Last updated: September 2022
2. Collecting your Personal Information
We collect personal information about you from the following sources:
You have no obligation to provide any of the personal information requested by us. However, if you choose not to provide us with certain personal information, we may not be able to deal with your request, and/or provide you with the products or services that depend on our ability to collect, use, disclose or process, or which require, your personal information. We also may not be able to respond to your enquiry or instructions without your personal information.
- directly from you when you provide it to us, such as when you interact with us through any of the digital platforms, enter into a contract with us for any products or services, register a warranty for one of our products, contact us for any reason, provide feedback on our products and services, enter into competitions we may run, liaise with us through our social media platforms such as LinkedIn or Facebook, or otherwise through the course of our business relationship with you;
- from your web browser when you visit our digital platforms;
- from public sources where you have made your personal information public, such as on social media or online platforms;
- from your interaction with our products and services or when you use any features or resources available on or through our digital platforms;
- from business partners such as banks, finance houses, retailers, insurers, house owners associations, etc who also have a relationship with you and who sell or promote our products; and
- from other third parties not listed above if the law allows for it and strictly for our business and compliance purposes.
3. Categories of personal information that we process
We collect various categories of personal information depending on the reason for processing. The categories may (but will not necessarily) include:
- General personal details: for individuals, we collect for example name and surname, identity or passport number; and for juristic persons, we collect registered name, registration number, address, directors’ details and VAT details.
- Special personal information: Note that we do not intentionally collect information that is classified as special personal information, including health information, religious beliefs, biometrics, excluding information on criminal behaviour which we may process for purposes of fraud prevention or related fraudulent activities, whether actual or suspected.
- Contact details: your address, contact number, email address, public social media profiles.
- User information: personal information included in correspondence between us, transaction documents, how you provide products or services to us (when you are a supplier for example) or how you use our products or services (when you are an end-user for example).
- Account details: for example, username, password (note that we cannot view this), usage data, and aggregate statistical information when you register an account on any of our digital platforms.
- Consent records: records of any consents you have given us, as well as any records of your withdrawal or refusal of consent.
- Payment details: for example, bank account details, payment method, information provided by payment gateway service providers, payment amount, date and reason for payment and related information.
- Data relating to our services and device location: for example, your device type, the operating system and browser, browser settings, IP address, dates and times of connecting to and using the website and other technical communications information, including cookies and other technologies and geolocation of the device used.
- Content and advertising data: records of your interactions with our online advertising on the various channels which we advertise and records relating to content displayed on webpages displayed to you.
- Views and opinions: any views and opinions that you choose to share with us, or publicly post on social media platforms or elsewhere.
- Children’s Personal Information: Although our services are not aimed at persons under the age of 18, a person under the age of 18 may use our application. We do not intend collecting personal information of the user under the age of 18, but where we collect personal information of any person that qualifies as a child in terms of POPI, it will be with the consent of a parent or guardian. A guardian or parent may only share information of a child with us on the basis of consent to processing.
4. Purposes of processing personal information
We only process limited and relevant personal information for the following purposes and legal bases:
- for any purpose of our agreement with you, including for example installation, delivery and payment of products and services, product training, registering warranties, claims, customer services, queries, complaints and the like;
- for purposes of loyalty programmes, promotional competitions or any other promotions or programmes we may offer in which you choose to participate;
- for purposes of our relationship with business partners such as insurers, retailers or home owners associations who sell or promote our products in instances where you are a dual client or interested party in the products or services offered by us and these third parties. This may for example include sharing information on your use of the products of service or sharing information for warranty purposes;
- to operate and manage your application, account or relationship with us, including through our digital platforms and to monitor all your use of the digital platforms (including if you access it through social media platform sign-ins), and use of our products and services;
- to deal with any instruction, request, enquiry or communication from you;
- to share or disclose your information with third parties as set out in this policy and for any reason relating to our purposes of processing. Note that this may also include your suggestions, comments, feedback or any content that you provide through social media sites or our digital platforms. If you prefer to give feedback without it being disclosed to the public, please separately email us at email@example.com and head the subject of your email with the word “Confidential”;
- to monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes;
- to contact you by email, SMS, newsletter, push notifications, other forms of in-app notifications or harnessing other technologies (such as geo-location technology), through social media interaction or any other means to inform you about our products or services which we believe you may be interested in, unless you opt out from marketing;
- as part of our service, to inform you about approved third party suppliers that may assist you with a required service related to our products;
- to form a view of you as an individual/juristic person and to identify, develop or improve our digital platforms or product and service offerings;
- to carry out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us or our affiliates/associated companies, the requirements or guidelines of governmental authorities which we determine are applicable to us or our affiliates/associated companies, and/or our risk management procedures that may be required by law or that may have been put in place by us or our affiliates/associated companies;
- to carry out market research and surveys, business and statistical analysis and necessary audits;
- for purposes of suspected or actual fraud and prevention thereof;
- to perform other administrative and operational tasks like testing our processes, system, digital channels and security measures and reporting purposes;
- to comply with our regulatory, legal or other requirements or obligations, including disclosure of information in any legal proceedings, investigations or other relevant proceedings;
- to store, host and back up (whether for disaster recovery or otherwise) information, expressly including cloud storage, whether within or outside South Africa;
- for purposes of a business asset transaction or a potential business asset transaction, where such transaction involves PowerOptimal as a participant or involves only a related corporation or affiliated company of PowerOptimal as a participant or involves PowerOptimal and/or any one or more of PowerOptimal’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation; and
- we may also use your personal information for other purposes if the law allows for it, you consent to it, or if it is in the public interest to do so. All purposes for the processing of your personal information will be legal in terms of POPI.
