1.1 This is the Privacy Notice of RotoTankTM and its associate companies, available at www.rototank.co.za (Website), which applies to the personal information of RotoTankTM’s customers, suppliers, business partners, prospective employees, employees, and visitors (you).
1.2 RotoTankTM respects privacy rights and complies with all laws in respect of the handling of personal information, including collection, use, storage, sharing and disposal.
1.3 This Privacy Notice helps you understand how RotoTankTM handles personal information when you use the Website or interact with us in other ways such as at our offices or over the telephone or email.
1.4 This Privacy Notice does not apply to any third-party websites which may be accessible through links on this Website. RotoTankTM makes no representations or warranties about the privacy practices of any third party and does not accept any responsibility for the privacy practices of, or content displayed on, third party websites. Third party website providers are responsible for informing you about their own privacy practices.
2 Changes to Privacy Notice
RotoTankTM may change or update this Privacy Notice from time to time. Any updated versions of this Privacy Notice will be posted on the Website and will be effective from the date of posting. Where practical, and at RotoTankTM’s discretion, notice of the change will be displayed on the Website.
3 What personal information does RotoTankTM handle?
3.1 When used in this Notice, the term “personal information” has the meaning given to it in the Protection of Personal Information Act, 2013 (POPIA). Personal information is any information that can be used to personally identify a natural or juristic person. Special personal information is any information that is considered by law to be particularly sensitive information. This includes information related to your health, sex life, race, ethnic origin, religious or philosophical beliefs, trade union membership, political persuasion and criminal behaviour and biometric information. More restrictions apply to the handling of special personal information and the information of children because they are particularly sensitive.
3.2 We may collect, use, store and otherwise handle by any means (also known as “processing”) the following personal information, whether that information is provided by you or by a third party:
(i) Your biographical information – which may include your name, gender, date of birth, language, nationality;
(ii) Your contact information – which may include your telephone number(s), address, email address, country of residence, your contact information if you are a customer’s emergency contact person or next of kin;
(iii) Your identification information – which may include your national identity details, passport information, company registration number, loyalty programme membership information, Customer account number, booking reference, death, marriage or birth certificate;
(iv) Your preferences – which may include your preferred product, installation configuration, marketing preferences;
(v) Financial, legal and qualification information – which may include your bank account information and Value Added Tax number where you are a supplier to RotoTankTM, credit card information and bank statements (in the case of queries or refunds), power of attorney relating to you, financial and qualification background checks conducted when you apply to us for employment;
(vi) Supplier information – which may include black economic empowerment certificate, tender information, references;
(vii) Communications – which may include correspondence with you;
(viii) Website information – which may include information collected through cookies when you use our website to which our cookies policy applies, or other information you provide to us when using our website;
(ix) Special Personal Information – which may include:
(a) Health/medical information (for example allergies, disabilities, dietary requirements, records of accidents and illnesses), so that we can provide you with assistance and support should you require it before and after you conduct affairs with us (such as attending conferences, social gatherings, etc.);
(b) Biometric information such as fingerprint or iris scans, so that we can implement security and access control measures at our premises and voice recordings of telephone conversations for record and evidentiary purposes;
(c) Religious beliefs such as information about religious dietary requirements or credit requirements;
(d) Criminal behaviour, offences and background checks conducted when you apply to us for employment; and
(e) Photographs and CCTV footage or for promotional purposes.
(x) Personal information of children – which may include their biographical information and birth certificates and health/medical information of children where applicable.
In addition, we may collect any other information relating to you which we lawfully receive, and which may be relevant to your dealings with RotoTankTM. If the information that RotoTankTM collects personally identifies you, or you are reasonably identifiable from it, RotoTankTM will treat it as personal information.
4 Personal Information of third parties
4.1 You should not disclose the personal information of third parties to RotoTankTM unless:
(i) there is a legitimate reason why RotoTankTM needs to have that information;
(ii) you are permitted by the third party to disclose their personal information to RotoTankTM or you must be their parent or guardian; and
4.2 An example of when you may disclose a third’ party’s personal information to us is when you are purchasing a product on the third party’s behalf with their consent;
4.3 When you give us the personal information of a third party, please provide a copy of this Privacy Notice to that person so that they can also be made aware of the conditions under which their personal information is handled by us.
4.4 If you provide health related special personal information to us in respect of a third party, specific requirements apply to that.
4.5 RotoTankTM has no way of checking that you have complied with the requirements relating to the disclosure of third party’s personal information and therefore must assume that you have done so.
5 How does RotoTank TM collect your personal information?
5.1 RotoTankTM collects your personal information directly from you in the following ways, namely when you:
access to and use of the Website or any of our mobile platforms or applications;
visit RotoTankTM‘s offices or other premises;
register an account with us;
purchase products and other services from RotoTankTM;
make a special product request to RotoTankTM for any other reason;
address a query to us;
interact with us on social media or through direct messaging systems
enter a promotional competition run by us;
apply to RotoTankTM for employment;
communicate with RotoTankTM in any way; and
have a business relationship with RotoTankTM.
