2. DEFINITIONS AND INTERPRETATION
2.1 “Boekenhoutskloof” (or “we” / “us” / “our”) means Boekenhoutskloof Winery (Pty) Ltd, with registration number: 2005/019950/07, a South African company with registered offices at Boekenhoutskloof Winery, Excelsior Road, Franschhoek, 7690, Franschhoek;
2.2 “Websites” means the websites owned by Boekenhoutskloof;
2.3 “Parties” means:
2.3.2 “You” or the “Data Subject” means any person, including persons visiting, browsing, registering on and purchasing from our websites (“Users”), as well as our suppliers, service providers, merchants/customers, all to whom the Personal Information relates;
2.4 “Operator” means those third party persons or entities who Processes Personal Information on behalf of the Responsible Party in terms of an agreement;
2.5 “Personal Information” shall have the meaning ascribed to it in POPIA, currently being information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, as amended from time to time, which includes, but is not limited to the Personal Information specified in clause 3.
2.6 “POPIA” means the Protection of Personal Information Act 4 of 2013, as amended from time to time;
2.7 “Processing” shall have the meaning ascribed to it in POPIA, currently being any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information as amended from time to time, and “Processed”, “Process” and “Processes” shall be ascribed similar meaning;
3. WHAT PERSONAL INFORMATION WE COLLECT AND WHY
3.1 We Process Personal Information to operate effectively and provide you with the best services and user experiences we can, but Process only the amount necessary to provide those services. In particular we Process Personal Information for the below mentioned reasons:
3.2 The Websites
3.2.1 When you visit the Websites, we automatically collect your computer’s internet protocol (IP) address and other technical information about your computer and website usage, such as your browser type and version, time zone setting, and operating system and platform. When conducting extended market research, we may also collect the pages you accessed on the Websites, the links you clicked, the sites visited prior to visiting the Websites, emails from us that are opened, forwarded or clicked through to the Websites, etc.
3.2.2 When you visit the Websites, an automatic system is used to collect data, known as cookies. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
3.2.3 We also use Facebook Pixel and Google Analytics which enable us to track conversions. This means that we are able to track when a person visits our Websites from an advert we posted on Facebook. We are also able to obtain certain information about Users, namely geographical location, how long you were on the Websites, what sites you were on that lead you to ours. Users that visit the Website or interact with Websites may receive adverts we run in their Facebook and Instagram newsfeed.
3.3 Contests, Email Newsletters, Inquiry and Loyalty Card Programme Information
3.3.1 To receive our email newsletters or enter competitions, make an inquiry you must provide your full name and email address and other applicable information. You may also be asked to provide your phone number, physical address, social media particulars, and information about your purchase, interest or preference relating to our products. You may also voluntarily provide other limited information when making an inquiry. If you participate in any competition, we may request a photo and description of your participation. In some cases, we may collect information related to frequency of purchases, albeit always on an anonymous and aggregated basis, for us to gauge our marketing initiatives.
3.4 Information relating to Sourcing and Procurement
3.5 Information we collect in order for us to provide you with goods and services
3.5.1 We Process the following Personal Information from you when you purchase products from us through the Websites and/or through such other means, such as purchase order over email or phone:
- Full name and surname;
- age and/ or birthday in order to verify that you are of legal age to purchase alcohol;
- address and contact details including your email address; phone number/s; country of residence;
- area or postal code;
- personal preferences if provided;
- browsing history;
- purchase history;
- non-personal browsing habits and click patterns;
- IP address.
3.5.2 We use the Personal Information in order to process payments for the products ordered and to organise delivery thereof. We use third-party payment providers, namely Peach Payment and Yoco, to process your payments through the Websites. These third party payment providers are governed by strict data protection laws, including compliance and accreditation with the relevant Payment Card Industry Data Security Standards.
3.5.3 We share your name, physical address, email address and phone number with our third-party logistics service providers, for the purpose of having your products delivered to you.
3.5.4 Once the product you have ordered has been purchased and delivered to you, we retain the Personal Information Processed for the following reasons:
- enable you to create a personal profile on the Websites;
- enable you to make use of the Websites so as to browse or repurchase products from us from time to time;
- enable us to make relevant wine recommendations on a personalised basis;
- communicate information to you regularly, for example through newsletters;
- compile and maintain the Websites and client database;
- register and/or authenticate users of and/or visitors to the Websites;
- identify and take reasonable measures to prevent fraudulent uses of or access to the Websites;
- compile non-personal statistical information about browsing habits, click patterns and access to the Websites;
- attract buyers by showing anonymised information about the database, for example demographics;
- track client database size and growth.
4. PROCESSING AND TRANSFERRING OF PERSONAL INFORMATION
4.1 We only transfer your Personal Information to Operators we trust and who have agreed to keep your Personal Information secure and confidential and to only use it for the purposes for which we shared it with them, which is to meet our contractual obligations with you, for example:
4.1.1 Personal information held by us is processed by appropriate members of staff for the purposes for which the information was provided.
4.1.2 Some of our systems on the website are provided by third parties, including:
4.2 All our Operators are required to take appropriate security measures to protect your Personal Information. We do not allow Operators to use your personal information for their own purposes.
4.4 Through your continued use of the services, you consent to the transfer of your Personal Information to the Operators who are in a foreign country for purposes of concluding and performing in terms of the contract in respect of the Services.
5. REASONABLE MEASURES TO SECURE YOUR PERSONAL INFORMATION
5.1 When we process your Personal Information, we ensure that the integrity and confidentiality of your Personal Information is secure by taking appropriate, reasonable technical and organisation measures to prevent loss of, damage to, unauthorised destruction of and unlawful access to your Personal Information, having at all times due regard to generally accepted information security practices and procedures which may apply to Us or be required in terms of our specific industry or professional rules and regulations.
