GLEN CARLOU’S PROTECTION OF PERSONAL INFORMATION ACT PRIVACY NOTICE
This Notice explains how Glen Carlou obtains, uses and discloses your personal information, in accordance with the requirements of the Protection of Personal Information Act, no. 4 of 2013 (POPIA’).
This Notice applies:
- when you use any of our products or services;
- when you apply to us for a job or work placement;
- when you supply services to us where this involves any personal information;
- as a result of your relationship with our clients; and/or
- to any information collected from or shared with third parties.
This Notice also applies to our websites, applications and online services as well as any publications or newsletters that you receive from Glen Carlou.
The personal information we collect
We collect the following personal information from you:
- Your name and surname
- Health information, as part of our screening processes when you access our premises, in order to comply with Covid-19 regulations and protocols
- Identity – or passport number when necessary
- Contact number
- Email address
- Order details
- Payment details
- Shipping address
- Details of enquiry
- Product(s) preference
- Time spent on our website
- Search queries submissions
- Social media handles
- Cookies and web beacons
- Log-in and device information
- Opt-in consent for marketing
- Booking and reservation details
From whom do we collect your personal information
We collect information directly from you where you provide us with your personal details. Where possible, we will inform you what information you are required to provide to us and what information is optional.
- Personal Information you provide:
This includes any personal information that you provide to us directly, whether through our website or via phone, text messages, social media or any other medium. This may include personal information you provide to us:
- by filling in forms on our social media accounts or our website (hereafter referred to as ‘platforms’)
- when you register on our platforms or subscribe to use services on our platforms
- when you enter a competition, promotion or complete a survey
- by posting comments or content on our platforms
- when you purchase one of our products or services;
- when you contact us and when you otherwise provide information directly to us.
- Personal Information we collect or receive when you use our platforms, products or services:
We collect personal information when you use our platforms or services, or buy products from us by using cookies and web beacons. This may reveal log-in information, device information and search queries submissions. We receive this when you:
- access our platforms (this reveals the type of device you’re using, your browser or operating system and your Internet Protocol (“IP”) address);
- interact with our platforms and other services, view content and submit search queries.
- Information from third-party sources:
We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in other ways. We may also receive information about you when you choose to connect with social networking services while using our platforms.
- Required Information
Some types of personal data are required as condition for using our services. Mandatory information includes personal data required for processing payments and delivering orders. Failure to provide this mandatory information will mean that you will be unable to place an order with us.
How we use your information
We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary your information may be retained without your consent for legal purposes.
We collect personal information for the following purposes:
- To collect contact information
- To confirm and verify your identity or to verify that you are an authorised user for security purposes
- To process payments for our services and to deliver orders to you
- To respond to your queries, feedback and complaints
- To maintain a customer database
- To provide you with promotional material and inform you of competitions if you have opted-in to receive this information
- To inform you of similar products after you have placed an order with us
- To allow you to register an account on our website
- To improve your experience on our website
- To gain behavioural insight to give you personalised recommendations/targeted advertising
- To allow you to book a reservation at our restaurant or the wine tasting centre
- For the detection and prevention of fraud, crime, money laundering or other malpractice
- To conduct market or customer satisfaction research or for statistical analysis
- For audit and record keeping purpose
- In connection with legal proceedings
- For anything you have specifically consented to
How do we share the personal information we collect
We undertake to use your personal information only for the purpose for which the information is essential and not to share or further process your personal information without your consent. We may share your personal information with third parties –
- to provide efficient services.
- who are our service providers and who are involved in the delivery of products or services to you. We aim to have agreements in place to ensure that they comply with the privacy requirements as required by POPIA.
- where we have a duty or a right to disclose in terms of law or industry codes.
- to comply with court orders.
- to recover debts and liaise with our attorneys in connection with any potential, threatened or actual litigation.
- in respect of the restructure of sell of our businesses or assets.
- where we believe it is necessary to protect our rights.
Location of your personal information
Our website is hosted by Amazon Web Services UK Limited in the United Kingdom, who renders this service in terms of an agreement we have with them.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Physical security
- Computer and network security
- Access to personal information
- Secure communications
- Security in contracting out activities or functions
- Retention and disposal of information
- Acceptable usage of personal information
- Governance and regulatory issues
- Monitoring access and usage of private information
- Investigating and reacting to security incidents
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
- Access to information
You may request a copy of the personal information we hold about you. To do this, simply contact us at the numbers or addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
- Right to withdraw consent
Where we have relied on your consent to process particular information and you have provided us with your consent to process data, you have the right to withdraw such consent at any time.
- Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate. In certain circumstances we may have the right to refuse to delete your personal information.
- Right to object to processing justified on legitimate interest grounds
You have the right to object to the use of your personal information for direct marketing or where we use it on the basis that we say we have a legitimate interest in using it.
- Right to lodge a compliant
You also have the right to lodge a complaint with the South Africa Information Regulator if you consider that the processing of your personal data infringes applicable law.
The Information Regulator (South Africa)
316 Thabo Sehume Street,
T +27 12 406 4818
F +27 86 500 3351
How to contact us
Our information officer is Mr Johan Erasmus. Our deputy-information officer is Mrs Hermien Deale. If you have any questions about this Notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access; wish to bring any complaints to our attention; or correct your personal information, please contact our deputy-information officer, whose contact details are as follows:
Email: [email protected]
Telephone: +27 21 875 5528
Postal address: PO Box 23, Klapmuts, Western Cape, South Africa, 7625
DEFINITIONS OF TERMS USED IN THIS NOTICE
In this notice, the following terms and expressions, will have the meaning as assigned to them by POPIA:
- Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our firm.
- Data subject is an individual or juristic person to whom personal information relates.
- Electronic communication means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.
- Information security breach is any incident:
- in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed or otherwise used or processed in an unauthorised manner; or
- that results in the unauthorized access of information, applications, services, networks and/or devices by bypassing our firm’s security mechanisms.
- Personal information is Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
- Processing means any operation or activity or any set of operations of the responsible party, whether or not by automatic means, concerning personal information, including —
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of personal information;
- dissemination of personal information by means of transmission, distribution or making available in any other form; and
- merging, linking, as well as restriction, degradation, erasure or destruction of personal information.
- Record means any recorded information regardless of form or medium, including any of the following:
- writing on any material;
- information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
- label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
- book, map, plan, graph or drawing; and
- photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
in the possession or under our firm’s control, whether or not it was created by us; and regardless of when it came into existence.
- Responsible party means Glen Carlou Vineyards (Pty) Ltd.
- Special personal information is information that relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject. It also includes criminal behaviour relating to alleged commissions of offences or any proceeding dealing with alleged offences.