ToetenTaal
Privacy Policy, Terms & Conditions and Notice of Informed Consent.
Last Updated: 09-01-2023
In terms of Section 14 of the Bill of Rights of the Constitution, You have the constitutional right to data privacy.
ToetenTaal is committed to protecting your rights to privacy and hereby ensuring that any personal information we hold on you is appropriately processed and in accordance with the applicable laws.
By Accepting our Terms and Policies you give us Consent to Process Your Personal Information in Terms of The Protection of Personal Information Act, 2013 (POPIA).
Please note that this notice covers all Email, Website and Social Media interactions.
The following terms are listed in alphabetical order and are widely used throughout the Policy. Unless they are used in other clearly specified contexts, the terms are listed below together with their corresponding meanings.
1.1 “ToetenTaal” – means us as company ToetenTaal, with Reg Nr n/a, at registered physical address: x, , x x, x, South Africa.
1.2 “Child” – means any person under the age of eighteen years old;
1.3 “Cookies” – a Cookie is a small text file sent by a web server to store on the browser used to visit the website. Some cookies are used to ensure the website works as intended, others may store user preferences or used to collect anonymous website usage and/or user behaviour statistics.
1.4 “Data Breach” – means that the personal information may have been compromised. This may be by means of both physical or virtual security breach, unauthorised access, loss, unauthorised disclosure and/or the alteration of the personal information ToetenTaal holds on you.
1.5 “Data Subject” – as cold as it seems, this means “YOU” the person reading this document or using this website for whatever reason;
1.6 “Direct Marketing” – represents those annoying emails and phone calls you may receive from strangers with the intention of selling you a service or a product – modern day hawking indeed;
1.7 “Direct Marketer” – this refers to any supplier who uses direct marketing as a means of advertising;
1.8 “Employees” – means any person(s) employed by ToetenTaal;
1.9 “SA Government” – means the Government of RSA (The Republic of South Africa);
1.10 “Operator” – an Operator is a person or entity who is under a Responsible Party’s contract or mandate to process personal information without becoming under the authority of that Responsible Party;
1.11 “PAIA” – is the acronym for: “Promotion of Access to Information Act, No 2 of 2000”;
1.12 “Personal Information” Includes and form of information that can be used to verify your identity as a Data Subject. The term “Information” is widely used throughout the Act and may include: a person’s name and surname, company details, contact information, religion, sexual orientation, personal views and opinions, private correspondence, health records, employment records, financial records.
1.13 “Policy” means this Privacy Policy you are reading now;
1.14 “POPIA” is the acronym for: The Protection of Personal Information Act No. 4 of 2013;
1.15 “Processing” means by any activity or an operation, this can either be electronically or by human interaction regarding personal information by means of:
1.16 “Regulator” means the Information Regulator established in terms of POPIA, who are empowered to monitor and enforce POPIA Act compliance with provisions of, and in accordance with the POPIA Act
1.17 “Responsible Party” This represents a person working alone, a public or private body, a group of individuals working together or any other person who determines the reason (why) and how your Personal information is being processed.
1.18 “Special Personal Information” Any personal Information concerning a Data Subject’s biometric information, criminal behaviour records, ethnic origin or race, health records, memberships to trade unions, political views and opinions, philosophical beliefs and sexual life is considered Special Personal Information.
1.19 “Third Party” Any agent, consultant, contractor, sub contractor and service providers the responsible party may be using.
2.1 The primary purpose of this Policy is for ToetenTaal to inform data subjects on how they collect and process personal information 2.2 ToetenTaal in the capacity of Responsible Party (and/ or Operator – where relevant), will continually aim to observe and comply with POPIA obligations regarding Personal Information. ToetenTaal will adhere to accepted principles, practices, and guidelines when it processes personal information in respect, or on behalf of any Data Subject. 2.3 ToetenTaal only collects information relevant to the services and products we provide. This policy applies to any/all information we may obtain from you by the following means: information you supply us with directly as Data Subject; and information we may have obtained by a third party in the capacity of service provider acting on their behalf. 2.4 We use Third-party service providers in some instances and this privacy policy does not apply to third parties as they have their own policies. We use the following third-party service providers: Google Recaptcha, Google Analytics
A list of commonly used third-party services, with links to their Privacy Policies, can be found in Annexure A at the end of this Policy.
