In South Africa, the processing of personal information is governed by the Protection of Personal Information Act, 4 of 2013 (“POPIA“).
The content of the Privacy Statement will apply to the processing of personal information carried out by Gateway Communications (Pty) Ltd (“Gateway“), a PCCW Global group company in South Africa. The purpose of this Annex A is to supplement the Privacy Statement. However, to the extent that any provision of the Privacy Statement conflicts with any provision in this Annex A in relation to the processing of personal information in South Africa, the provisions of this Annex A shall prevail.
Definitions
Information Officer – means the person appointed by or on behalf of Gateway as the information officer, who is required to assist with (i) the implementation of the Privacy Statement; and (ii) the compliance requirements of the Privacy Statement.
Operators – all references to processors in the Privacy Statement shall have the meaning given to “operators” in POPIA. POPIA defines an “operator” as a person who processes Personal Information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.
Personal Information – all references to “Data” in the Privacy Statement is a reference to “Personal Information” as defined under POPIA. POPIA defines Personal Information as information about an identifiable living natural person, and in so far as it is applicable, an identifiable existing juristic person. A juristic person is a separate legal entity capable of acquiring rights and incurring liabilities, which allows it to sue and be sued in its own name, for example, a company or a trust. Personal Information includes but is not limited to:
- information relating to the race gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of a person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private and confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
Personal information does not include information that does not identify a person (such as information that has been anonymised).
Processing – shall have the meaning given to it in POPIA, which includes, among other things, activities such as collecting, storing, using, disseminating, marking, restriction, erasing or destroying Personal Information.
Information Officer
We have appointed an Information Officer who is responsible for overseeing questions in relation to the Privacy Statement. You may contact our Information Officer at [email protected] to discuss the Privacy Statement or your rights under Personal Information protection laws that are applicable to you.
Your Personal Information
Gateway may process, collect, store and/or use aggregated data, which may include historical or statistical data (“Aggregated Data“) for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information in a manner that has the result that it can directly or indirectly identify you, we will treat the combined data as Personal Information, which will be managed in accordance with this Privacy Policy.
Our legal basis for using your Personal Information including how we disclose your Personal Information
Where Gateway is required to process your Personal Information by law, or in terms of a contract that we have with you, and you fail to provide such Personal Information when requested to do so, Gateway may be unable to perform in terms of the contract we have in place or are trying to enter into with you. In this case, Gateway may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation.
Gateway will restrict its processing of your Personal Information to the original purpose for which it was collected, unless Gateway reasonably considers that it is necessary to process it for another purpose that is compatible with the original purpose.
Gateway may, where permitted or required to do so by applicable legislation, process your Personal Information without your knowledge or consent, and will do so in accordance with the further provisions of this Privacy Statement.
We will not intentionally disclose your Personal Information, whether for commercial gain or otherwise, other than with your permission, as permitted by applicable law or in the manner as set out in this Privacy Statement.
In order to provide the Services you have requested, we may disclose your Personal Information to third parties, to the extent permissible under applicable laws and regulations. Where we disclose your Personal Information to third parties, we will only disclose your Personal Information to third parties who have agreed to be bound by the Privacy Statement or similar terms, which offer the same level as protection as this Privacy Statement.
Storage and transfer of your Personal Information
We store your Personal Information on our servers or those of our service providers and in hard copy format at our offices and at the storage facilities of our third-party record storage and management providers.
We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation. If the location to which Personal Information is transferred and/or is stored does not have substantially similar laws to those of South Africa, which provide for the protection of Personal Information, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.
Security
We take reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration and destruction through the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information.
We also create a back-up of your information for operational and safety purposes.
We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
Gateway has implemented procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which Gateway is legally required to do so and within the period in which such notification is necessary.
Retention of your Personal Information
In addition to the grounds on which we retain your Personal Information as set out in the Privacy Statement, we will only retain your Personal Information for a specified further period, where you agree to us retaining your Personal Information for such further period.
To determine the appropriate retention period for Personal Information, Gateway will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. Gateway will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
Your rights
It is your responsibility to advise Gateway or the persons responsible for the maintenance of your Personal Information should any of Personal Information we have about you be incorrect, incomplete, misleading or out of date, by notifying us.
Children
Gateway products and services are not targeted at children (a natural person under the age of 18 years). We will not knowingly collect Personal Information in respect of children without express permission to do so from a competent person (any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child).
Direct Marketing
When you register to use Gateway’s services, you will be required to provide your consent to agree to receive marketing communication from us.
You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communication from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
You may opt out of receiving direct marketing communication from us at any time by requesting us to stop providing any direct marketing communication to you.
If you have chosen to opt out, we may send you written confirmation of receipt of your opt out request (which may be in electronic form), and will thereafter not send any further direct marketing communication to you. Please note that you may continue to receive communication from Gateway that is not marketing related.
How to contact us
Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the Information Officer by email at [email protected].
If you feel that the attempts by Gateway to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at https://www.justice.gov.za/inforeg/.
PAIA Manual
Should you wish to access Gateway’s PAIA Manual, you may do so at PAIA Manual