PRIVACY POLICY
1. INTRODUCTION
1.1 This Privacy Policy ("Policy") describes how Rwesana Consultants ("RWESANA CONSULTANTS", "we" or "us") processes your personal information when you (“you” or “data subject”)–
1.1.1 visit the RWESANA CONSULTANTS website at www.rwesana.co.za;
1.1.2 engage with us as a supplier or stakeholder; and/or
1.1.3 apply for a position at RWESANA CONSULTANTS, or are employed as an employee or appointed as a contractor to RWESANA CONSULTANTS.
1.2 This Policy must, as is appropriate, be read together with any other documents or agreements between you and RWESANA CONSULTANTS (the "Agreements").
2. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION?
2.1 RWESANA CONSULTANTS is the 'responsible party' (i.e., the organisation responsible, alone or in conjunction with others) for determining the purposes of and means for processing the personal information collected from you and used for the purposes of applicable data privacy laws, principles and regulations, including the Protection of Personal Information Act ("POPIA") and any other data protection laws (collectively, "Data Privacy Law").
2.2 This Policy does not apply to the processing of personal information by third parties in relation to or by means of third party websites, products, or services, such as websites linked to or advertised on our website or through our products and services, or websites which link to or advertise our website or our products and services. We are not responsible for the privacy practices of such third parties (including Members) or third-party websites, or for any claims, loss or damage arising from these practices.
3. WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect the following personal information from you –
3.1 RWESANA CONSULTANTS website visitors or users
3.1.1 When you visit the RWESANA CONSULTANTS website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, geographic location, and some of the cookies that are installed on your device. We refer to this automatically collected information as “Device Information”.
3.1.2 We collect Device Information using the following technologies –
3.1.2.1 “Cookies”, which are electronic data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
3.1.2.2 “Log files”, which track actions occurring on the website and collect data including your IP address, browser type, Internet service provider, referral/exit pages, and date/time stamps.
3.1.2.3 “Web beacons”, “tags”, and “pixels”, which are electronic data files used to record information about how you browse the website.
3.1.2.4 Your geographic location information, which is based on your mobile network operator's tower details, GPS (Global Positioning System) and/or WIFI communications network location.
3.1.2.5 Information that you provide to us and/or allow the website to access.
3.2 Suppliers and Stakeholders
3.2.1 Identification information: Organisation/entity name, registration number, registered address.
3.2.2 Contact information: organisation/entity representative's name, email address, cell phone number.
3.2.3 Correspondence: All correspondence between you and RWESANA CONSULTANTS.
3.2.4 Other: Any personal information, with particular reference to information relating to incidents, which you voluntarily disclose or submit to RWESANA CONSULTANTS and which may include tax and banking information.
3.3 Employees and prospective employees
3.3.1 Biographic Information: Full name, gender, date of birth, identity number or passport number (as applicable), photograph, nationality, marital status.
3.3.2 Contact Information: Your home and postal address, telephone number, email address.
3.3.3 Employment History and Information: Current job title, details of employment history including employer's names and details, performance information (including management metrics, appraisals, feedback), any disciplinary records, salary expectations.
3.3.4 Education Records: Academic records, proof of qualification.
3.3.5 Criminal Record Criminal record (where permissible and in accordance with applicable law).
3.3.6 CCTV: Information captured on security systems, including CCTV and key token entry systems.
3.3.7 Third Party Personal Information: Emergency contact's personal information (including full name, telephone number, email address), employer's contact details (if listed as a contactable reference).
3.3.8 Financial Information: Bank account details, taxpayer information.
3.3.9 Health, Medical and Biometric Information: Information about any critical medical health issues and medication (if applicable to such conditions), any information about special needs and physical limitations, facial recognition.
3.3.10 Screening Information: The results of drug and alcohol testing, screening, health certifications, COVID-19 screenings (where permissible and in accordance with applicable law).
3.3.11 Policy Information: Acknowledgements regarding our policies, including this Policy.
3.3.12 Security Access Information: Key token entry systems.
3.3.13 IT Information and Correspondence: Information required to provide access to our IT systems and networks such as IP addresses, log files and login information, voicemails, emails, correspondence and other work product and communications created, stored or transmitted by an employee using our computers or communications equipment.
3.3.14 Other Personal Information: This may include information provided through internal surveys, posted on our notice boards or intranet, such as photographs, birthdays or biographical details.
3.3.15 Exit Information: Date of resignation or termination, reason for resignation or termination, and information relating to administering termination of employment (e.g., references).
3.4 There may be instances in which the personal information that you provide to us or which we collect constitutes a third party’s personal information or personal information of someone other than yourself. Where you provide a third party's personal information to us, you warrant that the information is accurate and that you have the necessary consent to share the personal information with us, unless you have another lawful basis for sharing the personal information with us.
3.5 When we talk about “personal information” in this Policy, we are talking about all the above listed personal information.
4. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
4.1 Most of the personal information we process about you is information that you knowingly provide to us (i.e., personal information that you provide directly to us). However, in some instances, we process personal information that we are able to infer about you based on other information you provide to us (such as supporting documents) or based on our interactions with you, or personal information about you that we receive indirectly from a third party using a process that we have told you about.
4.2 Unless otherwise stated, all of the information we request from you is obligatory. If you do not provide and/or allow us to process all the obligatory information as requested, we will not be able to keep complete information about you, thus affecting our ability to accomplish the stated purposes for processing your personal information.
5. HOW WE USE YOUR PERSONAL INFORMATION (PURPOSE AND LAWFUL BASIS)?
We process the above listed personal information for the following reasons –
5.1 RWESANA CONSULTANTS website visitors or users
5.1.1 We process Device Information for the purposes of screening for potential risk and fraud (in particular, IP address), and more generally for the purposes of improving and optimising our website.
5.1.2 Our lawful basis for processing Device Information is based on the following reasons –
5.1.2.1 Consent: When we use cookies, we will process Device Information with prior consent.
5.1.2.2 Our legitimate interests: We process Device Information in line with our legitimate business interests, which interests are not overridden by the data subject’s data protection interests or fundamental rights and freedoms.
5.2 Suppliers and Stakeholders
5.2.1 We process supplier and stakeholder personal information for the following purposes –
5.2.1.1 to enter into and perform in terms of any agreement we have with suppliers and stakeholders
5.2.1.2 to communicate with suppliers and stakeholders; and
5.2.1.3 to comply with our legal obligations.
5.2.2 Our lawful basis for processing supplier and stakeholder personal information is based on the following reasons –
5.2.2.1 Contract: We process supplier and stakeholder personal information to the extent it is necessary to conclude or perform under the agreements we have with suppliers and stakeholders.
5.2.2.2 Legal obligation: We have certain legal obligations which require us to process supplier and stakeholder personal information.
5.3 Employees and prospective employees
5.3.1 We process employees’ and prospective employees’ personal information for the following purposes:
5.3.1.1 In respect of Biographic Information, Contact Information, Employment history and Information, Educational Records: To evaluate applications for employment and to decide on the data subject’s suitability for employment; to manage all aspects of the employment relationship (including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource-related processes)
5.3.1.2 In respect of Criminal Record and CCTV: To assess the data subject’s suitability for employment, to prevent and detect crime, to protect the health and safety of our customers and employees, to manage and protect our property and the property of our employees, clients and other visitors.
5.3.1.3 In respect of Third Party Personal Information: To notify the data subject’s emergency contact in the event of an emergency; to contact beneficiaries in respect of benefits; to contact the data subject’s references as part of the recruitment process.
5.3.1.4 In respect of Financial Information: To manage payroll and facilitate payment to the data subject and to comply with applicable tax and employment laws.
5.3.1.5 In respect of Health, Medical and Biometric Information (including facial recognition): To monitor the period of time worked, attendance at the office, maintain sickness records and occupational health programs.
5.3.1.6 In respect of Screening Information: To protect the health and safety of our clients and employees and to comply with applicable health and safety laws.
5.3.1.7 In respect of Policy Information: To ensure that the data subject has read and understood the policies applicable to the workplace.
5.3.1.8 In respect of Security Access Information: To provide the data subject access to the premises and to monitor which employees are on premises for the purpose of safety and security.
5.3.1.9 In respect of IT Information and Correspondence: To protect the safety and security of RWESANA CONSULTANTS, its members, employees and property; to assess work performance and whether facilities are being used in accordance with acceptable use policies in effect.
5.3.1.10 In respect of any Other Personal Information: To conduct employee opinion surveys and to promote the data subject’s profile within RWESANA CONSULTANTS.
5.3.1.11 In respect of Exit Information: To administer termination of employment and provide and maintain references.
5.3.2 If you are a staff member, employee or prospective employee, we may need to collect information about your race, ethnic origins, gender, and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws, or we may process information about your health to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.
5.4 Our lawful basis for processing employees’ and prospective employees’ personal information is based on the following reasons –
5.4.1 Contract: We will process employees’ and prospective employees’ personal information to the extent that it is necessary to conclude or perform under the contract we have with employees or prospective employees.
5.4.2 Legal obligation: As an employer, we have certain legal obligations which require us to process employees’ or prospective employees’ personal information. This includes processing for tax purposes and employment equity legislation.
5.4.3 Consent: In certain instances, we will only process employees’ or prospective employees’ personal information with their consent.
5.4.4 Legitimate interests: In all other instances, we process employees’ or prospective employees’ personal information in line with our legitimate business interests in employing an employee or prospective employee, which interest is not overridden by data protection interests or fundamental rights and freedoms.
6. SHARING YOUR PERSONAL INFORMATION
6.1 We may share your personal information in the following circumstances –
6.1.1 We may share your personal information with third party service providers that help us process your personal information for the purposes as described above. Service providers include: our professional advisors (e.g., legal, financial, risk management and others); bankers; auditors; our insurers and insurance brokers; our payroll provider; and our IT service providers.
6.1.2 In respect of suppliers, or stakeholders' personal information, we may share your personal information with other members of RWESANA CONSULTANTS and law enforcement if such sharing is aligned with our purposes and legitimate interests or in accordance with applicable laws.
