject’s computer will store YouTube cookies and DoubleClick cookies and may transfer data to YouTube Inc., Amphitheatre Parkway, Mountain View, CA 94043, as the YouTube operator.

13.6.2 When playing videos stored on YouTube, at least the following information will be transmitted to Google Inc. as the YouTube operator and operator of the DoubleClick network as of today: IP address and cookie ID, the specific address of the page we visited, system date and time the call, identifier of your browser. 
Whether you have a Google Account on which you are logged in or whether you do not have a user account, the transfer of this information occurs. If you are signed in, Google may directly associate this information with your account. If you do not want to be assigned to your profile, you must log out before activating the play button for the video.

13.6.3 YouTube or Google Inc. store such data as usage profiles and, if applicable, use such for purposes of marketing, market research and/or for the demand-driven design of their websites. Such an analysis is carried out in particular (also for data subjects who are not logged in) to provide demand-driven advertising and to inform other data subjects about your activities on our website. You have the right to object to the creation of such usage profiles; to exercise your right, you will have to contact Google as the operator of YouTube.

13.7 Twitter

13.7.1 SAGC’s website uses plugins of the social network Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. By using the Shariff method, Twitter only gains knowledge of your IP address and your visit to our website if you click the button.

13.7.2 SACG has no knowledge of any subsequent potential collection and use of your data by Twitter and also have no influence on such. More information can be found in the data privacy statement of Twitter at twitter.com/privacy.

13.8 XING

13.8.1 SAGC’s website uses the Xing share plugin of the social network Xing, XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. By clicking the button, your browser connects to Xing to carry out the functions of the plugin. In this context, no personal data is stored by Xing, and your use is also not recorded via a cookie. More information can be found in the data privacy statement of Xing at www.xing.com/privacy.

13.9 FACEBOOK

13.9.1 SAGC’s website uses plugins of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. By using the Shariff method, Facebook only gains knowledge of your IP address and your visit to SAGC’s website if you click the button. If you use the plugin while being logged in on Facebook, Facebook is able to allocate your use to your user account.

13.9.2 SAGC has no knowledge of any subsequent potential collection and use of your data by Facebook and also have no influence on such. More information can be found in the data privacy statement of Facebook at de-de.facebook.com/policy.php.

13.10 GOOGLE+

13.10.1 SAGC’s website uses plugins of the social network Google+ of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using the Shariff method, Google only gains knowledge of your IP address and your visit to our website if you click the button. If you use the plugin while being logged in on Google+, Google+ is able to allocate your use to your user account.

13.10.2 SAGC has no knowledge of any subsequent potential collection and use of your data by Google+ and also have no influence on such. More information can be found in the data privacy statement of Google at www.google.de/intl/de/policies/privacy/.

14. LINKS TO OTHER WEBSITES

14.1 SAGC’S website contains links to other websites, with relevant hyperlinks for these purposes being labelled as such.

14.2 SAGC hereby provides notification that it has no influence on and to what extent the linked websites comply with the applicable data protection regulations and accordingly recommends that data subjects acquaint themselves with the relevant privacy policies for such other websites before accessing or entering same.

15. DISCLOSURE OF INFORMATION

15.1 SAGC does not sell or otherwise disclose personal information, save as specified in this Policy, or as may be required in terms of applicable law. However, SAGC may disclose a data subject’s personal information, inter alia: -

15.1.1 Where such disclosure is necessary for marketing purposes;

15.1.2 Where such disclosure is made to suppliers or third-party service providers, who enable SAGC to provide services;

15.1.3 To SAGC employees who strictly require it in order to perform their functions; and/or

15.1.4 On the SAGC website’s member portal to enable members to network with one another.

15.2 SAGC ensures that third party service providers and employees, who may receive the personal information of data subjects, respect the confidentiality and the need for protection of your personal information by adopting appropriate measures to this effect. In all other cases, SAGC will not disclose your personal information without first notifying the relevant data subject and obtaining their consent.

