Privacy Policy
INTRODUCTION
This Privacy Policy (“Policy”) governs the processing of Personal Information by https://melissarae.co.za/ (“We”, “Us”, “Our”, “Ourselves”), in accordance with the Protection of Personal Information Act, 2013.
This Policy describes the manner in which We Process Personal Information, under Your instruction (the “Customer”), in order to provide You with Our Services.
OUR COMMITMENT
Where We Process Your Personal Information, We are committed to doing so in a lawful, accountable and transparent manner.
Where We Process the Personal Information of Third-Party Data Subjects, for and on Your behalf, We are committed to doing so in a confidential and secure manner, and within the ambit of Your express instructions. We encourage You to read this Policy carefully and contact Us with any questions in regard to Our privacy practices.
By requesting Our Services and accepting Our Agreement, You signify that: (i) You have read and understood this Policy; (ii) You consent to Us processing Your Personal Information in order to provide You with Our Services; and (iii) You have no objections to Our Processing of Third-Party Data Subject Personal Information in accordance with this Policy.
We may amend this Policy at any time. All amended terms shall be effective immediately upon the posting of the revised Policy on Our website (melissarae.co.za) and any subsequent activity in relation to Our Processing of Personal Information shall be governed by the amended Policy. You are advised to regularly visit melissarae.co.za for any amendments or updates.
This Policy was last revised on 30 June 2021.
For enquiries, please contact us via melissarae.co.za.
- DEFINITIONS
In this Policy the following definitions shall apply:
- “Data Protection Law” shall mean the Protection of Personal Information Act, 2013;
- “Data Processing Agreement” shall mean Our Data Processing Agreement which You signed when requesting and accepting Our Services;
- “Data Subject/s” shall mean You, the Customer, in Your capacity as a natural or juristic person to whom Personal Information relates;
- “Data Breach” shall mean an actual or reasonably suspected breach of security leading to the accidental or unlawful access to, or unauthorised disclosure of, or destruction, loss, alteration, of Personal Information transmitted, stored or otherwise processed;
- “Third-Party Data Subject/s” shall mean any third-party natural or juristic person to whom Personal Information relates;
- “Operator” shall mean a person who processes personal information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party;
- “Personal Information” shall mean any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
- “Policy” means this Privacy Policy;
- “Process/Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including — (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information;
- “Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
- “Services” means any services, which We provide to You;
- “Sub-Operator/s” means any Third-Party who Processes Personal Information under Our instruction, on Your behalf, in order to enable Us to Provide You with Our Services; and
- “Third-Party/Third-Parties” shall mean any other natural person that is not You or Us. In the context of this Policy, Third-Parties may include, but shall not be limited to: (i) Sub-Operators; (ii) Third-Party Data Subjects; and (iii) third-party actors who are not authorised to Process Personal Information.
- WHEN DO WE PROCESS PERSONAL INFORMATION?
- We will only process Personal Information where:
- In respect of Your Personal Information:
- You have consented to such processing (which You may withdraw at any time);
- the Processing is necessary to carry out actions for the conclusion or performance of Our contract with You;
- The Processing is necessary for Our legitimate interests or those of any Third-Party recipients that may receive Personal Information; or
- We have another lawful basis upon which to process Your Personal Information.
- In respect of Third-Party Data Subject Personal Information:
- You have instructed Us to do so;
- You have warranted that You have obtained a lawful basis to share such Personal Information with Ourselves for Processing; and
- We act in accordance with Your instructions.
- CONSENTS & PURPOSES FOR PROCESSING PERSONAL INFORMATION
Consent For Collection Of Personal Information
- In order to provide You with Our Services, We will be required to collect Your Personal Information from time to time. Accordingly, You expressly consent to the collection of Your Personal Information for the general purpose of providing You Our Services.
- Where You submit Personal Information of Third-Party Data Subjects to Us, or where We collect Personal Information of Third-Party Data Subjects on Your behalf, You warrant that You have obtained the necessary consents and/or lawful bases to instruct Us to do so.
