TABLE OF CONTENTS
- COLLECTION OF PERSONAL INFORMATION
- CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS
- SPECIAL PERSONAL INFORMATION
- PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING
- DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
- INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
- DATA SECURITY
- DATA ACCURACY
- DATA MINIMISATIONS
- DATA RETENTION
- YOUR LEGAL RIGHTS
- COOKIES AND SIMILAR TECHNOLOGIES
- DIRECT MARKETING
- CONTACT DETAILS
- The Company abides by the Protection of Personal Information Act, No 4 of 2013 (POPIA).
1.3 By providing us with your Personal Information, you –
1.3.1 agree to this Policy and authorise us to process such information as set out herein; and
1.3.2 authorise the Company, its service providers and business partners to process your Personal Information for the purposes stated in this Policy.
- We will not use your Personal Information for any other purpose than that set out in this Policy and will endeavour to protect your Personal Information that is in our possession from unauthorised alteration, loss, disclosure or access.
- Please note that we reserve the right to amend and update this Policy from time to time.
- This Policy applies to the Company’s employees and/or any other person, including without detracting from the generality thereof, any juristic or natural person, employees, prospective employees, employment candidates, service providers, Operators, customers and consumers, governmental, provincial and municipal agencies or entities, regulators, persons making enquires and/or third parties, including all associated, related and/or family members of such Data Subjects or any person who may be acting on behalf of/or in a representative capacity in respect of the Data Subject, and from whom the Company receives Personal Information.
- The Company will only process Personal Information referred to in section 57(1) of POPIA upon obtaining prior authorisation in accordance with section 58(1) of POPIA and subject to section 57(3) of POPIA.
1.7 Capitalised terms used in this Policy have the meanings ascribed thereto in section 1 of POPIA, unless otherwise defined herein.
2 COLLECTION OF PERSONAL INFORMATION
2.1 We collect and process your Personal Information mainly to provide access to our service/s and to help us improve our offerings.
2.2 The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
2.3 We collect information directly from you where you provide us with your personal details, for example when you apply for employment, solicit services from us or when you submit either your details or enquiries to us.
2.4 Where possible, we will inform you what information you are required to provide to us and what information is optional.
2.5 Website usage information is collected using “cookies” which allows us to collect standard internet visitor usage information (if applicable).
2.6 We will not intentionally collect and process the Personal Information of a Child unless we have the permission of a Competent Person.
3 CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS
The Personal Information we may process includes, but is not limited to the following:
3.1 Name and physical address, email addresses, telephone numbers, contact details, and details of your public social media profile(s);
3.2 Demographic attributes, when tied to Personal Information that identifies you;
3.3 Transactional data, including products and services ordered, financial details and payment methods;
3.4 Data from surveys and publicly available information, such as social media posts and professional profiles available in the public domain, e.g. LinkedIn, Twitter or Facebook;
3.5 Your curriculum vitae, skillset (if not already covered in your CV), job preferences, your eligibility to work, current and desired salary and employment conditions;
3.6 Information about a device you use, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, and the preferred language;
3.7 Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information;
3.8 Employer details: where you interact with us in your capacity as an employee of an organisation, the name, address, telephone number and email address of your employer, to the extent relevant; and
3.9 Payment details: billing address; payment method; bank account number or credit card number; invoice records; payment records; SWIFT details; IBAN details; payment amount; payment date; and records of cheques;
3.10 Data relating to your visits to our website: your device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; and other technical communications information (if applicable).
4 SPECIAL PERSONAL INFORMATION
Where we need to process your Special Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, with your Consent and in accordance with applicable laws.
5 PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING
5.1 We will only process your Personal Information in the ordinary course of our business as aesthetic skin clinic and in providing dermatological services and ancillary business/related services. We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected. We may subject your Personal Information to Processing during the course of various activities, including, without limitation, the following –
5.1.1 operating our business;
5.1.2 for the purpose of making contact with you and attending to your enquiries or requests;
5.1.3 for the purpose of carrying out actions for the conclusion and performance of a contract between the Company and yourself / the Data Subject;
5.1.4 for the purpose of pursuing your and/or the Company’s legitimate interests, or that of a third party to whom the Personal Information is supplied;
5.1.5 for the purpose of providing, maintaining and improving the Company’s products and services, and to monitor and analyse various usage and activity trends pertaining thereto;
5.1.6 for the purpose of performing internal operations, including management of employees, the performance of all required functions of the Company, attending to financial matters including budgeting, planning, invoicing, facilitating and making payments sending receipts and generally providing commercial support, where needed, requested or required;
5.1.7 for the purpose of preventing fraud and abuse of the Company’s processes, systems, procedures and operations, including conducting internal and external investigations and disciplinary enquires and hearings;
5.1.8 for safety and security purposes; and
5.1.9 to comply with applicable laws.
5.2 You agree that the Company may use all the Personal Information which you provide to the Company, which the Company requires for the purposes of pursuing its business objectives and strategies.
6 DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
6.1 We may disclose your Personal Information to our clients and business partners, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your Personal Information –
6.1.1 if required by law;
6.1.2 to third party Operators (including, but not limited to, data processors such as providers of data hosting services and document review technology and services), located anywhere in the world, subject to 6.2;
6.1.4 to provide information to third party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services and customer services;
6.1.5 to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security; and
6.1.7 to any relevant third-party provider, where our website uses third party advertising, plugins or content.
6.2 If we engage a third-party Operator to process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to –
6.2.1 only process such Personal Information in accordance with our prior written instructions; and
6.2.2 use appropriate measures to protect the confidentiality and security of such Personal Information.
7 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
7.1 We may transfer your Personal Information to recipients outside of the Republic of South Africa.
7.2 Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the Company’s products and services.
8 DATA SECURITY
8.1 We implement appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
8.2 Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.
8.3 Due to the fact the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.
9 DATA ACCURACY
The Personal Information provided to the Company should be accurate, complete and up to date. Should Personal Information change, the onus is on the provider of such data to notify the Company of the change and provide the Company with the accurate data.
10 DATA MINIMISATIONS
The Company will restrict its Processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.
11 DATA RETENTION
The Company shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.
12 YOUR LEGAL RIGHTS
You may have rights under the South African and other laws to have access to your Personal Information and to ask us to rectify, erase and restrict use of your Personal Information. You may also have rights to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information.
13 COOKIES AND SIMILAR TECHNOLOGIES (IF APPLICABLE)
13.2 Cookies are small software programs that install themselves on your computer or your mobile device. They store data specific to a particular user and remember your preferences about our website. Cookies are stored on your computer or mobile device for various lengths of time. Every time you return to our website and browse it, cookies record this data, which is then transmitted to us or to third parties with whom we work.
13.3 We may collect information about your computer, including where available, your operating system, browser type, third-party software installed on your device, installation and uninstallation rates, the language of your device and computers manufacturer, screen size and model of the device and any other technical information for system administration and to report aggregate information to our advertisers. This statistical data about our users’ browsing actions and patterns is derived from your Personal Information but is not considered Personal Information in law as does not identify any individual.
14 DIRECT MARKETING
We may process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time.
15 CONTACT DETAILS
You may contact us at – Information Officer – LCM SKIN & LASER CLINIC (PTY) LTD
Attention: DR U NAIDOO
Telephone: 012 346 3887