16. PROMOTION OF ACCESS TO INFORMATION

Should data subjects wish to access any information held by SAGC for the purposes of exercising any of their rights, data subjects are hereby referred to SAGC’S manual, which has been prepared in accordance with section 51 of the Promotion of Access to Information 2 of 2000, as amended, which manual is accessible on SAGC’S website or may be obtained at SAGC’S premises.

17. SECURITY IN RESPECT OF PERSONAL INFORMATION

17.1 We ensure the confidentiality, integrity and availability of the personal information we process by placing same onto specially secured servers, which are only accessible: -

17.1.1 from password protected computers;

17.1.2 by designated members of staff with specific access permissions.

17.2 The storage thereof is a technical and organizational measure employed by us to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons.

17.3 SAGC has a dedicated hardware firewall, to protect the corporate network from external attacks. Up to date Anti-virus software is installed on all machines and regular patches and updates of software is performed to keep systems compliant.

17.4 Only authorized persons are able to access the personal information of data subjects. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible and SAGC in no way guarantees complete protection in this regard.

17.5 SAGC undertakes to delete or restrict the processing of the data subject’s personal information when the purpose for the storage thereof is fulfilled.

17.6 However, storage may continue after the purpose is fulfilled where such storage is required in order to comply with statutory legal provisions to which SAGC is subject, for example in terms of statutory retention periods and documentation obligations.

17.7 In a case such as this, SAGC will delete or restrict the data subject’s personal information following expiry of the relevant retention period.

18. DATA SUBJECTS RIGHTS IN RESPECT OF PERSONAL INFORMATION

In terms of POPI, data subjects have the following options available in respect of their personal information that SAGC processes:

18.1 they may inquire, at no cost, whether SAGC holds its personal information, as long as it provides SAGC with adequate proof of their identity;

18.2 where necessary, request the correction, destruction or deletion of its personal information, as per clause 20.8 below;

18.3 object to, in terms of clause 21 below, restrict or limit the processing of its personal information;

18.4 object to SAGC using personal information for purposes of direct marketing; and/or

18.5 request that their personal information not be used to send unsolicited emails.

19. SAGC refers data subjects to the clauses below, which give general guidance on how to exercise the rights listed above.

20. RIGHT OF ACCESS TO, CORRECTION AND/OR DELETION OF PERSONAL INFORMATION

20.1 SAGC hereby provides notification that a data subject who may prove their identity has the right to request confirmation from SAGC, free of charge, as to whether it holds personal information on that data subject.

20.2 Should data subjects wish to establish whether SAGC holds any personal information on them, data subjects are invited to send an email with their request to SAGC using the information set forth above.

20.3 Although the data subject has a right to request access to personal information from SAGC, in certain instances, SAGC is obliged to refuse access to personal information based on the grounds contained in the provisions of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act 2 of 2000, as amended.

20.4 In the event that a particular ground of refusal applies, SAGC will not provide the data subject access to such personal information.

20.5 Should personal information be disclosed to the data subject in response to any requests as aforesaid, the data subject is hereby notified of its right to request correction, deletion and/or blocking of the personal information, in line with section 24 of the Protection of Personal Information Act 4 of 2013, as amended.

20.6 Should SAGC hold personal information on the data subject, they are likewise entitled to:

20.6.1 request access to any personal information held by SAGC,

20.6.2 request the correction of such information in cases where their information has changed or is no longer accurate; and/or

20.6.3 request the deletion of the personal information.

20.7 Where the data subject is a registered member of SAGC, they are able to access or update their personal information held by the SAGC by sending an email to SAGC and requesting such access and/or update as the case may be.

20.8 In other cases, a data subject who wishes to request the correction or deletion of personal information or the destruction or deletion of a record of personal information in terms of section 24(1) of POPI, must submit a request to SAGC on Form 2, which may be accessed at https://www.justice.gov.za/legislation/notices/2018/20181214-gg42110-rg10897-gon1383-POPIregister.pdf.

20.9 SAGC, or its information officer, will render such reasonable assistance, as may be necessary and free of charge, to enable a data subject to complete Form 2.

20.10 Please feel free to contact SAGC at any time should data subjects have any further questions in respect of personal information.

21. WITHDRAWAL OF CONSENT AND RIGHT TO OBJECT TO PROCESSING OF PERSONAL INFORMATION

21.1 Data subjects are hereby informed that they may revoke their consent to SAGC processing their personal information at any time by simply sending an email to SAGC or its Information Officer. However, the revocation of such consent will not affect the lawfulness of continued processing where legal grounds authorise SAGC to continue processing such information.

21.2 Withdrawing consent will not affect the lawfulness of the processing that was conducted by SAGC between the time of consent and withdrawal.

21.3 As far as processing a data subject’s personal information is not based on consent but another legal basis, the data subject can object to this data processing.

21.4 SAGC hereby provides notification that data subjects may, in terms of section 11(3)(a) of POPI, object, at any time, to the processing of personal information, where SAGC processes personal information: -

21.4.1 In order to protect a legitimate interest of the data subject;

21.4.2 Where processing is necessary for the proper performance of public law duty by a public body; and

21.4.3 Where processing is necessary for pursuing the legitimate interests of the responsible party, or of a third party to whom the information is supplied.

21.5 Should data subjects wish to object to the processing of their personal information in terms of section 11(3)(a) of POPI, data subjects must submit their objection to SAGC on Form 1, in accordance with the Regulations relating to POPI.

21.6 The Form 1 document may be accessed through the following link: https://www.justice.gov.za/legislation/notices/2018/20181214-gg42110-rg10897-gon1383-POPIregister.pdf

21.7 SAGC, or its information officer, undertakes to render such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.

21.8 Any objections by a data subject must be based on reasonable grounds relating to the data subject’s particular situation unless legislation provides for such processing in which case SAGC shall continue to process such personal information in compliance with its legislative obligations.

21.9 In the absence of such legislative obligations, SAGC will review and, if necessary, terminate the processing of such personal information or data.

21.10 Data subjects will be informed of the results of the review and receive – if the data processing is to continue nevertheless – detailed information from SAGC about why data processing is permitted.

22. SECURITY COMPROMISES

Should SAGC have reason to believe that the personal information of data subjects has been accessed or acquired by any unauthorised person, SAGC hereby informs data subjects that it shall, as soon as possible, notify the Information Regulator and any affected data subjects, unless their identity cannot be established. The basis for processing a data subject’s information in such cases is to comply with obligations imposed by law, in terms of section 11(1)(c) of POPI and to protect a data subjects’ legitimate interest in respect of their personal information in terms of section 11(1)(d) of POPI.

23. RIGHT TO LODGE A COMPLAINT WITH THE INFORMATION REGULATOR 

23.1 Data subjects are entitled to submit a complaint to the Regulator in the prescribed manner and form, alleging any interference with the protection of their personal information.

23.2 In terms of the Regulations relating to POPI, any person who wishes to submit a complaint must submit such a complaint to the Information Regulator on Part I of Form 5.

23.3 The relevant form is accessible via the following link: https://www.justice.gov.za/legislation/notices/2018/20181214-gg42110-rg10897-gon1383-POPIregister.pdf

23.4 The available contact details of the Information Regulator are recorded as follows:

23.4.1 Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001;

23.4.2 Postal Address: PO Box 31533, Braamfontein, Johannesburg, 2017.

23.4.3 Email: complaints.IR(at)justice.gov.za.

24. UPDATES TO THIS POLICY

SAGC reserves its right to amend this Policy from time to time and will do so without notice to data subjects. The latest version of this Policy will be indicated by the date information (below). The current version of this Policy can always be accessed directly via SAGC’S website.

Last Updated: 6 April 2022