Purposes For Processing And Consents Thereto
- We primarily Process Personal Information that has been collected in order to provide Our Services to You. In doing so, Our purposes for collecting Your Personal Information, or that of Third-Party Data Subjects, include:
-
- Identifying You, as Our Customer;
- Facilitating communication between Ourselves and Yourself;
- Sending You monthly e-mail newsletters;
-
- Processing, billing and collecting payments from You;
- Assessing Your use of and satisfaction with Our website and/or Services;
- Updating You on changes to Our Services, website and policies;
- Backup log of all website data including enquiries.
- Provide Our Services to You;
- Collecting and sharing the details of Third-Party Data Subjects with You;
- Otherwise complying with the law (including the requirements in the Regulation of Interception of Communications and Provision of Communication- Related Information Act (RICA) 70 of 2002), specifically in response to a demand from government authorities where such demand meets the legal requirements, and
For each of the specified purposes listed above, You hereby grant Us Your express consent to Process Your Personal Information. You have the right to object to one or more of the specific purposes listed above and may do so in accordance with the procedure set out in Section 6 of this Policy.
Further Processing
- We expressly acknowledge and undertake to not use any Personal Information for any other purposes that are incompatible with the above purposes, without: (i) obtaining Your consent or (ii) having another lawful basis for such further Processing.
- In the event that a further purpose is incompatible with one of the original purposes listed above, We may update this Policy reflecting such changes.
- COLLECTION OF PERSONAL INFORMATION: WHAT & HOW
What Personal Information We Collect
- The Personal Information that We collect will vary depending on the types of Services that You have requested.
- Your Personal Information: When requesting and using Our Services, We collect information relating to You, either as a juristic person or as a natural person. The types of Personal Information that We collect include:
- Your name; surname; ID number; personal details about Your wellbeing;
- physical addresses, email addresses, phone numbers; relating to You;
- Third-Party Data Subject Personal Information: When using Our Services, We may collect information relating to Third-Party Data Subjects. The types of Personal Information that We collect include:
- names and surnames;
- email addresses;
- phone numbers; and
- device/online identifiers.
- Automatically Collected Information: We may also collect other information, such as Your IP address, search terms and a range of other runtime and usage Analytics. The technologies We use for automatic data collection include traditional Cookies and Google Analytics Tags, which are described in, and are subject to, Our Cookie Policy — available at melissarae.co.za.
How We Collect Personal Information
- We collect Your Personal Information or that of Third-Party Data Subjects, either directly or indirectly, including, without limitation, when:
- You provide Us with, or submit Your details when requesting and accepting Our Services;
- You provide Us with Personal Information of Third-Party Data Subjects;
- You sign up for Our newsletter or otherwise communicate with Us via e-mail or telephone; or when
Accuracy of Personal Information
- You warrant that You have taken steps to ensure that any and all Personal Information that is provided to Us, or that We collect on Your behalf, is accurate and up-to-date.
- In the event that any of the Personal Information that You provide to Us contains any errors or inaccuracies, You agree to indemnify and hold Us, Our officers, directors, employees, agents, and members harmless from and against any claims, damages, actions and liabilities including without limitation, loss of profits, direct, indirect, incidental, special, consequential or punitive damages arising out of Our use of, or reliance on such Personal Information.
- You also agree to notify Us immediately if You become aware that any Personal Information that has been provided to Us, or that We have collected for and on Your behalf, has been unlawfully obtained. by another person without Your consent or if You did not obtain consent before providing another person’s Personal Information to Us.
- SHARING OF PERSONAL INFORMATION
- We do not and will not sell, rent out or trade Personal Information.
- We only share Personal Information with Third-Parties in the manner set out in this Policy and in accordance with Our Data Protection Agreement. Note that the term ‘share’ includes the act of ‘disclosing’; ‘transferring’; ‘sending’ or otherwise making Personal Information available or accessible to another person or entity.