6.1.3 We may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights or our legitimate interests.
6.1.4 In respect of RWESANA CONSULTANTS website visitors or users, we may share your personal information with Google Analytics to help us understand how our visitors use the website — you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
7. INTERNATIONAL DATA TRANSFERS
7.1 RWESANA CONSULTANTS may transfer your personal information to third parties in foreign countries for the purposes of processing that information in the following circumstances:
7.1.1 Applicable Law: Where the foreign third party is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection that effectively upholds principles for the reasonable processing of personal information and further transfer of personal information to other third parties in a foreign country, and on conditions substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person, in terms of the Protection of Personal Information Act, Act 4 of 2013.
7.1.2 Consent: Where you consent to the transfer of your personal information to third parties in foreign countries.
7.1.3 Contract: Where the transfer of your personal information to third parties in foreign countries is necessary to conclude or perform under a contract we have with you.
7.1.4 Legal obligation: Where the transfer of your personal information to third parties in foreign countries is necessary to conclude or perform under a contract we have with third parties in your interest or benefit.
8. SECURITY SAFEGUARDS
8.1 Our website is scanned from time to time for security weaknesses and known vulnerabilities in order to make your visit to our website as safe as possible. We also use regular malware scanning. Your personal information is held on secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
8.2 Our computer systems and network are protected by firewalls with geo-location blocking which enables us to restrict access only to users with the requisite authorisation. Additionally, the use of multi-factor authenticated virtual private network connections enable us to monitor and control remote access requests.
8.3 Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by applicable law and other applicable laws. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you, so that you can take the appropriate actions for the due protection of your rights.
9. DIRECT MARKETING
9.1 We may process your personal information for the purpose of direct marketing if (i) you have specifically consented (or "opted in") to receive such communication; or (ii) you are a Member of RWESANA CONSULTANTS. You can, at any time, opt-out or reject such communication. You can also opt-out of all direct marketing here: https://dmasa.org/page/register-opt-out-service
10. YOUR RIGHTS
10.1 In terms of Data Privacy Laws, you have certain rights including, without limitation –
10.1.1 Right to notice: You have a right to be notified that your personal information is being collected n terms of Section 18 of the Protection of Personal Information Act, Act 4 of 2013, and you have right to be notified that your personal information has been accessed or acquired by an unauthorised person in terms of Section 22 of the Protection of Personal Information Act, Act 4 of 2013.
10.1.2 Right to access: You can request a copy of any record (or in the absence of a record) a description of your personal information held by us.
10.1.3 Right to rectification: You can require us to have inaccurate personal information corrected.
10.1.4 Right to object: You can object to the processing of your personal information at any time, on reasonable grounds relating to your particular situation, unless the processing is required by law.
10.1.5 Right to erasure: You can require us to erase, delete, or destroy personal information in certain circumstances where there is no lawful basis for us to retain such personal information. Please note, however, that in some instances we must retain your personal information for certain periods of time as required by law.
10.1.6 Right to restrict: You can require us to restrict our processing of your personal information in certain circumstances.
10.1.7 Right to withdraw consent: You can withdraw any consent that you have given us to process your personal information and you can prevent further processing if there is no other legitimate ground upon which we can process your personal information.
10.1.8 Right to complain: You can raise a complaint about our processing with the data protection regulator in your jurisdiction, or with our Information Officer.
10.1.9 Right to reject cookies: You can reject the use of cookies by changing your browser settings or clicking "reject" when you first enter our website.
10.2 You have a duty to inform us of changes to your personal information: It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
11. DATA RETENTION
11.1 We will keep records of your personal information for no longer than is necessary for the purposes for which we obtained them or for any other authorised purposes.
11.2 The limitation listed above will not apply in the following circumstances –
11.2.1 where the retention of the record is required or authorised by law;
11.2.2 where RWESANA CONSULTANTS requires the record to fulfil its lawful functions or activities;
11.2.3 where retention of the record is required by a contract between the parties thereto;
11.2.4 where you (or a competent person, where you are a child) has consented to such longer retention; or
11.2.5 where the record is retained for historical, research or statistical purposes, provided that safeguards are put in place to prevent use for any other purpose.
12. CHANGES
12.1 We may update this Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. To assist you, this Policy has an effective date set out at the end of this document. The latest version of this Policy will be stored on the RWESANA CONSULTANTS website.
13. MINORS
13.1 The website and RWESANA CONSULTANTS's services are not intended for individuals under the age of 18. We will not knowingly process the personal information of people under the age of 18 without express consent from a parent or guardian to do so.
14. CONTACT US
14.1 For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us –
14.1.1 Responsible party: Rwesana Consultants (Pty) Ltd
14.1.2 Registered address: 2 Bruton Road, Block A, Nicol on Main Office Park, Bryanston, Johannesburg, 2191
14.1.3 Information Officer: Madelyn Senekal
14.1.4 Information Officer's contact information: 010 300 0940
15. RIGHT TO COMPLAIN
15.1 You have the right to complain to the relevant regulator, if you believe that the processing of your personal information by us is in breach of applicable Data Privacy Laws, with the contact information of the South African Information Regulator being provided below:
15.1.1 JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
This Policy is effective as of 1 Feburary 2025.