Whereas Urban Savvy Design respects the privacy of all personal data and private information collected, processed and stored, and hereby adhere to the requirements as set out in the Protection of Personal Information Act 4 of 2013 (“POPI”) of South Africa. As such, we undertake to deal with all personal information received and processed with due care and diligence, and provide the necessary security as per the available service offerings of the Wix website builder, to safeguard all information held by us. POPI policy dictates that we report any material breach to the Regulator.
Website Privacy & POPI:
Your privacy is important to the Company. This policy explains the Company’s privacy practices and the choices you have about the way your personal information will be dealt with. a) Personal information is collected only when knowingly and voluntarily submitted.
b) Personal information is only used for the purpose for which it was collected and/or submitted. c) In addition to where you have consented to the disclosure of your personal information, personal information may be disclosed in special situations where the Company has reason to believe that doing so is necessary to identify or act against anyone damaging or interfering with our rights or property, users or anyone else that could be harmed by such activities. d) The Company may engage third parties to provide you with goods or services on our behalf and in such circumstances may disclose your personal information to such parties in order to provide such goods and services.
We use social plugins of social networks such as Facebook, YouTube, LinkedIn, Google+ and Twitter. Please note that we have no influence on or control over the extent of the data retrieved by the social networks’ interfaces and we can accordingly not be held responsible or liable for any processing or use of personal information transmitted via these social plugins. For information on the purpose and extent of the data retrieval by the social network concerned, and about the rights and settings possibilities for the protection of your private sphere, please refer to the data protection information provided by the social network in question.
a) Recognizing you when you sign-up to use our services. This allows us to provide each user or data subject with customized features and services, if applicable. b) Conducting research and diagnostics to improve the Company’s website content, products, and services. c) Preventing fraudulent activity. d) Improving security. e) Delivering content, including ads, relevant to your interests. d) Reporting.
This allows us to measure and analyse the performance of our services. You can manage browser cookies through your browser setting. The “Help” feature on most browsers will tell you how to prevent your browser from accepting new cookies; how to have the browser notify you when you receive a new cookie; how to disable cookies; and when cookies will expire. If you disable all cookies on your browser, the Company, nor any of its third parties, will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.
Information security on our website:
a) Any information that you upload on our website will be stored on a secure server and be used for limited purposes such as future communications (which you are always entitled to un-subscribe to). b) The Company will not disclose, sell, rent, or disseminate your personal information to third parties without your consent unless the Company is compelled to do so by law. The Company may do so if you have granted consent thereto.
c) While all reasonable efforts are taken to ensure that your personal information is protected as it travels over the internet, the Company cannot guarantee the absolute security of any information you exchange with us due to reasons beyond our control.
PROTECTION OF PERSONAL INFORMATION & BREACH PROTOCOL
The right to privacy is an integral human right recognized and protected in the South African Constitution and in the Protection of Personal Information Act 4 of 2013 (“POPI Act”).
The POPI Act aims to promote the protection of privacy through providing guiding principles that are intended to be applied to the processing of personal information in a context-sensitive manner. Through the provision of quality goods and services, the organization is necessarily involved in the collection, use and disclosure of certain aspects of the personal information of clients, customers, employees, and other stakeholders. A person’s right to privacy entails having control over his or her personal information, being able to conduct her or her affairs relatively free from unwanted intrusions. Given the importance of privacy, the organization is committed to effectively managing personal information in accordance with the POPI Act’s provisions.
2.1. Personal Information: personal information is any information that can be used to reveal a person’s identity. Personal Information relates to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person (such as a company), including but not limited to information concerning:
2.1.1. Race, gender, sex, pregnancy, marital status, national or ethnic origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience,
belief, culture, language and birth of person;
2.1.2. Information relating to the education or medical, financial, criminal or employment history of the person;
2.1.3. Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
2.1.4. Biometric information of the person;
2.1.5. The personal opinions, views or preferences of the person;
2.1.6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of
the original correspondence;
2.1.7. The views or opinions of another individual about the person;
2.1.8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.1.9. Some other sensitive or special categories of personal information, including biometric information mentioned above, such as images, fingerprints and voiceprints.
