Campus
Key
Campus
Key
Privacy Policy
In accordance with the Protection of Personal Information Act, 20133
1. Introduction
The Protection of Personal Information Act 4 of 2013 ("the Act") serves the purpose of giving effect to the constitutional right to privacy by ensuring information is processed responsibly to prevent security breaches, theft, and discrimination. At PROSPEKT, we value your trust and endeavour to uphold the provisions of the Act for your protection and peace of mind. The Act sets out requirements for the processing of personal information, which PROSPEKT in this policy echoes. This policy will give you insight into how PROSPEKT processes and protects the personal information you provide us with through your various interactions with us.
Just a few definitions to assist you in navigating the document:
-
“Responsible Party” is the person or entity that processes information on behalf of a Data Subject
-
“Data Subject” is any person that provides a Responsible Party with their personal information
-
“Operator” is any person who processes information of a Responsible Party in terms of a contract or mandate. An example of this is where a Responsible Party outsources a function of their business to a third party
2. What is personal information, and what personal information do we collect about you?
According to the Act, ‘personal information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
At PROSPEKT, we may collect, where applicable:
As a Responsible Party:
For clients:
-
Identity data: name and registration number of your company or entity if you are a legal person, first name and surname and identity number if you are a natural person or the representative of a legal person
-
Contact data: address, email address, contact number
-
Financial data: bank account and card details
-
Transaction data: details about payments and products/services you have purchased from us
-
Technical data: includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the full URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
-
Profile data: username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
-
Usage data: information about how you use our Website, products and services
-
Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
For employees:
-
Identity data: your first name and surname
-
Contact data: address, email address, contact number
-
Financial data: bank account details
-
Technical data: includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the complete URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
-
Profile data: username and password for any employee-related service
For third parties, where applicable (such as suppliers or potential customers):
-
Identity data: your first name and surname
-
Contact data: address, email address, contact number
-
Financial data: bank account details
-
Transaction data: details about payments and products/services you have supplied to us
-
Technical data: includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the full URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
-
Usage data: information about how you use our Website, products and services
-
Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences
As an Operator:
Please note as an Operator we process certain information on behalf of our clients to fulfill the contract entered into with our client. As an Operator we are not liable under the Act as a Responsible Party. However, we must protect and secure the information in terms of the Act (see paragraph 8 and 10 below). As an Operator we process the following information on behalf of our clients:
-
Identity data: first name and surname
-
Address: physical location
-
Contact data: mobile number
-
Financial data: bank account and card details supplied to the client by their data subject
-
Transaction data: details about payments and products/services that the data subjects of our clients have purchased
-
Profile data: username and password, purchases or orders made by the Date Subject, their interests, preferences, feedback and survey responses
-
Marketing and communications data: Data Subject’s preferences in receiving marketing from you, as our client, and their communication preferences
We do not collect any special categories of personal information about you. This information includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political persuasion, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
​
3. Acceptance of our policy
By using our product/services, you understand that we will collect and use your personal information as indicated in this policy. You have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes.
Where we need to collect personal information under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have with you.
4. How do we collect your personal information?
Direct interactions: by way of filling in forms, email or telephone correspondence, purchasing or subscribing to products/services, and via our Website.
Automated technologies or interactions: we automatically collect technical data about your equipment, browsing actions and patterns as you use our Website. We collect this personal information by using cookies and other similar technologies.
Third parties or publicly available sources: example, business partners, sub-contractors or credit reference agencies.
5. How do we use your or your Data Subject’s personal information?
PROSPEKT will only use your personal information when the law allows us to. We will most likely use your personal information in the following circumstances:
-
Where we need to perform the contract, we are about to enter into or have entered into with you.
-
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
Where we need to comply with a legal or regulatory obligation.
6. What will we use your or your Data Subjects personal information for (where applicable)?
-
To register you as a new customer.
-
To employ you as an employee of PROSPEKT and to enable us to fulfill our function as an employer.
-
To process and deliver in terms of our Agreement, including processing your Data Subjects information as an Operator, manage payments, fees and charges.
-
To collect and recover money owed to us.
-
To manage our relationship with you, as a client which will include: notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey.
-
To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
-
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
-
To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences.
-
To make suggestions and recommendations to you about goods or services that may be of interest to you.
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason. We may process your personal information without your knowledge or consent in compliance with the Act, where this is required or permitted by law.
7. Marketing
We will provide you with choices regarding certain personal information uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased services from us. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a product/service purchase, product/service experience or other transactions.
You may set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly.
8. Disclosure of personal information
We will not sell personal information and no personal information will be disclosed to anyone except as provided in this policy. We may disclose your personal information if required by a subpoena or court order; or to comply with any law or regulation.
We may share your personal information:
-
with other related companies in terms of our Agreement with you, as our Client
-
with our service providers under contract, as permitted by law
-
with credit bureaus to report account information, as permitted by law
-
with social media platforms when you use tools or functionality on our Website provided by those platforms (such as "recommend" or "share" buttons); and with marketing partners where you register for events, webinars or other related events
-
with public or government authorities to follow applicable law or to respond to legal process (like a subpoena). We also may share your personal information when there are threats to the physical safety of any person, violations of this policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public as required by law
-
with the Preferred Service Providers and Goods Suppliers in terms of our Agreement for statistical purposes only
-
for business transactions like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have
-
with your consent. For example, when we post user testimonials that may identify you or for a third party application that may be of use to you and
-
with your employer or organisation where you create an account or user role with an email address assigned to you as an employee, contractor or member of an organisation, that organisation may find your account and take specific actions that may affect your account
-
We may need to disclose personal information to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel. Any of our employees or personnel that handle your personal information will have signed non-disclosure and confidentiality agreements.
9. International transfers
We may transfer personal information outside South Africa to be stored on servers located outside South Africa where the laws protecting personal information may not be as stringent as the laws in South Africa. You consent to us processing your personal information in a foreign country whose laws regarding the processing of personal data may be less stringent.
10. How secure is our data?
We have put into place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, such as password protection, two-factor authentication, device control policies and other stringent security measures.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We execute regular penetration tests using third-party software to test and indicate our technical defences’ strength continually.
11. How long will we use your personal information for?
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal Information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
12. What are your legal rights?
Under certain circumstances you are entitled to:
-
Request access to your Personal Information
-
Request correction of your Personal Information
-
Request erasure of your Personal Information
-
Object to processing of your Personal Information
-
Request restriction of processing your Personal Information
-
Request transfer of your Personal Information
-
Withdraw consent
-
Not be subjected to automated decision-making
13. Promotion of Access to Information Act 2 of 2000 (“PAIA”)
PAIA gives you the right to access information that is required to exercise or protect your rights. In terms of PAIA, before access to the information requested by persons is granted, specific requirements have to be met. PAIA also requires private bodies such as PROSPEKT to compile a manual designed to assist persons who want to exercise their right to access information. You or third parties may also request access to your personal information held by PROSPEKT. PAIA regulates and sets out the procedure for such a request and under what circumstances such access may be refused. Please contact us should you require our PAIA manual, the prescribed request form and/or information on applicable fees payable for access to this information.
​
14. Your duty to keep your personal information with us updated
This policy was last updated on 23 September 2021. The personal information we hold about you must be accurate and current. Please keep us updated if your information changes during your relationship with us.
15. Queries or complaints
Should you have any queries or complaints about this policy, you may email us directly.
You are also entitled to refer any concerns to the South African Information Regulator:
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email address: complaints.IR@justice.gov.za