Privacy Policy
In accordance with the Protection of Personal Information Act, 2013
1. Introduction
The Protection of Personal Information Act 4 of 2013 (“the Act”) serves the purpose of giving effect to the constitutional right to privacy by ensuring information is processed responsibly to prevent security breaches, theft, and discrimination.
2. What is personal information, do we collect about you?
According to the Act, ‘personal information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
As a Responsible Party:
For clients:
• Identity data: name and registration number of your company or entity if you are a legal person, first name and surname and identity number if you are a natural person or the representative of a legal person
• Contact data: address, email address, contact number
• Transaction data: details about payments and products/services you have purchased from us
• Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
For employees:
• Identity data: your first name and surname
• Contact data: address, email address, contact number
• Financial data: bank account details
For third parties, where applicable (such as suppliers or potential customers):
• Identity data: your first name and surname
• Contact data: address, email address, contact number
• Transaction data: details about payments and products/services you have supplied to us
• Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences
As an Operator:
Please note as an Operator we process certain information on behalf of our clients to fulfil the contract entered into with our client. As an Operator we are not liable under the Act as a Responsible Party. However, we must protect and secure the information in terms of the Act (see paragraph 8 and 10 below). As an Operator we process the following information on behalf of our clients:
• Identity data: first name and surname
• Address: physical location
• Contact data: mobile number
• Transaction data: details about payments and products/services that the data subjects of our clients have purchased
• Marketing and communications data: Data Subject’s preferences in receiving marketing from you, as our client, and their communication preferences
3. Acceptance of our policy
By using our product/services, you understand that we will collect and use your personal information as indicated in this policy.
You have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes.
Where we need to collect personal information under the terms of a contract, we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have with you.
4. How do we collect your personal information?
Direct interactions: by way of filling in forms, email or telephone correspondence, purchasing or subscribing to products/services, and via our website.
Third parties or publicly available sources: example, business partners, sub-contractors or credit reference agencies.
5. How do we use your or your Data Subject’s personal information?
Vital Properties will only use your personal information when the law allows us to. We will most likely use your personal information in the following circumstances:
• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
6. What will we use your or your Data Subjects personal information for (where applicable)?
• To register you as a new customer.
• To employ you as an employee and to enable us to fulfil our function as an employer.
• To process and deliver in terms of our Agreement, including processing your Data Subjects information as an Operator, manage payments, fees and charges.
• To collect and recover money owed to us.
• To manage our relationship with you, as a client which will include: notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey.
• To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
• To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
• To make suggestions and recommendations to you about goods or services that may be of interest to you.
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason. We may process your personal information without your knowledge or consent in compliance with the Act, where this is required or permitted by law.
7. Marketing
We will provide you with choices regarding certain personal information uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased services from us. You can ask us to stop sending you marketing messages at any time, this will not apply to personal information provided to us as a result of a product/service purchase, product/service experience or other transactions.
8. Disclosure of personal information
We will not sell personal information and no personal information will be disclosed to anyone except as provided in this policy. We may disclose your personal information if required by a subpoena or court order; or to comply with any law or regulation.
We may share your personal information:
• with other related companies in terms of our Agreement with you, as our client.
• with our service providers under contract, as permitted by law.
• with credit bureaus to report account information, as permitted by law.
• with social media platforms when you use tools or functionality on our website provided by those platforms (such as “recommend” or “share” buttons); and with marketing partners where you register for events, webinars or other related events.
• with public or government authorities to follow applicable law or to respond to legal process (like a subpoena). We also may share your personal information when there are threats to the physical safety of any person, violations of this policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public as required by law.
• for business transactions like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have.
• with your consent. For example, when we post user testimonials that may identify you or for a third-party application that may be of use to you and with your employer or organisation where you create an account or user role with an email address assigned to you as an employee, contractor or member of an organisation, that organisation may find your account and take specific actions that may affect your account.
• We may need to disclose personal information to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel. Any of our employees or personnel that handle your personal information will have signed non-disclosure and confidentiality agreements.
9. How secure is our data?
We have put into place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, such as password protection, two-factor authentication, device control policies and other stringent security measures.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We execute regular penetration tests using third-party software to test and indicate our technical defences’ strength continually.
11. How long will we use your personal information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal Information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
12. What are your legal rights?
Under certain circumstances you are entitled to:
• Request access to your Personal Information
• Request correction of your Personal Information
• Request erasure of your Personal Information
• Object to processing of your Personal Information
• Request restriction of processing your Personal Information
• Request transfer of your Personal Information
• Withdraw consent
• Not be subjected to automated decision-making
13. Promotion of Access to Information Act 2 of 2000 (“PAIA”)
PAIA gives you the right to access information that is required to exercise or protect your rights. In terms of PAIA, before access to the information requested by persons is granted, specific requirements have to be met. PAIA also requires private bodies such as RE/MAX to compile a manual designed to assist persons who want to exercise their right to access information. You or third parties may also request access to your personal information held by RE/MAX. PAIA regulates and sets out the procedure for such a request and under what circumstances such access may be refused. Please contact us should you require our PAIA manual, the prescribed request form and/or information on applicable fees payable for access to this information.
14. Your duty to keep your personal information with us updated
The personal information we hold about you must be accurate and current. Please keep us updated if your information changes during your relationship with us.
15. Queries or complaints
Should you have any queries or complaints about this policy, you may email our information officer, admin@vitalproperties.co.za.