PRIVACY POLICY:
THIS KROMCO (PTY) LTD PRIVACY POLICY ("PRIVACY POLICY") APPLIES TO HOW WE COLLECT, USE AND PROCESS YOUR PERSONAL INFORMATION AND, IN SOME INSTANCES, SPECIAL PERSONAL INFORMATION. PLEASE READ THIS PRIVACY POLICY CAREFULLY.
KROMCO PTY LTD ("we" or "us" or "our" or "the organisation") is committed to protecting and respecting your privacy. We strive to ensure that our use of your Personal Information is lawful, reasonable, and relevant to our business activities. You must take all necessary and appropriate steps to protect your Personal Information yourself (for example, by ensuring that all passwords and access codes are kept secure).
The organisation has implemented reasonable technical and operational measures to keep your Personal Information secure. You hereby indemnify and hold KROMCO (PTY) LYD harmless from any loss, damages or injury that you may incur as a result of any Security Compromise of your Personal Information to unauthorised persons or resulting from your acts or omissions during the provision of incorrect or incomplete Personal Information to the organisation.
DEFINITIONS
Unless the context clearly indicates otherwise, the following terms shall have the meanings assigned to them hereunder, namely –
"data subject/s" ("you" or "your") includes all living individuals and juristic persons about whom KROMCO (PTY) LTD holds personal information.
"legitimate" means the organisation's interest in conducting and managing our organisation to enable us to give you the best service and the most secure experience.
"personal information" means information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic person, including, but not limited to -
a. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
b. information relating to the education or the medical, financial, criminal or employment history of the person;
c. any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignments to the person;
d. the biometric information of the person;
e. the personal opinions, views or preferences of the person;
f. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
g. the views or opinions of another individual about the person; and
h. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information.
"processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including -
a. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
b. dissemination through transmission, distribution or making available in any other form; or merging, linking, as well as restriction, degradation, erasure or destruction of information.
"responsible party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. For the purpose of this privacy policy, the responsible party will be KROMCO (PTY) LTD.
"special personal information" includes personal information concerning the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of an information subject, or the criminal behaviour of an information subject.
"the organisation" refers KROMCO (PTY) LTD and all wholly-owned subsidiaries directly or indirectly controlled by it.
Unless a contrary intention clearly appears, words signifying:-
a) the singular includes the plural and vice versa;
b) any one gender includes the other genders and vice versa; and
c) natural persons include juristic persons.
PURPOSE AND SCOPE
This policy sets out how your personal information will be used by the organisation and applies to any information, including personal information and special personal information, which you give to the organisation or which the organisation may collect from Third Parties. This Privacy Policy applies to the processing by us or on our behalf, of the personal information relating to you, being a user who accesses and/or uses our website or our products and services, or a provider of products and services to us, clients, suppliers, former employees, prospective employees and other data subjects that engage with us. This Privacy Policy applies regardless of the device you use to access our website or to engage with us, including, but not limited to, internet-connected mobile devices and tablets.
If you have any comments or questions about this policy, please get in touch with the Information Officer:
ADDRESS: Kromco, Off N2, Patryslaagte Farm, Grabouw, 7160
EMAIL: privacy@kromco.co.za
TELEPHONE NUMBER: 021 850 6700
The organisation may amend this policy from time to time, to the extent allowed by the law at the organisations' sole discretion, without notice.
Any such amendment will come into effect and become part of any agreement you have with the organisation either when notice is given to you or by publication on the organisations' website. Accordingly, please check this website and privacy policy often. This policy continues to apply even after persons are no longer of concern to the organisation.
The website and our products or services are not targeted at people under the age of 18.
COLLECTION OF PERSONAL INFORMATION
The organisation collects personal information directly from data subjects unless an exception is applicable (such as, for example, where the data subject has made the personal information public or the personal information is contained in or derived from a public record).
The organisation will always collect personal information in a fair, lawful and reasonable manner to ensure that it protects the data subject's privacy and will process the personal information based on legitimate grounds that do not adversely affect the data subject in question.
