Privacy Policy

Black Umbrellas Privacy Policy

1 DEFINITIONS
1.1 Capitalised words in this Policy are as defined in Protection of Personal Information Act, 2013 (Act No. 4 of 2014).
1.2 BU means Black Umbrellas.
1.3 Personal Information is information that identifies or relates specifically to You and includes Your name, age, identity number, contact details and payment information and history.
1.4 Biometrics are biological measurements or physical characteristics that can be used to identify individuals.
1.5 Platforms means all platforms used by BU which are Twitter, LinkedIn, Facebook and Instagram.

2 INTRODUCTION
2.1 BU respects your right to privacy and is committed to the protection thereof. This Privacy Policy explains how we process the Personal Information we collect from you and also informs you of your rights in terms of the Protection of Personal Information Act, Act No.4 of 2013 (“POPIA”). Accordingly, this Privacy Policy explains amongst other things:
2.1.1 What Personal Information BU collects;
2.1.2 For what purpose BU collects Personal Information;
2.1.3 How BU collects Personal Information;
2.1.4 How long BU retains Personal Information; and
2.1.5 Your rights as a data subject.

3 PURPOSE
3.1 The purpose of this policy is to describe the way we collect, store, use and protect information that can be associated with a specific natural or juristic person and can be used to identify that person (“Personal Information”). This Privacy Policy should be read in conjunction with the POPIA and its Regulations, where applicable.

Personal Information includes:
a) certain information collected on entering competitions through Facebook comments.
b) optional information that you voluntarily provide to us.
c) additional data that you provide to BU in the comments section on the BU Platforms, especially in forms of discussion boards and using the comment features of blogs (“comment data”).
d) your IP address, information about the amount of data transferred, stored in access log files (“usage data”).
e) first name, last name, date of birth, email address, country, job title, phone number, fax number, company name, and additional information that you provide when contacting us using our websites, especially information provided in free text fields of contact forms (“contact data”).
f) additional data that you provide to BU while subscribing for any of BU’s products and/or services etc. (“subscription information”).
g) email address, phone number, name, company name and country provided when subscribing to a newsletter or other marketing information of BU (“direct marketing data”).
h) personal Information sent by your web browser, i.e. information about your type of web browser, your operating system, and selected settings (e.g. language, region, font size, font types and other configuration) may be collected (“browser data”).

Personal Information excludes:
a) information that has been made anonymous so that it does not identify a specific person;
b) permanently de-identified information that does not relate or cannot be traced back to you specifically; and
c) non-personal statistical information collected and complied by BU and information that you have provided voluntarily in an open, public environment or forum including (without limitation) any blog, chat room, community, classified advertisement or discussion board. Since the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy.

4 PRINCIPLES
BU has implemented the following approach concerning Personal Information:
4.1 To be transparent in its standard operating procedures that govern the collection and processing of Personal Information;
4.2 To comply with all applicable legal and regulatory requirements regarding the processing of Personal Information;
4.3 To collect Personal Information by lawful and transparent means and process Personal Information in a manner compatible with the purpose for which it was collected;
4.4 To strive to keep personal Information accurate, complete and up-todate and reliable for its intended use;
4.5 To develop reliable, safe and sustainable means of protecting the Personal Information of employees whether physical or digitally so as to prevent leakage, loss, alteration or misuse of said information;
4.6 When consigning to outside entities for the protection of said information, BU will only select those entities with the ability to safeguard and manage the said information.
4.7 This policy will be made known to BU’s current or prospective employees, clients, suppliers and service providers; and
4.8 BU will strive to continuously improve this Privacy Policy and all other systems for the protection of Personal Information so as to adapt to a changing environment or according to legal needs.

5 PERSONAL INFORMATION COLLECTED BY BU
5.1 Personal information is defined by POPIA as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
5.1.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
5.1.2. Information relating to the education or the medical, financial, criminal or employment of the person;
5.1.3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
5.1.4. The fingerprints or other biometric information of the person;
5.1.5. The personal opinions, views or preferences of the person;
5.1.6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the content of the original correspondence;
5.1.7. The view or opinions of another individual about the person; and
5.1.8. The name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
5.2 BU may process any of the types of Personal Information as defined above, although it will only be processed in so far as it is adequate, necessary, relevant and not excessive in relation to the purposes for which it is required.

6 PURPOSE FOR WHICH PERSONAL INFORMATION IS COLLECTED BY BU
The purpose for which BU uses your Personal Information will include amongst
others:
6.1 When you are a client:
a) identify you and conduct appropriate checks, audits and procedures; marketing and promotions (including contacting you for such purposes);
b) administer and manage the products and services BU offers to you; and
c) get a better understanding of you, your needs and how you interact with BU, so BU can engage in product and service research, development and business strategy including managing the delivery of BU’s services and products via the ways BU communicates with you.
6.2 When you are a supplier or service provider:
a) identify the company and conduct appropriate checks, audits, due diligence and procedures;
b) payment for the goods and/or services acquired and used;
c) communication in relation to the goods and/or services supplied;
d) review, compare and evaluate the goods and/or services supplied;
e) record keeping in accordance with the applicable legislation; and
f) performance of the parties’ respective obligations under the applicable agreement for the supply of the goods and/or services.
6.3 When you are an employee or prospective employee:
a) identify and conduct appropriate checks, audits and procedures;
b) payment of employment benefits and related deductions;
c) record keeping and reporting in accordance with the applicable legislation; contacting purposes;
d) review and evaluate your work experience and qualifications; and
e) recruitment purposes.
6.4 Further to above, BU may use your Personal Information to:
a) pursue BU’s legitimate interests such as to compile reports and statistical analysis;
b) comply with requests for information from any internal or external auditor, or any regulatory body;
c) meet legal and regulatory requirements to which BU may be subject;
d) use in connection with legal proceedings; and
e) assist with any criminal or similar investigation.
6.5 Where BU shares your Personal Information with the above third parties, the latter will be obliged to use that personal information for the reasons and purposes it was disclosed for.

7 SECURITY AND CONFIDENTIALITY
BU takes appropriate and reasonable technical and structural security measures to protect your Personal Information in its possession against accidental or illegal damage, loss, modification, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing of the Personal Information.
7.1 Legal Basis for Processing
7.1.1 BU will process your Personal Information as a responsible party as described in this Privacy Policy, where such processing is in BU’s legitimate interests and in compliance with your privacy interests or fundamental rights and freedom. BU’s legitimate interests typically include improving, maintaining, providing, and enhancing its technology, and services; and ensuring the security of the BU website and BU platforms.

7.2 Lawfulness of Processing
7.2.1 BU is committed to processing your Personal Information lawfully, within reason and in a manner that respects your right to privacy and aligned with the purpose for which it is processed, taking into account the adequacy and relevance thereof at all times.

7.2.2 The lawfulness for the processing of Personal Information is the performance of a contract or steps prior to communicating, engaging with you and/or referring you to BU’s associates. Using this Personal Information is required to ensure that BU is able to provide you with the information or assistance you require from it. Without this personal information you will not be able to communicate, engage with or be referred to BU’s associates.

7.3 Data breach
In the event of a data breach leading to the accidental or illegal damage, loss, modification, unauthorised disclosure or any unauthorised access to any Personal Information that has been transmitted, stored or otherwise processed by BU, BU has the relevant measures and policies in place to cater for and assess the details relating to any such data breach in a prompt and efficient manner. BU will notify you of such data breach as soon as possible in accordance with POPIA.

As stated above, when BU contracts with third parties, BU concludes agreements with them in terms of which BU imposes appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure.

Whilst BU will do all things reasonably necessary to protect your rights of privacy, BU cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in BU’s possession, made by third parties who are not subject to BU’s control, unless such disclosure is as a result of BU’s gross negligence.

If you disclose your personal information to a third party, BU SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF THE DISCLOSURE OF SUCH INFORMATION TO THE THIRD PARTY. This is because BU does not regulate or control how that third party uses your personal information. You should always ensure that you read the privacy policy of any third party.

8 TRANSFER OF PERSONAL INFORMATION OUTSIDE SOUTH AFRICA
BU will not transfer any personal information across a country border without
complying with the provisions of section 72 of the POPIA and your prior written
consent.

