Last Updated 1 July 2021
Data protection and disclosure of information
As part of our day-to-day business of providing Ergonomic Services and Products (the “Services”), we need to collect personal information from our clients and potential clients to ensure that we can meet their needs for the provision of or information about the Services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal information and details your rights in respect of our processing of your personal information. We process your information in terms of our Protection of Information Policy and Retention of Data Policy.
To review same, kindly send a request to the Information Officer: Piet Nel; email@example.com. Defined terms herein, where not herein defined, are defined within the Protection of Personal Information Act, 2013 (as may be amended or substituted from time to time) (“POPIA”).
Who are we?
This Privacy Notice applies to the processing activities of Ergonomicsdirect (PTY) Ltd for the processing of your Personal Information. Any reference to ‘us’, ‘our’, ‘we’ in this Privacy Notice is a reference to Ergonomicsdirect. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our clients and potential clients as a Data Subject, or a Competent
Person in respect of such client and potential client that is incompetent, such as a minor child. Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices, and to make sure it remains appropriate to the changing environment.
What kind of Personal Information do we collect?
We collect information necessary to fulfil our obligations to our clients in the course of providing the Services.
We may collect the following types of information about you:
Name, address and contact details, date of birth and gender, bank details, education and qualifications, employment details, family details, medical aid details, lifestyle and social circumstances, location data, any other similar information.
On occasion the following sensitive Personal Information may be obtained: physical or mental health details, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, genetic data, biometric data. We will only obtain and process this information with your express consent as set out in terms of the relevant contractual terms.
Much of this information is collected in order to establish and assess the reasons for a referral to us as well as whether we can and should provide the Services (and products, where relevant) to you. If you chose not to provide the information required, we may not be able to provide you with the requested product or service. If you provide us with any Personal Information relating to a third party (e.g., information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained their consent and/or are a Competent Person in respect to the provision of such Personal Information.
How is the Personal Information obtained?
We obtain this information in a number of ways, for example through the provision of intake assessments, interviews with you, relevant and related educators, relevant and related health care professionals, family members, questionnaires etc. as well as from information provided in the course of ongoing services and communication. Additionally, we may obtain Personal Information about you through your use of our websites, apps, or using cookies on our websites, in particular by recording your activity and which pages you look at on our websites (please see below on Cookies).
We may record any communications with you including electronic (including video conference), by telephone, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our regulatory duties in relation to our record keeping obligations. It may or may not be retrievable.
Such conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which may record your image and conversations which you acknowledge, understand and accept.
What Lawful Basis do we rely on?
We may be required to collect and use certain types of Personal Information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with POPIA and any other relevant data protection laws and codes of conduct (herein collectively referred to as “the data protection laws”) which are applicable to Ergonomicsdirect and its business.
The data protection laws allow us to only process your data for certain reasons:
- to perform a contract that we are party to;
- to carry out legally required duties;
- for us to carry out our legitimate interests;
- where we obtain your consent;
- to protect your interests; and
- where something is done in the public interest.
All the processing carried out by us falls into the permitted reasons, for example; our use of your personal information in order to comply with our obligations under contract. This includes where a contract is not yet signed but you have requested us to take action as a first step (e.g. provide details of our services).
Where our use of your personal information requires consent, such consent will be provided explicitly by you as set out herein, in the Terms & Conditions entered into by you with Ergonomicsdirect or as otherwise provided or procured.
If we rely on your consent as our legal basis for processing your personal information, you then have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Notice; however, the withdrawal of consent may be limited by law or contract or subject to the completing of a relevant service or other similar and related activity. Withdrawal of consent will likely necessitate the termination of services.
We use WhatsApp for communication, which has embedded end-to-end encryption that ensures only the persons you’re communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. We use Google Workspace (formerly “GSuite”) and Mailchimp which are designed to meet stringent privacy and security standards based on industry best practices.
We also utilise Microsoft Teams and Zoom. Further information can be provided on request or researched via their respective websites. You consent to us processing personal information via these channels as well as telephonic communication.
What we do with the personal information we obtain?
We may use information held about you in the following ways:
- To provide you with any services and/or information you request from us (which includes carrying out any obligations arising from any contracts entered into between you and us);
- to notify you about changes to our services;
- to provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by Ergonomicsdirect and which we think may be of interest to you. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone or email using the details in the ‘Contact us’ section below. You can unsubscribe from emails by following the unsubscribe instructions included in every email; alternatively, on request to the Information Officer.
- to administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
- to improve our sites to ensure that content is presented in the most effective manner for you and for your device;
- to measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
- for the purposes of providing services such as ‘most popular’ information on our site;
- to deliver targeted advertisements to you and others as you browse the internet;
- to obtain your feedback on a product, service or our sites via a third party appointed by us;
- to allow you to participate in interactive features of our sites, when you choose to do so; and
- as part of our efforts to keep our sites safe and secure.
Disclosure of your personal information
We may share the Personal Information we hold about you across Ergonomicsdirect with its employees to enable us to better understand your needs and run your accounts in the efficient way that you expect. Your Personal Information may also be used for customer modelling, statistical and trend analysis, with the aim of developing and improving our products and services.
We will never sell, trade, or rent your Personal Information to others; however, we may share your information with selected third parties including:
- our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations for example IT services.
- governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
- non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing reports, account statements and other information, conducting research on client satisfaction;
- advertisers and advertising networks that require the data to select and serve adverts about our services to you and others. It will only be passed to third party advertisers in order to provide services on behalf of Ergonomicsdirect.
- data, service and software providers that assist us in the improvement and optimisation of our sites;
Where we share your data with third parties, we ensure that your data is held securely and in line with applicable legislation.