3.1 ToetenTaal collects relevant personal information directly from Data Subjects in order to perform a service or complete a purchase. ToetenTaal may also obtain any information the Data subject has made publicly available, or if the personal information forms part of public records.
3.2 ToetenTaal will at all times collect Personal Information in a law abiding way and ensure that personal information will remain safe guarded and will only process personal information on legitimate grounds.
3.3 In some instances ToetenTaal may collect personal information directly from third parties. ToetenTaal will only process personal information from third parties with Data Subject’s consent where ToetenTaal is permitted to do so in terms of clause 3.1 above.
3.4 Examples of third parties may include: (i) Publicly available resources, ie, Companies and Intellectual Property Commission) (ii) Clients ToetenTaal provides a service for. (iii) Recruitment agencies.
4.1 Where ToetenTaal is the Responsible Party, it will only Process Data Subject’s Personal Information (except for Special Personal Information) where –
4.1.1 Data Subject has given consent; in case of a child, a competent person gave consent;
4.1.2 Processing of personal information is required to carry out actions to conclude a contract where the data subject is a party;
4.1.3 ToetenTaal has the legal obligation to process personal information;
4.1.4 Processing protects a Data Subject’s legitimate interest and/or;
4.1.5 Processing is required to pursue the legitimate interest of ToetenTaal and/or third-party providers to whom information is supplied.
4.2 ToetenTaal will only process Personal Information if one of the legal bases in paragraph 4.1 is present.
4.3 ToetenTaal will ensure that Data Subjects are clear on why and how Personal Information is being processed by ToetenTaal.
5.1 ToetenTaal will generally not process Personal Information of a Child or any other Special Information on any data subject unless –
5.1.1 Data Subject has given consent to process the personal information;
5.1.2 Processing is required for the establishment, exercising defence of a right or lawful obligation;
5.1.3 Processing is required for historical, research and statistical purposes, subject to clearly stipulated safeguards;
5.1.4 Personal Information has been made public by Data Subject; or
5.1.5 specific authorisation in terms of POPIA applies.
5.2 In line with POPIA ToetenTaal may not process a child’s Personal information – unless consent has been obtained from the child’s legal guardian or the child’s parent. ToetenTaal will process this information in accordance with the applicable laws.
6.1 Under its POPIA obligation ToetenTaal is aware that it needs to inform its Data subjects about how their personal information is being collected and processed in order for the Data Subject to fully understand this process.
6.2 ToetenTaal will ensure to only Process the Personal Information of a Data Subject for lawful and clear purposes. ToetenTaal will make Data Subjects aware of such purposes.
6.3 ToetenTaal will ensure that there is always a legal basis for Processing Personal Information and will not use Data Subject’s personal information for any other purpose than for which the data subject has been made aware.
6.4 ToetenTaal will use Personal Information only for reasons relating to operating and managing its normal business operations, these reasons carries the Data Subject’s best interests at heart and include one or more of the following purposes:
6.4.1 to provide data subjects with products, services, and support as well as performing credit vetting where applicable.
6.4.2 to facilitate onboarding suppliers and/or service providers of ToetenTaal. In the same, ToetenTaal will also process a service provider or supplier’s personal information.
6.4.3 for procurement and supply purposes;
6.4.4 to facilitate payment processing, including payment of ToetenTaal suppliers/service providers;
6.4.5 to facilitate delivery of orders;
6.4.6 to analyze and monitor the use of any of ToetenTaal’s electronic systems. ToetenTaal may sometimes engage with third-party service providers for services, products, and content
6.4.7 for purposes of preventing, discovering, and investigating violations of this Policy, the applicable laws, and other ToetenTaal policies;
6.4.8 in connection with employment-related purposes like recruiting staff, performing background checks, etc;
6.4.9 in the case of an internal audit (investigation and ensuring relevant risks are mitigated);
6.4.10 in the case of an external audit Personal Information will be shared with a third party;
6.4.11 for internal administrative purposes;
6.4.12 to comply with any applicable law or order of the court and government agencies and any regulatory authority that has authority over ToetenTaal.
7.1 ToetenTaal will ensure that information is kept accurate, up to date and complete as reasonably as possible, depending on what personal information has been collected.
