PRIVACY POLICY AND PROTECTION OF PERSONAL INFORMATION (POPIA) POLICY AND USER AGREEMENT

1. THE PROTECTION OF PERSONAL INFORMATION ACT

The Protection of Personal Information (POPI) Act, 4 of 2013, requires us to inform our clients on how we use, disclose and destroy personal Information we obtained. We are committed to protecting our client’s privacy and will ensure that your personal information is used appropriately, transparently, securely and according to applicable legislation. This document serves the purpose of informing our clients about our Privacy Policy and also constitutes an Agreement between our Company and our clients. Please read this document carefully before making use of our services / ordering or buying our products and / or using our website and / or Applications.

2. CONSENT TO USE INFORMATION

By using our services / products and interacting with us on our website, e-commerce or via email, telephone or otherwise, you consent:

2.1 That your personal information may be collected, processed, recorded, used and must be safeguarded during the rendering of services / products to you by our Company.

2.2 Personal information may include, but is not limited to:

2.2.1 Your contact information, such as first name, last name, e-mail address, job title and company name, as well as other information that could be on your business card (such as your company address and phone number), records of the services / products purchased or any other requests;

2.2.2 When you use our website(s) or applications: We collect Internet or other electronic network activity information, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website. We may also rely on analytics, i.e. cookies;

2.2.3 Usage information, Log Information, Information collected by cookies and other similar technologies such as pixel tags, web beacons, clear GIF’s;

2.2.4 Customer Feedback – you may be asked for Customer feedback.

2.3 The Company may also add to your personal information, information received from other service providers and third parties in order to offer a more comprehensive and appropriate service to you.

2.4 The Company may verify, share and disclose your personal information to their product providers and third parties whose services or products they use in order to adequately and appropriately render services / products to you.

2.5 The Company may also collect and process your personal information for the Company’s own marketing purposes to ensure their products and services remain applicable and appropriate.

2.6 By using the services / visiting the site / buying the products of the Company, you accept that the Company may communicate with you electronically or otherwise. All records that you send to the Company may be stored electronically and with third parties.

3. USE OF INFORMATION

Our clients acknowledge that the Company may use your information inter alia for the following purposes:

3.1 Deliver our products and services to you;

3.2 Send you some privacy and/or security content that we make available on our website and that you requested;

3.3 To communicate with you and/or obtain your instructions or order and/or arrange for a delivery;

3.4 We also use it to support our marketing efforts, including contacting you to provide additional information on our products and services;

3.5 Set up a user account;

3.6 Provide, operate and maintain the services and products we offer;

3.7 Process and complete transactions, and send related information, including transaction confirmations and invoices;

3.8 Manage our customer’s use of the products and services, respond to enquiries and comments, and provide customer service and support;

3.9 Investigate and prevent fraudulent activities, unauthorized access to our products / services and other illegal activities;

3.10 To administer our website, our purchases and internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;

3.11 To improve our website to ensure that content is presented in the most effective manner for you and your computer;

3.12 For trend monitoring, marketing and advertising;

3.13 As part of our efforts to keep our Website and data secure;

3.14 Any other purpose for which we may inform you about.

4. DISCLOSURE TO THIRD PARTIES

You understand that your information can be disclosed to third parties:

4.1 We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g. Google Analytics), product feedback or help desk software providers, email service providers and others.

4.2 We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of our Company, our employees, our users, or others.

4.3 Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements, based on our legitimate interest or legal obligations.

4.4 Due to the presence of our business activities in other countries, we may transfer Personal Information to parties located in other countries that have a different data protection regime than is found in the country that you are based. We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities.

5. FOR HOW LONG DO WE STORE YOUR PERSONAL INFORMATION

5.1 We store your personal information for different periods of time, depen ding on the category of personal information.

5.2 Some information might be deleted automatically based on specific schedules, such as marketing information. Other data, for example account information, might be retained for longer period of time based on the contract you have with us.

5.3 Finally, we might further retain information for business practices based on our legitimate interest or legal purposes, such as network improvement, fraud prevention, record-keeping or enforcing our legal rights.

6. SECURITY AND CERTIFICATIONS

6.1 We use appropriate technical, organisational, and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction. These include:

6.1.1 Keeping our systems secure;

6.1.2 Storing our records securely;

6.1.3 Controlling the access to our buildings, system and/or records; and

6.1.4 Safely destroying or deleting records.

6.2 Unfortunately, no company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Among other practices, your account is protected by a password for your privacy and security.

6.3 You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

7. PHISING AND SPOOFING

7.1 If you receive an unsolicited e-mail that appears to be from the Company and that requests you to provide personal information (such as your credit card number, username, or password), or that asks you to verify or confirm your information by clicking on a link, it is most likely that the e-mail was sent by a “phisher” or “spoofer.”

7.2 The Company will never ask for this type of information in an e-mail, and we strongly recommend that you do not respond to these e-mails and that you do not click on the link. Responding to “phishing” places you and your personal information at risk. The Company cannot be responsible for any consequences resulting from your response to any email sent by a “phisher” or a “spoofer”.