9 BU PLATFORMS
9.1 BU’s website also references and includes links to its platforms. As a rule, these are identified by stating the platform type and respective third-party internet address or the company/product logo in such a platform. BU has no influence whatsoever on the contents and design of websites of other providers linked to BU platforms. By referencing/linking these external websites BU does not adopt their content as its own.

10 PARTICIPATION ON BU PLATFORMS
10.1 The BU website may offer you the opportunity to participate in BU platforms. In order to use the BU platforms, it may be necessary to enter certain Personal Information (email address, first name and last name, company name and country, contact number (“Contact Data”) to enable BU to identify and, where appropriate, comply with the obligation to retroactively identify authors of illegal content. The details of this Contact Data are voluntary for you. Please note that you may not be able to use BU Platforms if you do not want to provide your Contact Data. This is associated with no further disadvantages.

10.2 When participating in the BU Platforms your Personal Information is not disclosed to other participants unless you have consented thereto in your user profile. In this context, BU’s website terms pertaining to platforms apply when registering for access to BU Platforms.

11 CONSENT, JUSTIFICATION AND OBJECTIVES
11.1 In so far that you have given the consent, BU will also use your direct marketing data for marketing purposes, e.g., to send newsletters. The lawfulness for processing your direct marketing data is BU’s legitimate interest, e.g. to improve BU’s communication, engagement, services, or your consent.

11.2 In so far that you have given the consent, BU will also use your browser data for market research and the improvement of the BU website, BU platforms and services, and to improve your user experience. The lawfulness for processing your browser data is your consent or BU’s legitimate interest.

11.3 In so far that you have given the consent, BU will also collect your usage data for statistical purposes, for the analysis of advertisement on the BU website, BU platforms and for adapting the advertisement for BU’s services to better match your interests. Log files are only used for statistical analysis of the visitors to the BU website. The usage data is deleted after having been analysed. The lawfulness for processing this usage data is for statistical purposes and is for BU’s legitimate interest, e.g. internal organisation, or your consent.

11.4 BU will also use your usage data for internal system-specific purposes to secure the BU website, BU platforms, and IT systems from malicious attacks by third parties. The lawfulness is a balancing of interests of the conflicting interests of the security of the IT systems on BU’s part and your potentially conflicting interests in a non-processing of the usage data by us. Considering the security and measures of the processing of the usage data by BU, BU considers your rights and interests appropriately taken into account and protected.

11.5 Beyond these purposes, BU uses and processes your Personal Data only if you have expressly granted your prior consent thereto and if you have been informed about such purposes.
Please note that:-
a) you can object, at any time to the processing of your Personal Information irrespective of the purpose, on reasonable grounds (unless legislation allows for such Processing) by sending BU an email at info@blackumbrellas.org, in a prescribed manner.

b) providing the direct marketing data and browser data is optional. If you do not provide this Personal Information, you will not receive any direct marketing information from BU, and your data will not be used to improve your user experience and will not be used for statistical purposes; and

c) Once BU obtains the abovementioned objections, BU will no longer Process your Personal Information.

d) You can opt out of receiving communications from us at any time. Any direct marketing communications that BU sends to you will provide you with the information and means necessary to opt out.

12 COOKIE POLICY
12.1 the BU websites make use of “cookies” to automatically collect information and data through the standard operation of the Internet servers. “Cookies” are small text files a website can use (and which BU may use) to recognise repeat users, facilitate the user’s on-going access to and use of a website and allow a website to track usage behaviour and compile aggregate data that will allow the website operator to improve the functionality of the website and its content, and to display more focused advertising to a user by way of third party tools. The type of information collected by cookies is not used to personally identify you. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.

12.2 Please note that cookies may be necessary to provide you with certain features available on the BU websites, and thus if you disable the cookies on your browser you may not be able to use those features, and your access to BU’s websites will therefore be limited. BU may use various technologies to collect and store information when you interact with BU via the BU websites and/or BU platforms. Please refer to BU’s cookie policy by clicking here for more information.

