Protection of Personal Information Act (POPI) Compliance Statement
South Africa’s new data protection law, POPIA (link https://popia.co.za/), came into full effect on 1 July 2021.
Design@Bay is committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program that complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the POPIA.
Design@Bay operates the website: https://designatbay.com
The data we collect about you
The Design@Bay website may collect certain information about your visit, such as ;
- the name of the Internet service provider and the Internet Protocol (IP) address through which you access the Internet;
- the date and time you access the website;
- the pages that you access while at the website; and
- the Internet address of the website from which you linked directly to our website.
This information is used to help improve the website, analyse trends, and administer the website.
The website may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the website, and understanding how visitors use the Site. Cookies can also help customise the Site for visitors. Personal information cannot be collected via cookies and other tracking technology; however, cookies may be tied to such information if you previously provided personally identifiable information. Aggregate cookie and tracking information may be shared with third parties.
To provide increased value to our Users, we may provide links to other websites or resources. You acknowledge and agree that we are not responsible for the availability of such external sites or resources and do not endorse and are not responsible, directly or indirectly, for the privacy practices or the content (including misrepresentative or defamatory content) of such websites, including (without limitation) any advertising, products or other materials or services on or available from such websites or resources, nor for any damage, loss or offence caused or alleged to be caused by, or in connection with, the use of or reliance on any such content, goods or services available on such external sites or resources.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
1. Where it is necessary for our legitimate interests (or those of a third party), your interests and fundamental rights do not override those interests.
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before processing your personal data for our legitimate interests.
2. Where you have given us consent
Consent means that you have given us clear consent to process your data for a specific purpose. You have the right to withdraw consent to marketing at any time by contacting us.
3. Where we need to comply with a legal or regulatory obligation.
Complying with a legal or regulatory obligation means processing your personal data where necessary to comply with a legal or regulatory obligation that we are subject to.
Purposes for which we will use your personal data
1. Legitimate interests
We rely on the legitimate interest basis to process your data in the following circumstances:
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
This is necessary for running our business, provision of administration and IT services, network security to prevent fraud and in the context of a business reorganisation or a restructuring exercise.
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
This is necessary to study how individuals use our website, develop our website, grow our business, and inform our strategy.
- To use data analytics to improve our website, services, marketing, users relationships and experiences.
This is necessary to define types of users for our services, keep our website updated and relevant, and develop and inform our strategy.
- To respond to queries made through the website.
This is necessary to be able to provide you with a response to your query.
We rely on your consent to process your data in the following circumstances:
- Send you marketing material when you have signed up to receive our marketing material or asked a specific question on our website.
3. Legal or regulatory obligation
We also rely on the legal or regulatory obligation ground to process your data in some circumstances. This means processing your personal data necessary for compliance with a legal or regulatory obligation that we are subject to.
Please contact us if you want more details about the specific legal ground we rely on to process your personal data.
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above.
External Third Parties:
Service providers who provide IT, system administration services and e-marketing on the Design@Bay’s behalf.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
South African Revenue Service & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
Third parties may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal data the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and treat it according to the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and per our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
We consider the amount, nature, and sensitivity to determine the appropriate retention period for personal data. This, along with the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Tel: +27 41 374 1331 / 373 7045
Our Address: 11 Stanley Street, Central, Gqebera, South Africa