2.2. Data Subject: this refers to the natural or juristic person to whom personal information relates, such as an individual client, customer or a company that supplies the organization with products or other goods.
2.3. Responsible Party: the responsible party is the entity that needs the personal information for a particular reason and determines the purpose of and means for
processing the personal information. In this case, the organization is the responsible party.
2.6. Processing: the act of processing information includes any activity or any set of operations, whether by automatic means, concerning personal information and includes:
2.6.1. The collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.6.2. Dissemination by means of transmission, distribution or making available in any other form; or
2.6.3. Merging, linking, as well as any restriction, degradation, erasure or destruction of information.
2.7. Record: means any recorded information, regardless of form or medium, including:
2.7.1. Writing on any material;
2.7.2. Information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored
2.7.3. Label, marking or other writing which identifies or describes anything of which it forms part, or to which it is attached by any means;
2.7.4. Book, map, plan, graph or drawing;
2.7.5. Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced.
2.8. Filing System: means any structed set of personal information, whether centralized, decentralized or dispersed on a functional or geographical basis, which is accessible according to specific criteria.
2.9. Unique Identifier: means any Identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of the responsible party and that uniquely identifies that data subject in relation to that responsible party.
2.10. De-Identify: means to delete any information that identifies a data subject, or which can be used by a reasonably foreseeable method to identify, or when linked to other information, that identifies the data subject.
2.11. Re-Identity: means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
2.12. Direct Marketing: means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of:
2.12.1. Promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
2.12.2. Requesting the data subject to make a donation of any kind for any reason.
2.14. Subscriber: Individual that subscribes to the services offered by Urban Savvy Design
3.1. The purpose of this policy is to protect the organization from the compliance risks associated with the POPI Act which includes:
3.1.1. Breaches of confidentiality. For instance, the organization could suffer loss in revenue where it is found that the personal information of data subjects has been
shared or disclosed inappropriately.
3.1.2. Failing to offer choice. For instance, all data subjects should be free to choose how and for what purpose the organization uses information relating to them.
3.1.3. Reputational damage. For instance, the organization could suffer a decline in value following an adverse event such as a computer hacker deleting
the personal information held by an organization.
3.2. This policy demonstrates the organization’s commitment to protecting the privacy rights of data subjects.
4.1. This policy and its guiding principles apply to:
4.1.1. The organization’s governing body;
4.1.2. All branches, business units and divisions of the organization;
4.1.3. All employees and volunteers;
4.1.4. All contractors, suppliers and other persons acting on behalf of the organization.
4.2. The policy’s guiding principles find application in all situations and must be read in conjunction with the POPI Act, as well as any other applicable documentation (PAIA Manual).
4.3. The legal duty to comply with the POPI Act is activated in any situation where there is: a processing of personal information entered into a record by or for a responsible party who is domiciled in South Africa.
4.4. The POPI Act does not apply in situations where the processing of personal information:
4.4.1. Is concluded in the course of purely personal or household activities; or
4.4.2. Where the personal information has been de-identified.
RIGHTS OF DATA SUBJECTS
Where appropriate, the organization will ensure that its clients and customers are made aware of the rights conferred upon them as data subjects. The organization will ensure that it gives effect to the following rights:
5.1. The right to access of personal information
5.1.1. The organization recognizes that a data subject has the right to establish whether the organization holds personal information related to him, her or “it”, including the right to request access to that personal information.
5.2. The Right to have Personal Information Corrected or Deleted
5.2.1. The data subject has the right to request, where necessary, that his, her or its personal information must be corrected or deleted
5.3. The Right to Object to the Processing of Personal Information
5.4. The Right to Object to Direct Marketing
5.4.1. The data subject has the right to object to the processing of his, her or its personal
information for purposes of direct marketing by means of unsolicited electronic communications.
5.5. The Right to Complain to the Information Regulator
5.6. The Right to be Informed
5.6.1. The data subject has the right to be notified that his, her or its personal information is being collected by the organisation. The data subject also has the right to be notified in any situation where the organization has reasonable grounds to believe that the personal information of the data subject has been accessed or acquired by an unauthorized person.