7.2 ToetenTaal may not always request Data Subjects to update Personal Information unless it is absolutely necessary.
7.3 ToetenTaal expects that a Data Subject will notify ToetenTaal on any changes to their personal information.
8.1 ToetenTaal is allowed to store Personal Information electronically or in hard copy format. Personal information may also be stored on third-party servers via cloud services or other technologies with whom ToetenTaal is contracted to support ToetenTaal as a website design, graphic design, digital marketing, and hosting company.
8.2 ToetenTaal’s third-party servers, including cloud storage providers may process Personal Information from time to time only for the purpose for which the information has been collected in the first place.
8.3 ToetenTaal will ensure that Third Party service providers process Personal Information in accordance with internal policies, procedures, and POPIA
8.4 ToetenTaal will ensure that Third Party Service providers process personal information only for the reason specified by ToetenTaal. ToetenTaal requires such Third Party Service providers to employ the same level of security as ToetenTaal to ensure personal information is kept safe.
8.5 ToetenTaal, its affiliates, and service providers are based both locally in South Africa and abroad. This means your personal information may be processed outside of South African Borders. ToetenTaal will take every possible measure of precaution to ensure Personal Information is safeguarded regardless of its location, under the same standards of protection required under the applicable laws, including POPIA.
9.1 ToetenTaal, acting in its capacity as Direct Marketer, will strive to comply with its POPIA obligations when undertaking any direct marketing ventures
9.2 ToetenTaal acknowledges that a Data Subject needs to first provide permission in order to receive Direct Marketing from ToetenTaal.
9.3 ToetenTaal may use Personal Information to contact a data subject to promote ToetenTaal’s Products and Services, provided that the data subject is an existing client of ToetenTaal, or that the Data Subject gave previous consent to receive Marketing Material from ToetenTaal .
9.4 If the Data Subject is an existing client, ToetenTaal will only use the Personal Information collected through the provision of a product or service only in relation to a similar service ToetenTaal provides / provided to the Data Subject.
9.5 ToetenTaal will give a Data Subject the opportunity to object to their personal information being used for Direct Marketing Purposes by ToetenTaal. If a Data Subject previously gave consent to receive Direct Marketing and would like to stop receiving Direct Marketing they will be able to unsubscribe by clicking an unsubscribe link that will appear on every Direct Marketing communication.
9.6 If you have requested not to receive Direct Marketing materials ToetenTaal will not process your personal information for Direct Marketing purposes.
10.1 ToetenTaal is allowed to keep a record of personal information, whether in an electronic or hardcopy format. This information relates to interactions like correspondence to ToetenTaal by the Data Subject
10.2 ToetenTaal may not hold on to personal information longer than the period it has been collected for. ToetenTaal is required to destroy Personal Information in such a way that it can not be reconstructed. This prohibition does not apply to the following scenarios:
10.2.1 Where the personal information is required by law or any government authority;
10.2.2. The Personal Information is required by ToetenTaal to fulfill its lawful activities and functions;
10.2.3 The personal information is required by a contract between ToetenTaal and a Data Subject;
10.2.4 The Data Subject has given consent to ToetenTaal to retain the Personal Information;
10.2.5 The record is being retained for archival, analytics, research, historical and statistical uses, provided that the personal information is safeguarded against it being used for another purpose subjected to the expectations noted within this policy for as long as needed to fulfill the purpose to why the information was obtained and /or permitted by law.
10.3 Where the record is being retained for archival, analytics, research, historical, and statistical uses, the data subject’s personal information will be processed according to this policy and applicable law.
10.4 ToetenTaal will ensure that any personal information is destroyed as soon as the purpose for its collection has been fulfilled, this data will be destroyed in a way that can not be reconstructed or used to re-identify a data subject. Non-Identifiable information may be used by ToetenTaal indefinitely.
11. FAILURE TO PROVIDE PERSONAL INFORMATION
11.1 In order to deliver a product or service to its Data Subject ToetenTaal is required to collect personal information lawfully from its Data Subjects. Failure to provide this information will result in ToetenTaal being unable to deliver the service or product to its Data Subjects.
11.2 ToetenTaal will not be able to provide a service or product to its Data Subject or perform its obligations as an employer without processing Personal Information.