The organisation often collects personal information directly from the data subject and/or, in some cases, from third parties.
We may collect, use, store and transfer different kinds of personal information about you, such as but not limited to:
a) Identity Data includes first name, last name, username or similar identifier, marital status, title, occupation, interests, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and your qualifications;
b) Contact Data includes billing address, delivery address, email address and telephone numbers.
c) Financial Data includes banking details, credit bureaux information, insurance information, financial statements, tax clearance certificates and VAT registration numbers;
d) Transaction Data includes details about payments to and from you and other details of services to you, and company information, which may consist of financial activity;
e) Technical Information includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website or to use our products and services or engage with us;
f) Usage Information, which includes information as to your access to and use of the website, products and services, such as what links you went to, what content you accessed, the amount of content viewed and the order of that content, as well as the amount of time spent on the specific content and what products and services you access and use when engaging with the organisation
g) Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences; and
h) Location Information, which includes geographical information from your access device (usually based on the GPS or IP location).
We collect your personal information in the following ways:
a) Directly from you, which includes personal data you provide when you submit certain information:
(i) to enable you to access portions of the website;
(ii) to subscribe to publications;
(iii) to request marketing or information about our events to be sent to you;
(iv) to apply for job opportunities;
(v) in contact with our partners and employees;
(vi) when being granted access to our premises;
(vii) to facilitate the conclusion of an agreement with us; and
(viii) that is necessary for the fulfilment of our statutory or regulatory obligations.
b) Indirectly from you when you interact with us electronically. When browsing our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
c) Directly from other sources, such as public databases and third parties, as well as other financial institutions, or
d) Indirectly through your interactions with third parties or,
e) The organisation collects personal information and special personal information about you through CCTV cameras installed on premises for safety and security reasons.
f) Automated technologies or interactions as you interact with our website,
Should the organisation need to collect personal information by law or under the terms of a contract with you and fail to provide the personal information when requested, we may not perform the contract. In such a case, the organisation may have to decline to provide or receive the relevant services.
SPECIAL PURPOSE INFORMATION
We will generally not process special personal information about you unless it is necessary for establishing, exercising or defending a right or obligation in law or where we have obtained your consent to do so. On rare occasions, there may be other reasons for processing your special personal information, such as where the information has been deliberately made public by you. The situations in which we may process your special personal information include, but are not limited to, the following:
a) as part of the recruitment and hiring process, we may process information relating to your criminal behaviour;
b) we may process information relating to your health as part of our screening processes when accessing our premises to comply with Covid-19 regulations and protocols; and
PROCESSING OF PERSONAL INFORMATION
Where the organisation is the responsible party, it will only process a data subject's personal information (other than for special personal information) where:
a) consent of the data subject (or a competent person where the data subject is a child) is obtained;
b) processing is necessary to carry out the actions for the conclusion of a contract to which a data subject is a party;
c) processing complies with an obligation imposed by law on the organisation
d) processing protects a legitimate interest of the data subject;
e) processing is necessary for pursuing the legitimate interests of the organisation or of a third party to whom the information is supplied; and/or
f) processing is necessary for performing a task carried out in the public interest or in exercising official authority vested in the organisation.
YOUR RIGHTS AS A DATA SUBJECT
Data protection legislation confers certain rights on you in respect of your personal information. We aim to be clear about what personal information we collect to make meaningful choices about what personal information you make available. You may, for example:
a) request access to your personal information and receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
b) request correction of your personal information and have any incomplete or inaccurate data we hold about you corrected;
c) request erasure of your personal information where there is no valid reason for us continuing to process it, noting the fact that we may not always be able to comply with your request of erasure for specific legal reasons which will be communicated to you, if applicable, at the time of your request;
d) object to the processing of your personal information;
e) request a restriction of processing your personal information;
f) request transfer of your personal information to you or a third party; and/or
g) Withdraw consent which you previously gave to the processing of your personal information where you can only make the withdrawal of your consent on condition that such withdrawal of your consent:
(i) does not affect the processing of your personal information before the withdrawal of your consent; or
(ii) does not affect the processing of your personal information if the processing complies with an obligation imposed by law on us; or
(iii) does not affect the processing of your personal information as required to finalise the performance of a contract in which you are a party; or
(iv) does not affect the processing of your personal information as required to protect your legitimate interests or our legitimate interests or the legitimate interests of a third party to whom the information is supplied.
