(c)2021 Signify (Pty) Ltd; all rights reserved. This document may contain proprietary information and may only be released to third parties with approval of management.
1. Summary / Purpose
The objective of this policy is to provide clarity regarding Signify Website Privacy and Cookie Policy. Signify is committed to compliance with the Protection of the Personal Information Act (POPI Act).
The purpose of this Privacy and Cookie policy is to protect Signify from the compliance risks associated with the protection of Personal Information (PI) collected via the Company Website: https://www.signify.co.za. The Policy demonstrates Signify’s commitment to protecting the privacy rights of its clients, customers and partners using Signify’s Website.
The focus of this Cookie and Privacy Policy is to ensure that you, the website visitor, and user, are at all times informed regarding how our website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”) uses and protects any Personal Information (PI) that you give us while using the Website.
This Cookie and Privacy Policy explains how we obtain, use, and disclose your Personal Information (PI), as is required by the POPI Act. At Signify we are committed to protecting your privacy and to ensure that your Personal Information (PI) is collected and used properly, and lawfully.
We recommend that you read this Cookie and Privacy Policy so that you understand our approach towards the use of your Personal Information (PI) collected via the Website. By using the Website and by submitting your Personal Information (PI), you acknowledge that you have reviewed the terms of the Cookie and Privacy Policy and agree and consent that we may collect, use, transfer and process your Personal Information (PI) in accordance therewith.
2. Definitions
2.1 Cookies: The term “cookies” refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications. A web cookie is a small file which asks permission to be placed on a user’s computer hard drive. Cookies help the user’s browser navigate a website and the cookies themselves cannot collect any information stored on the user’s computer or files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service.
Once the user agrees, the file is added, and the cookie helps to analyse web traffic or lets the user know when he/she visits a particular site. Cookies allow web applications to respond to users as an individual. The web application can tailor its operations to individual user needs, likes and dislikes by gathering and remembering information about user preferences – thus creating a type of user profile.
Traffic log cookies are used to identify which pages are being used and cookies are used to learn more about the way users interact with website content and help to improve user experience when visiting websites by compiling statistical data.
A cookie in no way gives us access to a user’s computer or any information about him/her, other than the data the user chooses to share.
In some cases, users can choose to accept or decline cookies.
Most web browsers automatically accept cookies, but users can usually modify their browser settings to decline cookies if you prefer. The downside is that it can prevent users to take full advantage of Websites’ functionality.
2.2 Consent: Any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of Personal Information.
Simply put, means informed permission (consent) to process or use Personal Information.
2.3 Data Subject: This refers to the natural or juristic person to whom Personal Information relates, such as an individual client, customer or an organisation that supplies an organisation with products or other goods such as:
• information, online identifier or other particular assignment to the person;
• the biometric information of the person;
• the personal opinions, views or preferences of the person;
• correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
Simply put, the Data Subject refers to and individual or legal entity to whom the Personal Information (PI) relates.
2.4 Direct Marketing: The approach to the Data Subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:
• promoting or offering to supply, in the ordinary course of business, any goods or services to the Data Subject; or
• requesting the Data Subject to make a donation of any kind for any reason.
Simply put, means you need consent from the Data Subject to use Personal Information (PI) for marketing purposes.
2.5 Information Officer (IO): The Information Officer is responsible for ensuring the organisation’s compliance with the POPI Act.
• Where no Information Officer is appointed, the head of the organisation will be responsible for performing the Information Officer’s duties.
• Once appointed, the Information Officer must be registered with the South African Information Regulator established under the POPI Act prior to performing his or her duties. Deputy Information Officers can also be appointed to assist the Information Officer.
2.6 Information Privacy: Information Privacy focuses on the use and governance of PI—things like putting policies in place to ensure that the Data Subject’s PI is collected, shared, and used in appropriate ways. Information Privacy is mostly dependant or organisational measures and people behaviours.
2.7 Information Security: Information Security focuses more on protecting Personal Information (PI) from malicious attacks and the exploitation of stolen data for profit. Information Security is mostly dependant on operational measures such as technology systems, access protocols and passwords etc.
3. Policy Scope
All employees, subsidiaries, business units, departments and individuals directly associated with Signify are responsible for adhering to this Policy and for reporting any security breaches or incidents to the Information Officer.
Any Third-Party Service Provider responsible for providing and managing the Website platform must adhere to the same information security principles contained in this Policy to ensure security measures are in place in respect of processing of Personal Information (PI).