5. Direct marketing
If you are a client or user of our products or services, we may contact you to provide information about our products or services. If you are not a client or user, we will only send you electronic direct marketing communications with consent. You may unsubscribe from any direct marketing at any time if you click on the unsubscribe link included in the communication or if you contact us at firstname.lastname@example.org and request to unsubscribe. We will not send you any direct marketing if you unsubscribe but may still contact you for purposes of the agreement between us as part of our business relationship with you. We will not sell your personal information or provide it to third parties for their marketing purposes.
6. Disclosure of Personal Information to third parties
We will keep your personal information confidential and only share it with others in terms of this policy, if you consent to it, or if the law allows or requires us to share it. We may share your personal information if required for any of the purposes of processing as set out in clause 4 above and will typically share or disclose your personal information to:
If we engage third parties to process your personal information for us, these processors will be appointed in terms of a written agreement which will in effect require them to only process personal information in compliance with POPI and to use appropriate measures to ensure the confidentiality and security of it and comply with any other requirements set out in the agreement and required by POPI. We may share anonymised information with third parties. For the further avoidance of doubt, POPI does not apply to anonymised data.
- our business partners who we have retained to assist us in providing services to you including delivery, installation, maintenance and repair;
- other partners such as banks, finance houses, retailers, property developers, insurers and property managers for purposes of our business relationship with them and their relationship with you;
- any person who ordered our products or services for your benefit (if you are not the one who ordered it);
- third party processors to provide services to us such as marketing services, research and development services, data storage providers, third party payment processors, software licensors or partners etc. in accordance with written agreements with those third parties;
- legal and regulatory authorities, upon their request, or for the purposes of reporting as prescribed or for purposes of any breach of legislation;
- accountants, auditors, lawyers and other external professional advisors;
- any relevant party to the extent necessary for the establishment, exercise or defence of legal rights, criminal offences, threats to public security, etc.;
- any relevant third party in the event that we plan to or sell or transfer all or any portion of our business or assets; and
- any relevant third party provider where we use third party advertising, plugins or content in our services.
7. Third party personal information provided by you
You may only provide personal information of a third party to us, if you have received consent from the third party or if the law otherwise allows the sharing of the information for any of the purposes set out in clause 4. We will process all personal information received in accordance with this policy and you must inform the third party accordingly. You must ensure that you only share correct and updated personal information with us and inform us if the information becomes outdated.
8. International transfers of personal information
Due to the nature of the products and services and our business purposes, we may from time to time need to transfer personal information to and from recipients in different countries and if we do, we will always do so in compliance with POPI. This expressly includes for purposes of cloud-storage. We will only transfer personal information to third parties in countries with adequate data protection laws or transfer it in terms of a written agreement with the recipient which imposes data protection requirements as required by POPI. Please note that when you transfer any personal information directly to a third party in another country, we are not responsible for that transfer and such transfer is not based on or protected by this policy.
We have implemented appropriate technical and organisational security measures in accordance with POPI, designed to protect personal information against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing. These for example include that all personal information provided to us through our websites is protected using Secure Sockets Layer protocols; we store information on cloud servers and use all reasonable endeavours to ensure that this is done securely; and any information stored in documents or on PowerOptimal systems is protected from unauthorised access by the use of a number of security procedures including user passwords. The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect personal information, we cannot guarantee the security of your personal information that you transfer to us using the internet and you use the internet at your own risk.
10. Your legal rights
You have the following rights in relation to your personal information, but note that they are not absolute and may be limited under POPI. This means we may not be able to honour your requests in all instances, but if the law allows or requires us to do so, we will:
Where you have provided consent for us to process your personal information, you may also withdraw your consent. Note however, we may continue to process your personal information if another legal justification exists for the processing despite the fact that you have withdrawn your consent. You can send any request or comment in respect of your privacy rights or this policy to email@example.com
- right of access: you have the right to be informed of and you may request a copy of the personal information records that we hold;
- right to rectification: you may request that we amend or update your personal information if our records are inaccurate or incomplete;
- right to erasure: you may request that we delete your personal information;
- right to restrict processing: you may request that we temporarily or permanently stop processing your personal information;
- right to object: you may object to us processing your personal information, including to object against processing for direct marketing purposes (in which case we will stop marketing); and
- right not to be subject to automated decision-making: where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your personal information not be processed in that manner.
12. Links on our website
Our digital platforms may include links to other apps or third party websites which do not fall under our supervision. We do not accept any responsibility for your privacy if you use these links or for the content of these sites or apps. We display these links to make it easier for you to find information about specific subjects. If you use or rely on these links, it is at your own risk.
13. Children’s and special personal information
We do not intentionally collect or use children’s personal information without the consent of a parent or guardian of the child. We may collect and/or process children’s personal information or special personal information as a result of our business relationship, but will only do so with consent or if otherwise allowed by POPI.
14. Retention of information
We take reasonable steps to ensure that we only process personal information for the period necessary for the purposes set out in this policy, including any period necessary to establish, exercise or defend any legal rights. We therefore retain personal information in accordance with the required retention periods in terms of any laws that require specific retention periods, or otherwise in terms of POPI or for legitimate business purposes. We may retain information indefinitely in a de-identified format for research and statistical purposes, which may include for example statistics of how you use the website and services.
15. Security breach
We will report any security breach to the applicable regulatory authority in terms of POPI and to the data subjects whose personal information is involved in the breach. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, please send an email to firstname.lastname@example.org
16. Lodging a complaint
If you want to raise any objection or have any queries about our privacy practices, you can contact our information officer at email@example.com or firstname.lastname@example.org You also have the right to formally lodge a complaint as follows: