FREI – PRIVACY POLICY
Your data privacy is of the highest importance to FREI. Please see our privacy policy below.
- INTRODUCTION
- FREI ONE DIGITAL (PTY) LTD (“FREI”) is registered and operates in the Republic of South Africa. FREI is fully compliant with the Protection of Personal Information Act No. 4 of 2013 (“POPIA”) and acts as both a responsible party and an operator on behalf of data subjects that FREI performs processing for. FREI is committed to compliance with all relevant South African laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information FREI collects and processes in accordance with POPIA.
- This Data Privacy Policy Notice is intended to provide transparency and clarity to data subjects about what happens with their personal data.
- POPIA applies to the processing of personal data wholly or partly by automated means (i.e. by computer) and to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.
- POPIA applies to the processing of all personal information for a responsible party where the responsible party is domiciled in the Republic of South Africa or not domiciled in South Africa, but makes use of automated or non-automated means in South Africa, unless those means are used only to forward personal information through South Africa. FREI qualifies under all these categories. FREI qualifies in some instances as a responsible party and in some instances as an operator.
- WHICH PERSONAL DATA ARE COLLECTED AND PROCESSED
- FREI endorses and adheres to the POPIA principal of ‘minimality’ whereby FREI only collects, processes or stores the minimum amount of data that it requires to provide the requested service.
- Different data is required at different points of the service provided by FREI and is not all collected at the same time.
- Depending on the service provided, this can include any or all the following data:
- name;
- email address;
- contact telephone number;
- physical address;
- passport or national ID;
- Photo
- In certain cases FREI may require additional information for either the service provided or any other legitimate reason. In these instances FREI will always seek consent from the data subject, together with an explanation of why the additional information is necessary.
- LEGAL BASIS FOR OBTAINING OR REQUESTING PERSONAL INFORMATION
- FREI requests personal information in its capacity as a responsible party and obtains personal information from responsible parties for processing purposes in its capacity as an operator.
- The legal basis for collecting personal information is primarily as follows:
- based on consent received from a data subject and on a legitimate business need to provide the data subject with the service requested;
- where FREI is under legal obligation to collect personal information;
- in order to protect the legitimate interests of the data subject;
- where processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
- where processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
- PURPOSE FOR WHICH WE COLLECT PERSONAL INFORMATION
- FREI is a responsible party and operator under POPIA.
- FREI uses personal information in a number of different ways, including but not limited to:
- providing the services requested by the data subject;
- providing the data subject or the responsible party with customer support inquiries;
- providing data subjects with information on products;
- for analyses of information to establish user trends and needs;
- to communicate with the data subject on changes to services, policies, terms and conditions or other important information.
- SECURITY & QUALITY OF PERSONAL DATA
- FREI protects and secures all data in line with PCI-DSS compliance.
- FREI aims at the highest standards of quality data processing, in line with best practice based on PCI-DSS Compliance.
- FREI records all personal information in line with its data protection impact assessment and data inventory policies. These policies are reviewed and updated at least annually.
- Where personal data is compromised and the breach is likely to result in a high risk to the rights and freedoms of natural persons, FREI shall communicate the personal data breach to the data subject without undue delay, and as clearly and simply put as possible. Where FREI has reasonable doubts concerning the identity of the natural person making a request, FREI may request the provision of additional information necessary to confirm the identity of the data subject.
- DATA SUBJECT RIGHTS
- In accordance with POPIA, data subjects are provided with the following rights by FREI:
- Right to be notified that personal information about him, her or it is being collected or his, her or its personal information has been accessed or acquired by an unauthorised person;
- Right to request access to his, her or its personal information and to establish whether a responsible party holds personal information of that data subject;
- Right to request the correction, destruction or deletion of his, her or its personal information;
- Right to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information; as well as to object at any time to the processing of personal information for purposes of direct marketing;
- Right not to be subject to a decision based solely on the basis of the automated processing of his, her or its personal information intended to provide a profile of such person;
- Right to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator; and
- Right to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information.
- In accordance with POPIA, data subjects are provided with the following rights by FREI:
- RETENTION OF PERSONAL AND OTHER DATA
- FREI retains personal and processing data in line with PCI-DSS standards.
- All data that is required to be retained for compliance, legal, archiving, client support or ongoing processing is retained for only as long as is absolutely required and in line with PCI-DSS compliance, where after it is erased and disposed of.
- CONSENT
- By the Data Subject providing consent, and being advised about this privacy policy, they are giving FREI permission to process personal data specifically for the purpose of the requested service.
- Consent is required by FREI to proceed with the requested service and will be explicitly requested and given.
- GENERAL INFORMATION
- FREI has appointed a board approved Data Protection Officer (acting in the same capacity as an Information Officer required under POPIA) to ensure the enforcement and compliance with POPIA. Any requests, complaints or communications by staff, third parties, service provides, data subject, controllers, processors or the data security authority should be directed to the following email: dataprotection@frei.one.
- FREI as a responsible party and operator, its staff, third parties and service providers are all subject to the appropriate policies, under the control of the Data Protection Officer.
- FREI will never sell, share or obtain personal information for any purpose whatsoever, unless it receives the data subject’s consent, and that the recipient is POPIA compliant and has the appropriate security facilities in place.
- COMPLAINTS PROCEDURE
- Scope
- This procedure addresses complaints from data subject(s) related to the processing of their personal data, FREI’s handling of requests from data subjects, and appeals from data subjects on how complaints have been handled.
- Responsibilities
- All Employees/Staff are responsible for ensuring any complaints made in relation to the scope of this procedure are reported to the Data Protection Officer.
- Data Protection Officer is responsible for dealing with all complaints in line with this procedure.
- Procedure
- FREI has the contact details of its Data Protection Officer published on its website, clearly under the ‘Contact us’ section.
- FREI has clear guidelines on this page and that enables the data subject to lodge a complaint.
- FREI clearly provides data subject(s) with this FREI POPIA Data Privacy Policy by publishing it on its website.
- Data subjects are able to complain to FREI about:
- how their personal data has been processed;
- how their request for access to data has been handled;
- how their complaint has been handled; and
- appeal against any decision made following a complaint.
- Data subject(s) lodging a complaint with FREI’s Data Protection Officer are able to do so by contact form published on the company website, and/or via email direct to the Data Protection Officer as published on the company website.
- Complaints received via the website contact form are directed to the Data Protection Officer for resolution.
- Complaints are to be resolved within one month.
- Appeals on the handling of complaints are to be resolved within one month.
- If FREI fails to act on a data subject’s access request within one month, or refuses the request, it sets out in clear and plain language the reasons it took no action/refusal. FREI will also inform the data subject(s) of their right to complain directly to the supervisory authority. In doing so, FREI provides the data subject(s) with the contact details of the supervisory authority and informs them of their right to seek judicial remedy.
- Scope