5.2 RotoTankTM also collects your personal information from third parties when they purchase products or other services on your behalf or where a service provider needs information to complete a task at your instruction, such as the installation of a tank.
6 What happens if you do not permit RotoTankTM to collect your personal information?
If you do not provide RotoTankTM with your personal information where we require it, you may not be able to purchase our product or use other services, do business with RotoTankTM, apply to RotoTankTM for employment, enter RotoTankTM premises or access certain portions of the Website or RotoTankTM’s mobile platform and applications and this may restrict your dealings with RotoTankTM.
7 For what purposes does RotoTankTM handle your personal information?
7.1 The law permits us to handle personal information where there is a lawful purpose and justification for doing so. Justifications include where we have your consent, where it is necessary to perform or conclude a contract with you, where it is in our or your legitimate interests or where the law requires us to do so. The purposes for which we handle personal information are set out below.
7.2 We are only permitted to handle your special personal information and the personal information of children under limited circumstances. We will only do so with consent or where we are otherwise permitted by the law.
7.3 We will only handle your personal information for the purposes for which we have obtained it and on a ground of justification stated in POPIA. The purposes include:
(i) To manage our relationship with you – to ensure compliance with laws and to be able conduct our business with you, engage with you or market and provide our services to you, authenticate your identity, to enable us to communicate with you and provide information to you and keep our records updated. Justification: (a) To comply with the law including but not limited to the following laws and their regulations: Broad Based Black Economic Empowerment Act, 2003; Occupational Health and Safety Act, 1993; Value Added Tax Act, 1991; Consumer Protection Act, 2008; Electronic Communications and Transactions Act, 2002; (b) To conclude or perform in terms of a contract with you; (c) Your consent where we ask for it and no other ground of justification applies.
(ii) To manage loyalty membership programmes – which may include administering loyalty benefits. Justification: To conclude or perform in terms of a contract with you.
(iii) To manage recruitment – which may include eligibility for work, processing job applications, vetting, hires, managing visa and immigration requirements. Justification: Your consent.
(iv) To comply with policies including monitoring – which may include in relation to claims, or legal processes or requirements and conducting investigations and incident response. We may conduct limited monitoring in accordance with the Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 or our IT policy, or your consent. Justification: (a) Our legitimate interest; (b) Your consent where we ask for it and no other ground of justification applies.
(v) For security purposes – for providing IT support, security and your authentication (e.g. to check for unauthorised use of those systems and to comply with record keeping and other legal obligations) and to enable you to access our premises. Justification: Our and your legitimate interest, compliance with laws such as governing cross border travel.
(vi) To maintain a safe working environment – we may collect and use personal information to provide a safe and healthy working environment for our suppliers whilst on our premises. Where appropriate, we may share this information with governmental and law enforcement agencies. This may include special personal information such as:
(a) Health information, to make provision for disabilities, allergies, illnesses and injuries, including the provision of such information to third parties such as insurers or medical professionals where appropriate; or
(b) Details of criminal offences, so that we can prevent and detect crime. Justification: (a) Our legitimate interest; (b) To comply with the law including the occupational Health and Safety Act, 1993; (c) To conclude or perform in terms of a contract with you
(vii) To comply with our legal obligations and to change our business structure – we collect personal information to comply with the following laws and their regulations that govern the our relevant business sector. We also collect personal information to deal with claims for compensation. We may disclose your personal information in connection with proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants (these third parties will handle your personal information for their own purposes and not on our instructions). We may also provide your personal information to any potential acquirer of or investor of RotoTank TM for the purpose of that acquisition or investment. Justification: (a) To enable us to comply with legal obligations; (b) Our legitimate interest.
(viii) To monitor equal opportunities for prospective employees and our suppliers – managing race, gender, and disability information as part of our equal opportunities monitoring processes. Justification: (a) To comply with the Broad Based Black Economic Empowerment Act, 2003; (b) Our legitimate interest.
7.4 Where we cannot rely on an alternative legal justification for our handling of your personal information above, we will rely on your consent. Where we do so, you are free to withdraw your consent at any time by contacting us. However, where you withdraw your consent, the consequences in section 6 may apply.
7.5 Generally, where you are our supplier, we handle your personal information on the basis that it is necessary to do so in connection with our contract with you. We may also handle your personal information to further our legitimate interests, such as to optimise the working environment, and our other business interests or in terms of the law. In all instances we will have a lawful justification to handle your personal information.
