DATA PRIVACY POLICY FOR SIMBISA BRANDS ONLINE AND APP SERVICES
Definitions
The following terms are used throughout the Policy and are defined as follows:
A 'Cookie' refers to a small software application which allows a website to recognize a previous user and to observe how a user navigates within a website. These are used by Us to improve the navigational experience of customers/visitors to Our websites and to make them easier to use.
'Data' 'personal data' 'information' means information that can identify an individual such as their name, identification number, address, telephone number.
Scope
The adoption and implementation of this Policy is done in line with Our commitment to processing data in accordance with the legislation of the various markets We operate in. However, given the spread of those markets, for the purposes of this Policy, We shall use the seven (7) principles of the GDPR Data Protection Act ('GDPR Act'), which are broad and all encompassing. These principles are:
Lawfulness, fairness and transparency: meaning the data subject has given Us consent to use their personal information in terms of a contract, and the information can be collected under law.
Specific purpose: meaning the data is collected for a stated reason which is clearly communicated to its data subjects.
Data minimisation: meaning the use of data being relevant and limited to the purpose for which it is collected.
Accuracy: meaning We must take reasonable steps to ensure the data collected is accurate and kept up-to-date.
Storage Limitation: meaning personal data should not be held any longer than it is required for and where such data is no longer required it should be erased.
Security and confidentiality: meaning We must determine and ensure that there is adequate security and back-up measures in place to keep the data secure.
Accountability: meaning We should show that We are complying with these principles in terms of having a Data Privacy Policy in place, security measures, a Data Protection Officer(s) and adopting any relevant documentation such as cascading of the policy into contracts.
Collection of Data
We collect personal information for a range of business purposes from sources such as its clients, customers, employees, contractors and other individuals, through:
Direct means such as telephone calls, emails, third parties, registration as a customer on the Platforms to facilitate the delivery of food; or
indirectly through browser cookies when Our websites are viewed.
This personal information includes names, addresses (whether residential or business), mobile or telephone numbers, e-mail addresses (whether personal or work) and job designations of our clients, customers, employees, contractors etc.
Information we collect during the provision of our services to our clients would generally be of a more detailed nature such as financial information.
Our main purpose for facilitating the registration and/or collection of personal data is for Us to:
Provide services such as the delivery of food through the Platforms and/or the Call Centre;
Respond to Customer requests;
Maintain Customer relationship(s);
Notify/market Our product offerings and developments to Our Customers;
Internal Reporting and management;
Assist in the scoping and recruitment of staff; and/or
Any other purpose related to our business
Customers have the right to opt-in or opt-out of the holding and processing of their personal information for such marketing and/or service provision from Us. Therefore, notices to this effect shall be included in various website cookies, customer terms and conditions and any other relevant documentation. You may withdraw consent or object to certain uses by following opt-out mechanisms provided.
Any collection or use of Customer data should be done in terms of this Policy and/or as dictated by applicable legislation in the respective markets.
Disclosure of Personal Information to Third Parties:
As a general rule, We treat all Personal Information as strictly confidential and do not routinely disclose, share, sell, trade or otherwise misuse such information to third parties unless:
such use or disclosure is permitted by this Policy and/or the applicable legislation in the respective market;
We believe it necessary in order to provide Our Customer with a product or service which they have requested or contracted to;
It is to protect the rights, property or personal safety of a Customer, in the public interest, and/or Our interest;
some or all of Our assets or operations are transferred to another party as part of a sale or business transaction;
The customer has given their consent; and/or
The information is non-personal, de-identified and aggregated information for research or promotional purposes.
As We use a range of service providers to assist Us in maximizing the quality and efficiency of Our services and business operations (including internal business requirements, such as recruitment and human capital requirements). This means that individuals and/organisations (such as independent contractors, travel service providers, mail houses, off-site security storage providers, website hosts, electronic database managers, event managers, credit managers and debt collecting agencies) outside of Us may have access to personal information held by Us and/or may collect and/or use such data on Our behalf. In such instances, We shall take all reasonable steps to prevent unauthorised access to, or misuse of such Personal Information, ensure that these service providers adhere to this Policy and do not use such data for any unauthorised purposes.
We may obtain products or services offered by a third party pursuant to an agreement between Us and that third party. In such cases We may provide the customer's data to that third party, including information around the customer's use of such services.
To use the Service, You must be of legal majority age and above as specified in your market. Should We discover that You are below the legal age of majority or that you have inadvertently been given access despite not being of legal age of majority, We will delete all of Your personal information that was supplied and stored.
You may be permitted to post comments, feedback, or other content through the Platforms. By submitting such content, you grant Us a non-exclusive, royalty-free, worldwide licence to use, reproduce, and display such content for operational and promotional purposes. We reserve the right to remove any content at Our sole discretion and disclaim any liability for infringement resulting from user-submitted material.
Your consent for the collection and processing of your personal data is obtained through explicit opt-in mechanisms, including checkboxes, cookie banners, and acceptance of these Terms. You may withdraw your consent at any time by contacting the designated Data Protection Officer in your market.
Transfer of information outside countries
Transfer between Simbisa Brands entities:
As a transnational organisation, We may exchange customer data between countries whose data protection laws may differ. Where there is a difference between the Policy and local laws, We will adhere to local laws.
Transfer and/or backing-up of information outside of the market:
We may also use facilities or contractors outside a market to process or back-up Our information or to obtain certain services. As a result, personal information may be transferred to overseas facilities or contractors for these purposes. The application of this will be done in accordance with local legislation.
Privacy on Our web sites and/or Mobile Applications:
This policy also applies to any personal information collected through our Platforms, where the customer provides such information:
directly, such as where the Customer makes a request or completes a registration form; and/or
Indirectly through cookies which may be used on some areas of Our websites.
Where We provide links to websites operated by third parties, We will not be responsible for the privacy practices or policies of those sites where the Customer may disclose their information.
Security of personal information:
We shall ensure that personal information is accurate, up-to-date and securely stored, in electronic format or hard copy. The related confidentiality and security obligations will be cascaded down to the relevant data processors and Our employees with access.
In line with industry best practice, where there is no longer a legal or business need for Us to retain the personal data, it will be destroyed or archived as non-identifiable data.
Access to information:
We shall provide You with access to Your information upon request and provision of adequate identification in the form of a driver's license, current passport and/or national identification card.
This may require an administration fee to cover the cost of accessing and/or providing the data.
Data Protection Officers
We shall appoint a Data Protection Officer in each market who shall be responsible for the compliance of that market to this Policy and local legislation.
Where no formal appointment is made of a market Data Protection Officer, the role shall default to the market's Country Finance Director / Finance Manager.
Amendments to the Policy
We operate in a dynamic business environment, over time, aspects of Our business may be changed as we respond to changing market conditions. This may require that Our policies, such as this one, be reviewed and revised, which We reserve the right to do. In such an event, the market will be advised of the change(s) through the appointed Data Protection Officer.
Such changes will become effective upon Us posting them on Our Platforms Apps and/or website and they will become part of these Terms as referred to in clause 11.8. Your continued use of such service after such change will constitute consent on Your part.
