Date: 1 July 2021
|This Privacy Notice applies to:
- WHAT IS THIS NOTICE FOR?
We know that you care about your personal information and how it is used, and we want you to trust that the MCC uses your personal information carefully. Protection of personal information by MCC is part of our overall protection of you as a member, service provider or other person interacting with MCC.
This Privacy Notice will help you understand what personal information MCC collects, why we collect it and what we do with it.
- IF YOU HAVE QUESTIONS
If you have any questions about how your personal information is treated, please send these to the relevant Information Officer whose details are below.
- DETAILS OF THE INFORMATION OFFICER
EMPLOYEE BENEFITS NETWORK (PTY) LIMITED – Mrs. Marinda Muller
Street address: Lot 18 Wingate Avenue, Margate
Postal address: 4275
- MEANING OF WORDS
We have tried to keep this Privacy Notice as simple as possible, but if you’re not familiar with terms, such as personal information, processing or special personal information, then you can read about these terms first in Annexure A.
- WHY DO WE USE YOUR PERSONAL INFORMATION?
MCC uses your personal information for the following purposes:
- Mainly to provide you with our services, which are – providing golf and related facilities.
- To comply with our legal and regulatory duties.
- To comply with our contractual obligations to our members, employees and service providers.
- To direct, control and oversee the operations, administration, marketing and investments of MCC and to comply with duties set out in the relevant laws applicable to us.
- To manage requests for information and complaints related to MCC.
- WHAT SORT OF PERSONAL INFORMATION DO WE COLLECT?
We may process the following categories of Personal Information about you –
- contact details: name, surname, email address, company you are associated with, designation, contact phone / mobile number.
- consent records: records of any consents you may have given, together with the date and time, means of consent and any related information;
- employer details: where you interact with us in your capacity as an employee or official of an organisation, the name, address, telephone number and email address of your employer/entity, to the extent relevant; and
Sensitive Personal Information
MCC will, where necessary, collect, process and hold sensitive personal information.
Sensitive Personal Information is –
- Bank account numbers or details;
- Information relating to children (under 18); and
- Special Personal Information, which includes
- sensitive demographic information – such as your race or ethnicity;
- medical information – such as information about your physical or mental health;
- sexual information – such as information about your sex life or sexual orientation;
- Biometric information – such as information from any personal identification technique based on a person’s physical, physiological, or behavioural characteristics, such as their fingerprint, retina, voice, blood type, or DNA;
- criminal information or information about objectionable conduct– such as information about your commission or alleged commission of any offence or about any related legal proceedings;
- membership of a trade union; and
- beliefs – including your political or religious beliefs.
- WHO DO WE GIVE YOUR PERSONAL INFORMATION TO?
MCC does not disclose your Personal Information to any associates, agents and service providers.
We may however disclose your Personal Information –
- if required by law;
- to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- to comply with our contractual obligations;
- to third party Operators (including data processors such as providers of data hosting services and document review technology and services), located anywhere in the world, subject to the conditions set out below;*
- where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
- to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security;
- to any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganisation, dissolution or liquidation); and
*If we engage a third-party Operator to Process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We only use operators that are subject to GDPR and equivalent US legislation and whose data access points are two-factor security controlled. We continuously monitor and review our relationships with Operators we engage and, to the extent required by any applicable law, we will require such Operators to be bound by contractual obligations to –
- only Process such Personal Information in accordance with our prior written instructions; and
- use appropriate measures to protect the confidentiality and security of such Personal Information.
- WHAT DO WE RELY ON TO USE YOUR PERSONAL INFORMATION?
MCC uses your personal information to update member records, send out event notifications, comply with laws applicable to us, provide information to our auditors and for purposes ancillary to our main business.
In some instances, MCC may also rely on one of the following grounds to use your personal information:
- It’s necessary to carry out actions for a contract with the data subject
- It complies with an obligation imposed by law on MCC,
- It protects the legitimate interest of the data subject; or
- It’s necessary to pursue the legitimate interests of MCC or a third party to whom the information is supplied.
- TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE SOUTH AFRICA
MCC may transfer your personal information outside of South Africa, for example because one of our service providers uses cloud storage or processing based in other countries. However, we will always make sure that we protect your personal information as required by POPIA if your personal information leaves the country.
- SECURITY MEASURES FOR YOUR PERSONAL INFORMATION
- We implement appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
- Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorised person, we will notify the Information Regulator (as required by law) and you, unless a public body responsible for detection, prevention or investigation of offences or the Information Regulator informs us that notifying you will impede a criminal investigation.
- Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.
- HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?
- We will keep your personal information for as long as is necessary to achieve MCC’s lawful purposes. After that, we will destroy it if we are no longer authorised or required to keep it in terms of law, agreements or consent.
- DIRECT MARKETING
- We may Process your Personal Information for the purposes of providing you with information regarding events that may be of interest to you as long as we comply with the law when doing so. You may unsubscribe for free at any time.
- If you currently receive marketing information from us which you would prefer not to receive in the future, please email us at: email@example.com
- IF YOU WANT TO COMPLAIN ABOUT HOW WE HAVE USED YOUR PERSONAL INFORMATION
Please contact relevant company’s Information Officer on the details set out above.
If we cannot resolve your query or complaint, you can also complain to the Information Regulator using the following details:
Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: firstname.lastname@example.org.
You can complain to the Information Regulator about issues that are related to personal information or accessing information. If you are complaining about something else, you may need to approach a different regulator or Ombud.
- YOUR LEGAL RIGHTS – YOU HAVE A RIGHT TO ASK US FOR INFORMATION OR ASK US TO DO OTHER THINGS
You have rights to access certain information and to ask us about your Personal Information and who can access your Personal Information. You can also ask us to rectify, erase and restrict use of your Personal Information. You may also have rights to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information.
For more information about your rights to ask us for information, please contact MCC’s Information Officer.
How do you make a request under the Promotion of Access to Information Act?
You must do both of the following:
When you complete your PAIA form you must:
Note: if you do not use the prescribed form or do not complete it properly, your request may be rejected, refused (if sufficient information is not provided or otherwise) or delayed.
All PAIA requests that we receive are evaluated and carefully considered in accordance with PAIA. Sometimes we may have to refuse your request and sometimes we are required to refuse your request. For example, if we are required to protect the personal information of third parties.
In certain circumstances we may let you know that a fee is payable for accessing information.
How do you make a request under POPIA?
Requests under POPIA must be made in accordance with the provisions of PAIA – as set out above in this Notice. You have the right:
Note: please use the prescribed forms for these requests noted above, which you can get off the Information Regulator’s website: https://justice.gov.za/inforeg/. If you do not use the prescribed form or do not complete it properly, your request may be rejected, refused (if sufficient information is not provided or otherwise) or delayed. You will be notified of any applicable fees payable
Annexure A – meaning of words
Biometric information means any information from any personal identification technique based on a person’s physical, physiological, or behavioural characteristics, such as their fingerprint, retina, voice, blood type, or DNA.
Board means the group of persons appointed or elected as board members in terms of the Rules of the ICTS Group and the Pension Funds Act.
Breach means an incident of failing to protect personal information where a person gets unauthorised access to it, for example through hacking, theft or a leak. This includes a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information.
Children means a natural person younger than 18 who are legally incompetent to take legal action or make decisions about themselves without assistance from a competent person, such as their parent or guardian.
Consent means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
Data Protection Laws means PAIA and POPIA.
Data subject means the people or organisations that the personal information is about, for example the members of the ICTS Group.
Direct marketing means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:
(a) promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
(b) requesting the data subject to make a donation of any kind for any reason.
Information Regulator means the public body whose role it will be to enforce compliance with POPIA.
PAIA means the Promotion of Access to Information Act, 2 of 2000.
Pension Funds Act means the Pensions Funds Act 24 of 1956 or its successor.
Personal information means any information about a living human being or an existing company, close corporation, or other juristic person, provided that the human being or juristic person is capable of being identified. It includes both public and private information. It includes special personal information. It excludes purely statistical information and de-identified information.
POPIA means the Protection of Personal Information Act 4 of 2013.
Processing means doing almost anything with personal information, including collecting it, disclosing it, or combining it with other information.
Record means any recorded information, no matter its form or medium (including written, electronic, labelled, illustrative, or visual records) that the responsible party possesses or controls, regardless of whether the responsible party created them or when they came into existence.
Rules means the rules and amendments to the Rules of the ICTS Group, as registered by the Financial Sector Conduct Authority from time-to-time.
Sensitive personal information means specific types of personal information which are set out in POPIA and that have general and special processing grounds. Special personal information includes religious or philosophical beliefs, race or ethnicity, trade union membership or political persuasion, health or sex life, biometric information and criminal or objectionable behaviour.