12.1 ToetenTaal shall safeguard Personal Information by all means possible from loss, alteration, and from unauthorised third party access.
12.2 To keep the Personal Information ToetenTaal holds on its Data Subjects secure, ToetenTaal has implemented various physical, technological and contractual security measures. Protecting any Personal Information from loss, theft, disclosure, unauthorised access, copying, and use or modification.
13.1 Data Breach means that reasonable grounds exist to believe that personal information has been compromised, acquired or accessed by an unauthorised third party by any incident.
13.2 Data Breaches can happen for a variety of reasons, which may include the following: (a) An attack on systems such as hacking, phishing scams, and viruses. (b) Equipment Failure (c) loss or theft of equipment containing personal information. (d) Unforeseen circumstances i.e., a flood. (e) human error.
13.3 Any data breach will be addressed to by ToetenTaal in accordance with POPIA terms.
13.4 Both the affected Data Subjects as well as The Regulator will be notified by ToetenTaal in the unfortunate event of a data breach unless notified by authorities in writing to delay this notification.
13.5 ToetenTaal will send this notification as soon as reasonably possible after becoming aware of a Data Breach in respect of Data Subjects Personal Information
13.6 Where ToetenTaal acts as the Operator, it will notify the relevant Responsible Party immediately as soon as there is reason to believe that the Data Subject’s information has been accessed by a third party by means of a Data Breach.
14.1 ToetenTaal may disclose personal information to its third-party service providers provided they have agreed to process any personal information in accordance with this Policy and POPIA requirements.
14.2 Third Parties my assist ToetenTaal as service providers for:
14.2.1 Data Storage and Hosting;
14.2.2 Auditing and Bookkeeping;
14.2.3 Training Employees;
14.2.4 Notifying Data Subject of any relative information with regards to ToetenTaal
14.3 ToetenTaal will not disclose personal information on a data subject without the data subject’s consent in accordance with the applicable law.
14.4 ToetenTaal may also send Personal Information to a foreign jurisdiction outside of the Republic of South Africa for processing and storage.
14.5 ToetenTaal will obtain the necessary consent from the Data Subject to transfer its Personal information into another jurisdiction outside the borders of South Africa where ToetenTaal is allowed to do so under the provisions applicable to cross-border flow of Personal Information under POPIA.
14.6 Data Subjects need to take note that any personal information processed in a foreign jurisdiction may be subject to the laws of the country in which the personal information is held and may be disclosed to governments, courts of law, regulatory authorities, and law enforcement agencies.
15.1 This website uses cookies to provide a good user experience and to anonymously track user behavior and website usage statistics. This website may use cookies from Google Analytics, Facebook, MailChimp and Google maps, etc to function properly.
15.2 You may refuse these cookies by activating the setting in your browser which allows you to refuse the use of cookies. Unfortunately, our Website will not function properly without these cookies and some parts may not be accessible to you.
15.3 By accepting a cookie, or failing to refuse it, you agree that we may process your personal information collected by cookies (in accordance with this Policy)
16.1 Under the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) certain access rights are given to Data Subjects. These rights include:
16.1.1 Right of access: A Data Subject with positive identification has the right to (i) Enquire if a Responsible Party holds any personal information about the Data Subject; (ii) Request from the Responsible Party to clarify what personal information is held on the Data Subject (iii) To enquire on which Third Parties have access to which information is held. A Data Subject may request:
16.1.1.1 – ToetenTaal to confirm whether it holds any Personal Information on the subject free of charge;
16.1.1.2 – To obtain a record or description of the Personal Information concerning the Data Subject. This record or description is to be provided (a) in a reasonable time and in (b) in a reasonable and understandable manner.
16.1.2 – The right to request corrections or deletions, a Data Subject may also request of ToetenTaal:
16.1.2.1 – ToetenTaal to correct or delete Personal information about the Data Subject that is outdated, inaccurate, irrelevant, excessive, misleading, incomplete, or obtained unlawfully.