8. YOUR PRIVACY RIGHTS

8.1 YOUR CHOICE

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

8.2 COOKIES

You can accept or reject cookies for our Websites through our Cookie Preference Centre, accessible by clicking the “cookie settings” button in the applicable Website Cookie Notice. You can also do so by adjusting your web browser controls.

8.3 MARKETING COMMUNICATIONS

8.3.1 You can opt-out of receiving certain promotional or marketing communications from us at any time, by using the unsubscribe link in the emails communications we send, or fill out our Web Form or request it from our Company Information Officer.

8.3.2 If you have any account for our Services, we will still send you non-promotional communications, like service-related emails.

9. ACCESS TO- AND UPDATING OF RECORDS

Furthermore, you understand that:

9.1 You have the right to access your personal information which the Company holds, once your account is paid up to date and that it can take up to 30 days to process your request.

9.2 Any information you supplied to the Company is voluntary.

9.3 You have the right to ask the Company to update, correct or delete your personal information on reasonable grounds. You have to apply in writing to the Company for this purpose.

9.4 If you have the need to access or update my records, you need to complete the “Access Request Form” or “Update my Records Form” to be provided on the Website and or on request to the Company.

9.5 To facilitate the processing of your request, kindly:

9.5.1 Use the prescribed Form;

9.5.2 Address your request to our Company at the email address provided in this document;

9.5.3 Provide sufficient details to enable the Company which records are requested, the requestor, postal address, email address, the form of access required, the right which the requestor is seeking to exercise or protect with an explanation of the reason the record is required to exercise or protect the right.

10. OBJECT TO USING MY INFORMATION

10.1 Once you object to the Company processing my personal information, the Company may no longer process your information, unless it is within reasonable parameters such as to conclude a transaction or outstanding business.

10.2 Should you wish to withdraw your consent to process your personal information, you must do so I writing, addressed to the Company’s Information Officer.

10.3 Once you withdraw your consent for the Company to process your personal information, you understand that the Company is still obliged under legislation to keep such information for at least 5 years after termination of the relationship between the Company and yourself and/or that the Company may retain your records for their protection, as long as the Company remains in business.

10.4 The Company may disclose your information where they have a duty or a right to do so in terms of applicable legislation or where it may be necessary under any other law.

10.5 Should your account not be settled within 30 (thirty) days after services / products were rendered to you, the Company will provide relevant personal information to its attorneys or debt collectors for purposes of debt collection.

10.6 The Company may record and store audio and/or video footage of consultations between the Company and the client, for quality and note-taking purposes.

10.7 That where you did not give written permission / consent for the Company to obtain your information, that the Company cannot be held responsible for obtaining such information.

10.8 That if you refuse to provide your Personal Information, where the Company’s purpose for such collection is based on a contractual requirement, legal obligation and/or legitimate interest of the Company, it would hinder the Company’s ability to perform its duties and responsibilities. Where reasonable justification exist the Company may as a consequence reserve its right to refuse to provide its products / services to you.

11. INDEMNITY

You agree to fully indemnify the Company, its directors and employees against any claim, loss or damages which you may incur or suffer as a result of your use of the Products, Services and /or Website and / or Electronic Platform.

12. APPLICABLE LAW

By accessing and using the Site, you agree that the laws of the Republic of South Africa will govern this user agreement, and you consent to the jurisdiction of the South African courts in respect of any dispute which may arise from this user agreement.

13. CHANGES TO POLICY

We’re constantly trying to improve our Websites and Services and Products, so we may need to change this Privacy Notice from time to time as well. We will alert you to material changes by, for example, placing a notice on our Websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. You can see when this Privacy Notice was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Notice.

14. PAIA – PROMOTION OF ACCESSS TO INFORMATION ACT

14.1 BACKGROUND

The Promotion of Access to Information Act, 2 of 2000 gives effect to your right of access to information that is required for the exercise or protection of any rights.

14.2 OBLIGATION

Where a request is made in terms of the Act for information, our Company is obliged to release the information, subject to applicable legislative and/or regulatory or common law requirements, except where the Act expressly provides that the information may or may not be released. The Act sets out the relevant procedure to be adopted when requesting information from a public or private body.

14.3 AVAILABILITY OF RECORDS

14.3.1 The following records are automatically available to all employees and need not be requested in accordance with the Procedure:

14.3.1.1 Personnel records, records of disciplinary hearings and related matters are available to the Employee whose file it is;

14.3.1.2 The Company’s policies and procedures manual;

14.3.1.3 The Company’s document format manual.

14.3.2 The following records are automatically available to the general public and all employees and need not be requested in accordance with the procedure:

The Company’s Employment Equity and / or Skills Development Plan if applicable.