When exercising your right to withdraw consent, you understand and acknowledge that regardless of your right to withdraw consent, other legislation may require that we continue to process your data to comply with anti-corruption, crime-fighting and/or other national legislation.
You also acknowledge that your withdrawal of consent may limit our ability to provide certain products and services to you or the ability of a third party to provide certain products or services to you.
STORAGE OF YOUR PERSONAL INFORMATION
The organisation may store your personal information in hardcopy format and/or in electronic format. Your personal information may also be stored by third parties, via cloud services or other technology, with whom the organisation has contracted with,
We store your personal information on:
a) our premises, in the form of hard copies;
b) the premises of third party service providers such as document storage service providers;
c) our servers; or
d) on the servers of our third-party service providers, such as IT systems or hosting service providers.
These third parties do not use or have access to your personal information other than for purposes specified by us. The organisation requires such parties to employ at least the same level of security that the organisation uses to protect your personal information.
The organisation will ensure that we have entered into written agreements with those third-party service providers governing our relationship with them that require them to secure the integrity and confidentiality of personal information in their possession by taking appropriate, reasonable technical and organisational measures.
Your personal information may be processed in South Africa or another country where its affiliates and third-party service providers maintain servers and facilities. The organisation will take steps, including by way of contracts, to ensure that it continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under applicable law.
SHARING OF YOUR PERSONAL INFORMATION
The organisation will not intentionally disclose your personal information, other than with your permission, as permitted by applicable law or in the manner as set out in this Privacy Policy.
You agree and permit us to share your personal information under the following circumstances:
a) with our agents, advisers and suppliers that have agreed to be bound by applicable data protection legislation and this Privacy Policy or similar terms
b) with our employees, suppliers, consultants, contractors and agents if and to the extent that they require such personal information to process it for us and/or provide services for or to us. We will authorise any personal information processing done by a third party on our behalf, amongst other things, by entering into written agreements with those third parties governing our relationship with them and containing confidentiality, non-disclosure and data protection provisions. Such persons may be disciplined, their contracts terminated, or other appropriate action taken if they fail to meet their obligations;
c) to enable us to enforce or apply our terms and/or any agreement you have with us;
d) to enable us to monitor web traffic: web servers serving the website automatically collect information about pages you visit.
e) for statistics purposes: we may perform statistical analyses to measure interest in the various areas of the website (for product development purposes);
f) to protect our rights, property or safety or that of our clients, employees, contractors, suppliers, agents and any other third party;
g) with governmental agencies and other regulatory or self-regulatory bodies;
h) comply with the law or with any legal process;
i) protect and defend the rights, property or safety of the organisation, or our clients, employees, contractors, suppliers, agents or any third party;
j) to detect, prevent or manage actual or alleged fraud, security breaches, technical issues, or the abuse, misuse or unauthorised use of the website and/or infringements of this Privacy Policy; and/or k) protect the rights, property or safety of members of the public;
SECURITY OF YOUR PERSONAL INFORMATION
We take reasonable technical and organisational measures to secure your personal information integrity and use accepted technological standards to prevent unauthorised access to or disclosure of your personal information and protect your personal information from misuse, loss, alteration, and destruction.
We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
We also create backups of your information for operational, business continuity and safety purposes, and we have a backup disaster recovery program.
Despite the above measures being taken when processing personal information and personal information, as far as the law allows, we will not be liable for any loss, claim and/or damage arising from any unauthorised access, disclosure, misuse, loss, alteration or destruction of your personal information and/or special personal information.