Payment Services Ergonomicsdirect has contracted Payment Service Providers (PSP) PayFast and SnapScan in order for our Data Subjects to process payments for the products and services listed on our website and Online Store. We do not collect, process, store or share any banking or financial information of our Data Subjects ourselves as this is done by the PSP’s utilising their own secure and PCI Compliant Payment Gateways. Ergonomicsdirect (PTY) Ltd only receives notification of the completed financial transaction from the PSP utilizing an identifier unique to the Data Subject (normally the Data Subject’s email address). We utilise this Personal Information to verify the completion of the transaction in order to proceed with the provision of the product or service to you.
For payments made through these entities, you are engaging with them separately in your own personal capacity and the PSPs are the Responsible Parties of the personal, banking, financial and any other information which you provide them for the purpose of making any payments. PayFast and SnapScan are both registered South African Financial Institutions and operate within the Republic of South Africa. For further information regarding their payment services, privacy and security, or if you have any payment related queries or concerns, please contact them directly through the contact methods specified on their websites.
In order to purchase our products and services, you will need to provide accurate and up to date personal and banking Information requested by these PSPs to effect payment. Should you not wish to provide this information to these PSPs, we may not be able to conclude any transactions with you and provide you with the products and services you have requested.
Delivery of Merchandise
Ergonomicsdirect utilises MDS Collivery, M T S Couriers, Dawn Wing Couriers, as well as Bambisana Office Movers and Installers to deliver purchased products or prizes won by our customers in competitions. In order to fulfil these deliveries, we are obliged to provide these companies with your Name, Surname, Delivery Address and Phone Number. You consent to us providing your Personal Information to these companies in order to receive the Ergonomicsdirect merchandise and agree to provide Personal Information that is up to date and accurate in order for these deliveries to be fulfilled.
How we store Personal Information
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold Personal Information in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the Personal Information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that Personal Information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations.
If we hold any Personal Information in the form of a recorded communication, by telephone, electronic, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements.
Where you have opted out of receiving marketing communication, we will hold your details on our suppression list so that we know you do not want to receive these communications.
The Retention of Documents Policy contains further information on this and is available on request.
Management and Safeguarding of Personal Information
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle Personal Information to respect the confidentiality of customer information and the privacy of individuals.
We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. We have appointed an Information Officer to ensure that our management of Personal Information is in accordance with this Privacy Notice, applicable policies, and the applicable legislation.
The internet is an open medium and we cannot guarantee that any information you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to prevent unauthorised access.
Your rights as a data subject
The data protection laws give you certain rights in relation to the data we hold on you. These are:
- the right to be notified. This means that we must tell you how we use your Personal Information, and this is the purpose of this Privacy Notice;
- the right of access. You have the right to access the Personal Information that we hold on you. To do so, you should make a subject access request;
- the right for any inaccuracies to be corrected. If any Personal Information that we hold about you is incomplete or inaccurate, you are able to require us to correct it;
- the right to have information deleted. If you would like us to stop processing your Personal Information, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it;
- the right to restrict the processing of the Personal Information. For example, if you believe the Personal Information, we hold is incorrect, we will stop processing it (whilst still holding it) until we have ensured that it is correct;
- the right to portability. You may transfer the Personal Information that we hold on you for your own purposes;
- the right to object to the inclusion of any information. You have the right to object to the way we use your Personal Information where we are using it for our legitimate interests;
- the right to regulate any automated decision-making and profiling of Personal Information. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your Personal Information, you also have the unrestricted right to withdraw that consent at any time subject to contractual obligations. Withdrawing your consent means that we will stop processing the Personal Information that you had previously given us consent to use. There will be no consequences for withdrawing your consent; however, in some cases, we may continue to store and use the Personal Information where so permitted by having a legitimate reason for doing so or where required by law, regulation or by any other competent authorities. We may also not be able to continue our services to you. You can read more about these rights within section 5 of POPIA.
Transfers of Personal Information outside of South Africa
Your data may be transferred to, stored at, and processed at a destination outside of South Africa by our service providers (e.g., Google Workspace and WhatsApp). By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable legislation or other relevant and appropriate laws.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any Personal Information to these websites.
Cookies are small data files that are placed on your computer (or other devices) when you visit a website. Cookies (and other similar technologies) help us give you the best experience of using our website. Cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A Cookie in no way gives us access to your computer, device or any information about you, other than the data you choose to share with us.
For information on how to delete or reject cookies, you can consult the “help” function within your browser, or visit www.allaboutcookies.org, where you will also find more information about cookies generally.
Access to Personal Information about you
You have the right to request a copy of the Personal Information we hold about you. If you would like a copy of some or all of this information you may contact us as follows:
Information officer contact details
+27 83 683 1513
Ergonomicsdirect (PTY) Ltd head office details:
Ergonomicsdirect (PTY) LTD
Unit 1, Highway Park
Gold Street, Northgate Estate
Brooklyn, Cape Town 7405
Office: +27 (0)21 426 2378
If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
Updates to the Privacy Notice
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your Personal Information. The updated Notice will be delivered to you electronically to the details we hold on file and/or published on our website and it will come into effect at the time of publication generally.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us on firstname.lastname@example.org alternatively, by using the contact details provided above.
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above.
You undertake to first make a good faith attempt to resolve same with the company. If you are not first satisfied with our response to your complaint, you have the right to then lodge a complaint with our supervisory authority, the Information Regulator. You can find details about how to do this on their website: https://www.justice.gov.za/inforeg/.
Link to our PAIA Manual – Click here to view/download.