14.3.3 The following records are not automatically available without a request in terms of the Act –

14.3.3.1 VAT;

14.3.3.2 Workmen’s Compensations;

14.3.3.3 UIF;

14.3.3.4 Regional Services levies;

14.3.3.5 Skills development Levies

14.3.3.6 Documents concerning compliance by the Company, insofar as it may be necessary.

14.3.4 The following records are not automatically available without a request in terms of the Act. A request in terms of this section is subject to Section 63(1) of the PAIA Act, which provides that the head of a company must refuse a request for access to a record of the company if the disclosure of the record would involve the unreasonable disclosure of personal information about a third party including a deceased individual:

14.3.4.1 Human Resources Department for example Personnel Records provided by Personnel, Records provided by third parties relating to Personnel, Contractual Records, Internal Evaluation records, Training Schedules and Material;

14.3.4.2 Customer Related records, records provided by a customer to a third party acting for or on behalf of the Company, Records provided by a Third party, transactional records;

14.3.4.3 Project Management, Operational Records, Databases;

14.3.4.4 Information Technology;

14.3.4.5 Catering;

14.3.4.6 Company secretarial records;

14.3.4.7 Finance / Accounts Department;

14.3.4.8 Marketing Department;

14.3.4.9 Support services, suppliers, etc;

14.3.4.10 Records held by the Company pertaining to other parties, including, without limitation, financial records, correspondence, contractual records, records provided by the other party, and records that third parties have provided about the contractors / suppliers.

14.4 ACCESIBILITY

Note that the accessibility of the records may be subject to the grounds of refusal set out in this manual. Amongst others, records deemed confidential on the part of a third party, will necessitate permission from the third party concerned, in addition to normal requirements, before the Company will consider access.

14.5 REQUEST PROCEDURE

14.5.1 The requester must comply with all the procedural requirements contained in the Act relating to the request for access to a record.

14.5.2 The requester must complete the prescribed form and submit same as well as payment of a request fee and a deposit (if applicable) to the Information Officer at the postal, physical or email address as provided herein.

14.5.3 The requester must state that he / she requires the information in order to exercise or protect a right, and clearly state what the nature of the right is. The requester must clearly specify why the record is necessary to protect or exercise such a right.

14.5.4 The Company will process the request, provided all information is provided and fees paid, within 30 (Thirty) days from the date that all information is received on the request and inform the Requester of the outcome of its decision in writing.

14.6 GROUNDS OF REFUSAL

The Company may refuse a request for Information on the following grounds:

14.6.1 mandatory protection of the privacy of a third party as included in the PAIA Act;

14.6.2 mandatory protection of personal information and for disclosure of any person information to, in addition to any other legislative, regulatory or contractual agreements, comply with the provisions of the PAIA Act;

14.6.3 mandatory protection of the commercial information of a third party, if the record contains:

14.6.3.1 trade secrets of the third party;

14.6.3.2 financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party;

14.6.3.3 information disclosed in confidence by a third party to the Company;

14.6.4 mandatory protection of confidential information of third parties if it is protected in terms of any agreement;

14.6.5 mandatory protection of the safety of individuals and the protection of property;

14.6.6 mandatory protection of records which would be regarded as privileged in legal proceedings;

14.6.7 The commercial activities of the Company;

14.6.8 All requests for information will be assessed on their own merits and in accordance with the applicable principles and legislation.

14.6.9 If a requested record cannot be found or if the record does not exist, the Information Officer shall, by way of an Affidavit or Affirmation, notify the requester that it is not possible to give access to the requested record. Such a notice will be regarded as a decision to refuse a request for access to the record concerned for the purposes of the Act. If the records should later be found, the requester shall be given access to the record in the manner stipulated by the requester in the prescribed form, unless the Information Officer refuses access to such record.

14.7 APPEAL PROCEDURE

The Company does not have an internal appeal procedure regarding PAIA and POP Act requests. As such, the decision made by the duly authorised person(s), is final. If a request is denied, the requestor is entitled to apply to Court with appropriate jurisdiction, or the Information Regulator, for relief.

14.8 EXTERNAL REMEDIES

A requestor may lodge an application with a court against the tender / payment of the request fee and/or deposit.

14.9 PRESCRIBED FEES

The following applies to requests (other than personal requests);

14.9.1 A requestor is required to pay the prescribed fees (R50) before a request will be processed;

14.9.2 If the preparation of the record requested requires more than the prescribed hours (6), a deposit shall be paid (of not more than one third of the access fee which would be payable if the request were granted).

14.9.3 The Full list of prescribed fees can be obtained from our website or from our Company.

15. CONTACT INFORMATION

15.1 THE COMPANY:

Email address: info@halewood.co.za

Telephone: 011 746 4200

15.2 THE INFORMATION REGULATOR:

Information Regulator (South Africa)

Website: justice.gov.za/inforeg

Email: Inforeg@justice.gov.za

Address: P O BOX 31533, Braamfontein, Johannesburg, 2017

Complaints: complaints.IR@justice.gov.za

NOTE: If you have questions, requests or concerns regarding your privacy and rights, please let us know how we can help.