You, therefore, acknowledge that you know and accept that technology is not entirely secure. There is a risk that your personal information and special personal information will not be secure when processed utilising technology. To the maximum extent permitted by law, you will not be able to take action against us if you suffer losses or damages in these circumstances.
BREACHES OF YOUR PERSONAL INFORMATION
A data breach refers to any incident in terms of which reasonable grounds exist to believe that a data subject's personal information has been accessed or acquired by any unauthorised person.
A data breach can happen for many reasons, which include but are not limited to:
a) loss or theft of data or equipment on which personal information is stored;
b) inappropriate access controls allowing unauthorised use;
c) equipment failure;
d) human error;
e) unforeseen circumstances, such as a fire or flood; and/or
f) deliberate attacks on systems, such as hacking, viruses or phishing scams;
The organisation will address any data breach under the terms of relevant privacy laws.
The organisation will notify the Information Regulator and the affected data subject(s) unless the applicable law requires that we delay notification to the data subject.
RETENTION OF YOUR PERSONAL INFORMATION
The organisation will retain your information under retention periods set out in applicable laws unless the organisation deems it necessary to retain it for longer for a lawful purpose (for example, for the purposes of complaints handling, legal processes and proceedings).
The organisation may keep records of the personal information it has collected, correspondence, or comments in an electronic or hardcopy file format
ACCURACY OF YOUR PERSONAL INFORMATION
The organisation will take reasonable steps to ensure that all personal information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which personal information is collected or further processed.
The organisation may not always expressly request the data subject to verify and update his/her/its personal information unless this process is specifically necessary The organisation acknowledges that you have the right of access to and the right to rectify your personal information.
You must let us know if any of the personal information that we have about you is incorrect, incomplete, misleading or out of date by notifying the Information officer at the contact details set out above
DIRECT MARKETING
To the extent that the organisation acts in its capacity as a direct marketer, it shall strive to observe and comply with its obligations under relevant privacy laws when implementing principles and practices concerning direct marketing.
The organisation may use personal information to contact any data subject and/or market services directly to the data subject(s) if the data subject is one of the organisations existing clients, the data subject has requested to receive marketing material from the organisation or the organisation has the data subject's consent to market its services directly to the data subject.
The organisation will ensure that a reasonable opportunity is given to the data subject to object to using their personal information for marketing purposes when collecting the personal information and on the occasion of each communication to the data subject for direct marketing purposes.
The organisation will not use your personal information to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal information for marketing purposes, The organisation shall do so.
COMPLAINTS
Should you believe that the organisation has utilised your personal information contrary to Applicable Laws, you undertake to first attempt to resolve any concerns with the designated Information Officer of the organisation.
If you are still not satisfied with such process and resolution, you may have the right to lodge a complaint with the Information Regulator of South Africa by accessing their website at www.justice.gov.za/inforeg.
USE OF COOKIES
Our website uses cookies, small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage.
You may refuse to accept cookies. However, if refused, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting to refuse cookies, our system will issue cookies when logging on to the website.
If you accept a "cookie" or fail to deny the use of "cookies", you agree that we may use your personal information collected using "cookies" (subject to the provisions of this Policy).
GENERAL PROVISIONS
You agree that this Privacy Policy, our relationship and any dispute of whatsoever nature relating to or arising out of this Privacy Policy is governed by South African law.
You agree that we may, at any time, transfer, cede, delegate or assign any or all of our rights and obligations under this Privacy Policy without your permission. We may, in certain instances, also sub-contract our obligations, for example, engaging with external IT service providers or printers. Where we engage such sub-contractors, we will do so without your permission, and we do not have to notify you if we sub-contract any of our obligations.
This Privacy Policy shall apply for the benefit of and be binding on each party's successors and assigns.
Our failure to exercise or enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision.
Each provision or section of this Privacy Policy is removable and detachable from all others. As far as the law allows, if any provision (or part of a provision) is found by a court or authority of competent jurisdiction to be illegal, invalid or unenforceable, it shall be treated as if it was not included in this Privacy Policy and the rest of this Privacy Policy will still be valid and enforceable.