5.2 In order to give effect to the above, we have taken and shall continue to take reasonable measures to identify all reasonably foreseeable internal and external risks to Personal Information in our possession or under our control, establish and maintain appropriate safeguards against any risks identified, regularly verify that the safeguards are effectively implemented and updated in response to new risks or deficiencies in previously implemented safeguards.
5.3 In consideration of the above, we have established and implemented the following, amongst others, security practices and procedures to secure your Personal Information:
5.3.1 password and/or two-factor authentication protection for electronic files, device access and app software;
5.3.2 securing paper files and physical access restrictions;
5.3.3 physical and electronic access control to our buildings and servers;
5.3.4 limitation on those employees who have access to your Personal Information to those employees who require access to fulfil their designated responsibilities;
5.3.5 storage and transfer of Personal Information in electronic databases containing safeguards such as firewalls, data encryption and two-factor authentication;
5.3.6 ensuring that any Operator that we share your Personal Information with agrees in writing to treat your Personal Information with the same level of protection as we are obliged to in terms of POPIA.
6. STORAGE OF YOUR PERSONAL INFORMATION
6.1 We will not keep your Personal Information longer than we need to fulfil the Purposes, unless we are legally required to do so, we are authorised to do so by law, or we require the record for lawful purposes related to our functions or activities.
6.2 We take legal requirements, contractual obligations, the functions and activities of the services, and your expectations and requirements into account when we determine how long we should retain your Personal Information.
6.3 As soon as reasonably practicable after we no longer need your Personal Information, we will delete, destroy and/or de-identify your Personal Information in accordance with POPIA.
7. STORAGE OF YOUR PERSONAL INFORMATION
7.1 You acknowledge that any Personal Information you provide us is Personal Information that you voluntarily provide, however you acknowledge that the Personal Information requested by us is mandatory for the provision of the services. Where we need to collect Personal Information by law, or under the terms of a contract for the provision of a service, and you fail to provide the required Personal Information, we may not be able to comply with our obligations in terms of the law and/or contract. In such an instance, we may have to deny providing the service to you or cancel the service.
8. STORAGE OF YOUR PERSONAL INFORMATION
8.1 You have the right to:
8.1.1 be notified that your Personal Information is being collected;
8.1.2 be notified of security compromises where reasonable grounds exist for us to believe that your Personal Information has been accessed or acquired by an unauthorised person;
8.1.3 ask us what Personal Information we have processed and request access to such Personal Information;
8.1.4 ask what Personal Information was sent to our service providers or any other third party;
8.1.5 ask us to update, correct or delete any Personal Information we have in our possession about you where it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully;
8.1.6 unsubscribe from any direct marketing communications we may send you and object to the Processing of your Personal Information;
8.1.7 request us to delete or remove your Personal Information where there is no legal and/or legitimate reason for us continuing to process same;
8.1.8 request restrictions on Processing of your Personal Information;
8.1.9 withdraw your consent at any time where we are relying on consent to process your Personal Information;
8.1.10 to submit a complaint to the Information Regulator regarding an alleged infringement with POPIA, however, we do encourage you to first allow our internal compliance process to resolve the complaint. Please contact our Information Officer as set below, whereafter if you feel that your complaint has not adequately been resolved, you can contact the Information Regulator (South Africa) at:
33 Hoofd Street,
Forum III, 3rd Floor Braampark
P.O. Box 31533
Tel No. +27 (0) 10 023 5207
Cell No. +27 (0) 82 746 4173
8.1.11 Please see the contact details in clause 11 in order to exercise your rights described above.
9. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
9.1 You can, having provided the adequate proof of identity, request us to confirm, free of charge, whether or not we hold Personal Information about you.
9.2 You can, having provided the adequate proof of identity, request us, at a prescribed fee, to provide record or a description of the Personal Information held by us about you, including the identity of all Operators who we have given access to your Personal Information.
9.3 We may or must, as the case may be, refuse to disclose the Personal Information requested in terms of this clause to which the grounds for refusal of access to records set out in the applicable sections of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act 2 of 2000 (“PAIA”) applies.
9.4 You have the right to request us to correct or delete the Personal Information we have in our possession where it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully. You may further request us to destroy or delete a record Personal Information about you that we are no longer authorised to retain.
9.5 Should you wish to exercise your rights as set out in this clause, please contact us as per the contact details provided in clause 11. We are entitled to respond to you within a reasonable time which can take us up to 21 business days due to procedures that we are required to follow.
9.6 In certain circumstances, if we are unable to reach agreement on your request as contained in this clause, you are entitled to request that we take such steps as are reasonable in the circumstances, to attach to the Personal Information in such a manner that it will always be read with the information, an indication that a correction of the Personal Information has been requested but has not been made.
10. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
10.1.1 Boekenhoutskloof Winery Pty (Ltd) will only process your Personal Information for the purpose of direct marketing by means of electronic communication where you have given your consent.
10.1.2 Where Boekenhoutskloof has processed your Personal Information in the context of a sale and you have not objected to Boekenhoutskloof using your electronic details at the time the Personal Information was collected or on each occasion and for each communication which is sent to you for the purpose of direct marketing, Boekenhoutskloof will continue to send you electronic communication for the purpose of direct marketing until such time that you request that such communication cease or your communication preference is amended by either following the unsubscribe process as indicated on the communication itself or by sending your request through to firstname.lastname@example.org
11. CONTACT OUR INFORMATION OFFICER
Human Resources Manager/ Information Officer