13 RETENTION PERIOD OF PERSONAL INFORMATION
In accordance with POPIA, BU will keep your Personal Information on record for as long as:

a) It is legally obliged to do so;
b) A contract or agreement with you requires BU to keep it;
c) You have consented to BU keeping it;
d) BU reasonably requires it to achieve the purpose set out in the terms of transaction or contract with you;
e) BU requires it for legitimate business purposes; or
f) There is ongoing litigation, investigation or tax or other regulatory query relating to the Personal Information.
g) In order to protect information from accidental or malicious destruction when BU deletes information from its services, BU may not immediately delete residual copies and Personal Information from its backup systems.
h) If your Personal Information is no longer required on BU platforms to comply with contractual or legal obligations, it will be deleted from BU’s systems or anonymized accordingly so that identification is not possible, unless BU has to keep the information, including your Personal Information, to comply with legal or regulatory obligations (e.g. statutory retention periods which may arise from the commercial laws or tax laws and may in principle be 5 to 10 years or, if during the statutory limitation periods, which are regularly 5 years, but may be up to 10 years, evidence must be secured).

14 DATA SUBJECT RIGHTS
As a data subject you have a legal right in terms of POPIA to:
14.1 request information about your stored Personal Information, (ii) rectification of your Personal Information, (iii) restriction of processing of your Personal Information, (iv) deletion of your Personal Information, (v) data portability, (vi) revocation of your consent for processing of your Personal Information and (vii) object to the processing of your Personal Information.

14.2 Important to note with regards to your rights is the following:

a) To exercise these rights, please contact BU’s Information Officer at:
info@blackumbrellas.org. BU will require adequate proof of identification from you prior to responding to you (which BU will do within a reasonable time);
b) BU will correct or delete information unless it is required or entitled to keep such information under applicable laws, in which case BU will inform you.
c) If BU believes information does not require correction, BU will provide you with credible reasoning for such.
d) You also have the right to file a complaint with the Information Regulator at https://www.justice.gov.za/inforeg/. Should you wish to lodge a complaint with the Information Regulator related to this Privacy Policy, you may do so in the prescribed manner and form.
e) The address of the Information Regulator is as follows:
The Information Regulator (South Africa)
33 Hoofd Street, Forum III, 3rd Floor. Braampark
PO Box 31533 Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: inforeg@justice.gov.za
f) For further information on how to exercise these rights, please refer to BU’s PAIA and POPIA manual which is available on the BU websites.

15 DETAIL OF DATA SUBJECT RIGHTS
15.1 Right to information: You have the right to ask BU for confirmation of the Processing of your Personal Information in question and, if so, of your right to information about such Personal Information. The right to information includes, among other things, the processing purposes, the categories of Personal Information being processed and the recipients or categories of recipients to whom the Personal Information is disclosed. You may also have the right to receive a copy of the Personal Information that is the subject of the processing. However, this right is limited in that, the rights of others may limit your right to receive a copy.

15.2 Right to rectification: – You may be entitled to request the correction of incorrect Personal Information concerning you. In consideration of the purposes of processing, you have the right to request the completion of incomplete Personal Information, including by means of a supplementary statement.

15.3 Right to erasure (“Right to be forgotten”): – Under certain conditions, you have the right to ask BU to delete your Personal Information.

15.4 Right to restriction of Processing: – Under certain circumstances, you have the right to demand that BU restricts the processing of your Personal Information. In this case, the corresponding data will be marked and processed by BU only for specific purposes.

15.5 Right to data portability: – Under certain circumstances, you have the right to receive the Personal Information relating to you that you have provided to BU in a structured, commonly used and machine-readable format and you have the right to transfer that data to another person without obstruction by BU.

15.6 Right to revocation of consent: – If you have given your consent for some data processing activities, you may revoke your consent at any time with future effect. Such revocation shall not affect the lawfulness of the processing because of the consent until the revocation.

15.7 Right to object: – For reasons arising from your particular situation, you have the right to object to the processing of Personal Information relating to you on the basis of Section 11 of Condition 2 of Part 3 of POPIA (data processing based on legitimate interests). If you object, BU will no longer process your Personal Information unless BU can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising, or defending legal claims.

16 UPDATES TO THE POLICY
16.1 This Privacy Policy will be reviewed by the BU Finance and Risk Committee and is subject to change without prior notice provided these changes have been approved by the BU Board of Directors. This Privacy Policy will be available on My BU

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.