GENERAL GUIDING PRINCIPLES
All employees and persons acting on behalf of the organization (all affiliates and third-parties acting for and on behalf of the Company) will at all times be subject to, and act in accordance with, the following guiding principles:
Failing to comply with the POPI Act could potentially damage the organisation’s reputation.
6.2. Processing Limitation
The organisation will ensure that personal information under its control is processed:
in a fair, lawful and non-excessive manner; only with the informed consent of the data subject; and only for a specifically defined purpose.
6.3. Purpose Specification
All the organisation’s business units and operations must be informed by the principle of transparency. The organisation will process personal information only for specific, explicitly defined and legitimate reasons. The organisation will inform data subjects of these reasons prior to collecting or recording the data subject’s personal information.
6.3.1. Information we collect automatically through the use of technology
When you visit our website, use our mobile app, read our emails or otherwise engage with us, we and our business partners may automatically collect certain information about your computer or device through a variety of tracking technologies, including cookies, web beacons, log files, embedded scripts, location-identifying technologies, or other tracking/recording tools (collectively, “tracking technologies”), and we may combine this information with other personal information we collect about you. We use these tracking technologies to collect usage and device information, such as:
Information about how you access the Service, for example, referral/exit pages, how frequently you access the Service, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service.
Information about how you use the Service, for example, the features you use, the links you click, the ads you view and click on, purchase transaction information, your location when you access or interact with our Service, and other similar actions.
Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, platform type, phone number, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, for example, a UDID, IDFA, Google Ad ID, Windows Advertising ID or other persistent device identifier or Ad ID), battery life, and other such information.
6.3.2. What we do with the information we collect automatically through the use of technology
The information submitted, such as your name and surname, contact details and whether you have subscribed to the use of the Website or App, will go through third-parties (independent contractors) namely Wix and Mailchimp to administering welcome mails, operational mails and SMS services.
6.3.3. We may receive information about you in alternative ways, including but not limited to:
When you contact us directly, either via our website, web chat service, by email, telephone or via social media, whether to apply for one of our products or services or to make an enquiry or other request;
From our network of collaborators; our carefully selected business partners who provide products
From third parties, such as credit bureaus, when we do credit checks or decide whether to enter into an agreement with you; or
Occasionally from other third parties who may lawfully pass your information on to us.
6.6. Information Quality
The organisation will take reasonable steps to ensure that all personal information collected is complete, accurate and not misleading. The more important it is that the personal information be accurate
6.6. Open Communication
The organisation will take reasonable steps to ensure that data subjects are notified (are at all times aware) that their personal information is being collected including the purpose for which it is being collected and processed. The organisation will ensure that it establishes and maintains a “contact us” facility, for instance via its website to Enquire whether the organisation holds related personal information; Request access to related personal information;
Request the organisation to update or correct related personal information; or
Make a complaint concerning the processing of personal information.
PERSONAL DATA BREACH PROTOCOL
12.1. For the purposes of this section, a personal data breach is any attempt at, or occurrence of, unauthorized acquisition, exposure, disclosure, use, modification or
destruction of personal and/or sensitive data as described in this policy. The breach protocol is meant to address security incidents involving any and all personal data held, collected, processed and/or stored by the Organisation, including personal data under the control or responsibility of an affiliated business or third party.
12.2. The Organisation shall ensure that, inter alia, all personal data breaches are reported to the Regulator, investigated and contained within the Organisation or by the Organisation and in terms of this policy.
CAN THIS PRIVACY STATEMENT BE AMENDED?
We may amend this Statement from time to time for any of the following reasons:
14.1. to provide for the introduction of new systems, methods of operation, services, products, property offerings or facilities;
14.2. to reflect an actual or expected change in market conditions
14.3. to comply with changes to any Applicable Laws;
14.4. to ensure that this Statement is clearer and more favourable to you;
14.5. to rectify any mistake that might be discovered from time to time; and/or
14.6. for any other reason which Urban Savvy Design, in its sole discretion, may deem reasonable or necessary.
14.7. Any such amendment will come into effect and become part of any agreement you have with Urban Savvy Design when notice is given to you of the change by publication on our website. It is your responsibility to check the website often.