8 To whom does RotoTankTM disclose your personal information?
8.1 RotoTankTM may disclose your personal information to:
(i) our employees, affiliates, contractors or third-party service providers;
(ii) our business partners, which provide services to you or with which you may interact as part of your dealings with us;
(iii) financial institutions in the case of refunds;
(iv) persons to which we transfer our rights and obligations under our contracts with you;
(v) our insurers and our professional advisors, including our accountants, lawyers, business advisors and consultants;
(vi) employment agencies, past employers or companies that contracted you to us, credit bureaux, anti-fraud agencies, sanctions and politically exposed person screening lists;
(ix) our suppliers
(x) law enforcement or regulatory bodies; and
(xi) customs and immigration departments or other regulatory authorities in your country of delivery and/or collection of products to comply with the law of those countries; and
(xii) any other juristic or natural person for any authorised purpose with your consent.
8.2 We may disclose the personal information of other persons where necessary to our service providers and business partners.
8.3 We will never sell personal information.
9 Does RotoTankTM disclose your personal information to anyone outside South Africa?
9.1 Your personal information may be transferred to, or stored in, a country other than South Africa. This may include your personal information being transferred to, and stored with, RotoTankTM’s third party suppliers and service providers, such as when hosting or information technology service providers located outside of South Africa, for some of the purposes listed above.
9.2 Where the personal information is transferred outside of South Africa, it will be transferred to a country with suitable protections on personal information or will be transferred subject to an agreement or rules that protect the personal information.
10 Direct marketing
10.1 If you are a customer of RotoTankTM we may send you marketing communications from time to time that may be of interest to you. Each time you receive such a communication from us, there will be a simple and convenient method of opting out of receiving future marketing communications from us.
10.2 If you are not a customer of RotoTankTM’s we may request your permission to send you marketing communications from time to time that may be of interest to you. If you decline the request, RotoTankTM’s will not send you marketing communications.
11 Security and storage
11.1 We may hold personal information in either electronic or hard copy form. In both cases we will take reasonable and appropriate steps to ensure that the personal information is protected from misuse and loss and from unauthorised access, modification, or disclosure.
11.2 We keep personal information for as long as we need to achieve the purpose for which it was collected and any other permitted linked purpose (for example your personal information which is relevant to a transaction may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such information). If personal information is handled for 2 purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period once that period expires.
11.3 Personal information is destroyed or irreversibly anonymised when no longer needed or when we are no longer required by law to retain it (whichever is the later).
11.4 We restrict access to the personal information to those authorised persons who need to use it for the relevant purpose(s).
12 How can you exercise your rights?
12.1 You have the right to contact us at any time requesting:
(i) confirmation that we have your personal information;
(ii) access to the records containing your personal information or a description of the personal information that we hold about you; and
(iii) the identity or categories of third parties who have had, or currently have, access to your personal information.
12.2 You also have the right to object to our handling of your personal information on reasonable grounds where our justification for doing so is our or your legitimate interests.
12.3 When making a request we require adequate proof of identity which will include providing a certified copy of your identity or registration document/s.
12.4 We will try to provide you with suitable means of accessing information, where you are entitled to it, by for example, posting or emailing it to you.
12.5 There may be instances where we cannot grant you access to your personal information. For example, if your access would interfere with the privacy of others or would result in a breach of confidentiality, we may need to refuse access. If we refuse access, we will give written reasons for our refusal.
12.6 If you believe that any personal information that we hold about you is inaccurate, irrelevant, outdated, incomplete or misleading, you may request us to correct it. If you believe that any personal information that we hold about you is excessive or has been unlawfully obtained or that we are no longer authorised to retain the information, you may request that we destroy or delete it. We will consider if the information requires correction, deletion or destruction and if we do not agree that there are grounds for action, you may request that we add a note to the personal information stating that you disagree with it.
12.7 We may charge a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge you for simply making the request or for us making any corrections to the personal information. You also have the right to complain to the Information Regulator where you believe that we are not handling your personal information in accordance with the law. Complaints may be sent to the following email address: email@example.com
13 Unlawful access to your personal information
If you believe that your personal information has been unlawfully accessed or acquired, you may contact RotoTankTM’s Information Officer using the contact information below and provide details of the incident so that RotoTankTM can investigate it.
14 Changes to personal information
We are required to take steps to ensure that the personal information we hold is accurate, complete, relevant, not misleading and up to date. Should your personal information (or the personal information you provide) change, you must inform us and provide us with all changes as soon as reasonably possible to enable us to update the personal information.
15 Notice to European Users
RotoTankTM is located in South Africa and third parties to which we provide access to your personal information may be located worldwide. The personal information you provide to us, may, therefore, be transferred outside of the European Economic Area, including to countries which may not offer an equivalent level of protection to that in the European Union. Article 49 of the European Union’s General Data Protection Regulation allows for transfer of personal data from the European Union to a third country if the individual has explicitly consented to the transfer of personal information, regardless of the third country’s level of protection. By providing us with personal information, you consent to the transfer of all such information to South Africa and other countries which may not offer an equivalent level of protection to that in the European Union and to the handling of that information in terms of this Privacy Notice.
16 Contact information