This Policy and its guiding principles apply to:
• Signify governing committee/team;
• all branches, business units and divisions of Signify;
• all employees and volunteers;
• all contractors, suppliers and other persons acting on behalf of Signify.
The Policy’s guiding principles find application in all situations and must be read in conjunction with the provisions of the POPI Act.
4. Policy Function and the Conditions of the POPI Act
In terms of the POPI Act, “process” and “processing” of Personal Information (PI) is defined as any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other form; or
merging, linking, as well as restriction, degradation, erasure or destruction of information.
Signify is therefore committed to ensuring that the Personal Information (PI) collected via the company website will only be processed and used in accordance with this Cookie and Privacy Policy.
5. Policy Statements
5.1 Collection of Personal Information (PI): Section 9 of the POPI Act states that “Personal Information (PI) may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.”
Signify therefore collects and processes your Personal Information (PI) via our website mainly to provide you with access to our services and products. The type of Personal Information (PI) we collect will depend on the purpose for which it is collected and used. We will only collect Personal Information (PI) that we need for that purpose.
We collect/can collect your PI via our Website where you provide us with your Personal details by completion of our Information Form on the Contact Us page inclusive of:
• Your first name and surname;
• Your Company name;
• Your email address;
• Your mobile number;
• Your interest in our Products;
We also collect your PI indirectly from you via website based electronic cookies in order to:
• monitor Website usage metrics via the Cookies;
• improve Website performance and
• automate and improve services via the Cookie analytical data collected on the Web Server.
5.2 Processing of Personal Information: We will use your Personal Information (PI) which is collected via our Information Form and/or our automated cookies, only for the purposes for which it was collected or agreed with you.
We will not keep the Personal Information (PI) collected via the Website’s Information Form or Website Cookies for longer than is necessary to fulfil that purpose unless we have to keep it for legitimate business or legal reasons.
Any direct marketing communications that we send to you, after your initial engagement with us via the website Information Form, will include the means necessary to opt out, as effortless as possible.
5.3 Security Safeguards: We are committed to ensuring that your Personal Information (PI) is secure, and we are legally obliged to provide adequate protection for the Personal Information (PI) we hold and to stop unauthorised access and use of such Personal Information (PI).
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online via our Information Form and automated Website Cookies.
The Personal Information (PI) collected via Cookies are currently managed and stored on the Web Servers of our Third-Party Domain Suppliers and we cannot be responsible or liable for any Third-Party's actions or their security controls on the information that they may collect or process.
In order to ensure the security of your Personal Information (PI) when we contract with third parties, we do impose appropriate security, privacy and confidentiality obligations on them to ensure that the Personal Information (PI) that we remain responsible for, is kept secure. Our undertaking is also to ensure that anyone to whom we pass your Personal Information (PI) agrees to treat your information with the same level of protection as we are obliged to.
5.4 Use of Third-Party Websites: Our website may contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Cookie and Privacy Policy.
5.5 Your Rights – Access to your Personal Information: You have the right to request a copy of the Personal Information (PI) we hold about you. To do this, simply contact us at the numbers/addresses listed on our Contact Us page and specify what information you would like.
5.6 Your Rights – Correction of and Controlling your Personal Information: You may choose to restrict the collection or use of your Personal Information (PI) in the following ways:
• You can delete/disable/block cookies through your web browser – PLEASE NOTE: this may limit certain features on our Site.
You have the right to ask us to update, correct or delete your Personal Information (PI). If you believe that any Personal Information (PI), we are holding or have collected, relating to you is incorrect or incomplete, please inform us as soon as possible so that we can promptly correct it.
5.7 Your Rights – Processing of your Personal Information for a specific purpose: We will process and use your Personal Information (PI) only for the specific purpose it was collected for and we will not sell, distribute or lease your Personal Information (PI) (collected via our Website Form or Cookies) to Third Parties unless we have your permission or are required by any applicable law, subpoena, order of court or legal process served on us or to protect and defend our rights or property.
5.8 Your Rights – Disclosure of your Personal Information: We may share the Personal Information (PI) collected via our website with:
• our employees, and/or business partners that require the information to fulfil their work duties;
• our suppliers and/or vendors that require the information to assist with your order fulfilment;
• law enforcement (if required to do so);
• our business partners and other third parties who are involved in the delivery of products or services to you, on a basis of informed consent only.