16.1.2.2 – ToetenTaal to destroy any personal information it holds on the Data Subject that ToetenTaal is no longer authorised to retain the records in terms of POPIA’s retention and restrictions. On receipt of such a request ToetenTaal to, as soon as possible:
16.1.2.2.1 – Destroy or delete the Personal Information
16.1.2.2.2 – Correct the information
16.1.2.2.3 – to provide Data subject with supportive evidence with regards to the information; or
16.1.2.2.4 – Should the Data Subject and Responsible Party fail to reach an agreement on the request, a Data Subject requests this, ToetenTaal will take the reasonable steps to attach to the information an indication that the request has not been made;
ToetenTaal’s PAIA Manual will be published in due time, in the meantime please contact us on information supplied below.
16.1.3 – Data Subjects hold the right to withdraw their consent and object to processing.
16.2 ToetenTaal may request the Data Subject to provide positive identification before it provides access, or before providing information in existence, processing, and use of the Data Subject’s Persona Information that ToetenTaal holds.
16.3 Data Subject can submit a written request to ToetenTaal to review any Personal Information about the data subject’s personal information collected, disclosed, or utilized
16.4 in accordance with POPIA and PAIA ToetenTaal shall respond to these requests and supply the Data Subject with any such personal information.
16.5 The accuracy or completeness of a data subject’s personal information can be challenged by the data subject at any time in accordance with the process set out in the PAIA Manual to access Personal Information.
16.6 Should a Data Subject indicate that their personal information is inaccurate or incomplete, ToetenTaal will ensure that the personal information it or its Third Party Service providers hold, is amended or deleted.
17.1 ToetenTaal is to respond to any written request within no more than 30 days. In some instances, a further 30 days may be allowed but no further extension shall be allowed.
17.2 Data Subject reserves the right to complain about the time limit by contacting ToetenTaal using the contact details from paragraph 20 below.
18. ACCESS TO PERSONAL INFORMATION - COSTS
18.1 The Requester / Data Subject may be required to pay a reasonable access fee with regard to searching and preparing records. The format these records are supplied in may also affect the price and will be listed in our future PAIA manual. All contact information is listed below. Fees may vary.
19.1 ToetenTaal reserves the right to change these conditions from time to time as it sees fit and will announce that these changes have been made by all means possible. Any changes to ToetenTaal’s Privacy policy will be posted on our website 30 days prior to these changes taking place.
19.2 The current Privacy Policy will govern the respective rights and obligations between ToetenTaal and its Data Subject each time the Data Subject accesses or uses ToetenTaal’s website or related services.
20.1 For any further information, comments, concerns, or complaints with regard to Personal Information can be directed to ToetenTaal by contacting us on the provided information below:
On Our Website at http://www.toetentaal.co.za.
By Mail: x, x, x. Or,
Telephonically by calling Our Information Officer, Ronald van der Merwe on 081 798 0390 or email at info@boldmark.co.za
20.2 Should a Data Subject be unsatisfied by the manner in which ToetenTaal addresses any complaint with regard to Personal Information, the Data Subject can contact the office of the Regulator at the details below:
Website:http://justice.gov.za/inforeg/
Tel: 012 406 4818 Fax: 086 500 3351
Email: inforeg@justice.gov.za
© 2021 – ToetenTaal – All rights reserved.
Policy Generated at https://boldmark.co.za/popia
ANNEXURE A - Links to Privacy Policies for Third Party Service Providers.
Facebook Pixel – We advertise our products and services on Facebook. Facebook Pixel will display related adverts when you leave our site. Facebook’s Privacy policy can be found here: https://web.facebook.com/policy.php?ref=pf&_rdc=1&_rdr
Google reCAPTCHA – reCAPTCHA uses an advanced risk analysis engine and adaptive changes to keep malicious software from engaging in abusive activities on this website. The full Privacy Policy for Google reCAPTCHA can be found here Google Privacy Policy and Terms of Use.
Google Analytics – is an Analytics platform by Google that enables businesses of all sizes to track user behavior, gain marketing insights, analyze website interactions, and more. Google’s Privacy Policies apply to this service and can be found here: https://policies.google.com/privacy?hl=en-US
Google Ads – An advertising service by Google – https://support.google.com/adspolicy/
PayPal – We use PayPal to handle Payments on our website – PayPal’’s Privacy policy can be found here https://www.paypal.com/en/webapps/mpp/ua/privacy-full#collectData
PayFast – We use PayFast to handle online Payments on our website – PayFast’s Privacy policy can be found here https://www.payfast.co.za/legal/privacy-policy