- We do not permit any of Our necessary Third-Parties to use Your Personal Information for any other purpose than to perform the services that We have instructed them to provide.
- We may share aggregated statistical information with Third-Parties (including Our commercial partners) for advertising or marketing purposes. No Personal Information will be shared in this manner.
- Other than the above, We will not disclose Your Personal Information unless We reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorised or required by law (including the Data Protection Law).
- YOUR RIGHTS
Your Personal Information
- In respect of Your Personal Information, You may choose when, how and what Personal Information You wish to provide to Us. To the extent provided for in law, You also have certain rights in respect of Your Personal Information. In particular:
- Withdrawal of Consent: You may withdraw Your consent at any time by sending a written request via https://melissarae.co.za. Upon receiving notice that You have revoked Your consent, We will stop using Your Personal Information within a reasonable time, which will vary depending on what information We have collected and for what purpose, and We will send You a confirmation email stating same.
- Access or obtain a Copy of Your Personal Information: You have the right to examine any of Your Personal Information that We collect/process. Should You wish to examine the Personal Information We hold about You, or obtain a copy thereof, please send Us a written request via https://melissarae.co.za. We reserve the right to charge You a reasonable administrative fee to access and/or obtain a physical copy of Your Personal Information.
- Update, Modify, Rectify, Erase: the Personal Information that We hold on You; and
- Object to the processing of Your Personal Information or Restrict Us from processing any of the Personal Information which We hold on You, including by withdrawing any consent You have previously given to the processing of such information.
Enforcing Your Rights
- The above rights are not absolute, and We therefore reserve the right to refuse any requests in terms of the above-mentioned rights, for any reason permitted under the Data Protection Law or in terms of the Promotion of Access to Information Act, 2000.
- In the event that You wish to enforce any of the above rights, You can request this by emailing Us via https://melissarae.co.za. Furthermore, You also have the right to lodge a complaint with the South African Information Regulator.
- SECURITY OF INFORMATION
Technical & Organisational Security Measures
- We are committed to safeguarding and protecting any Personal Information in Our possession and We undertake to implement and maintain appropriate technical and organisational measures to safeguard any such Personal Information from: (i) accidental or unlawful destruction; (ii) loss or alteration, as well as (iii) the unauthorised disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.
- We have various security measures in place to protect the Personal Information We hold from loss and misuse, and from unauthorised access, modification, disclosure and interference – We review these processes regularly and improve them when required.
- We will destroy or de-identify Personal Information once We no longer require it for Our business purposes, or as required by law.
Breach Notifications
- Where We have reasonable grounds to believe that Personal Information in Our possession has been subject to a Data Breach, We will,:
- where Your Personal Information has been compromised: undertake to notify You of such a breach as soon as reasonably possible after it is discovered. However, where a public body responsible for the prevention, detection or investigation of offences (South African Police Force / Crime Intelligence) or the Information Regulator determines that notification will impede a criminal investigation, such notification to You will be delayed.
- Notwithstanding the above, it is emphasised that even though We have taken significant steps to protect the Personal Information in Our possession, You acknowledge and understand that no organisation, including Ours, can fully protect against security risks associated with the processing of Personal Information online.
- HOW LONG DO WE RETAIN PERSONAL INFORMATION?
- We retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy.
- When determining how long to retain Personal Information, We take into account the necessity of the Personal Information for the provision of Our services, as well as the requirements of Our Sub-Operators, applicable laws, regulations and Our legal obligations. We may also retain records to investigate or defend against potential legal claims.
- When retention of Personal Information is no longer necessary, such information will either be deleted or aggregated for analytical purposes, in which We case We will de-identify the Personal Information.
- CROSS-BORDER TRANSFERS
- In delivering Our Services, We will be required to transfer Personal Information outside of the Republic of South Africa to one or more Sub-Operators. When doing so, We take all possible measures to ensure that Our Sub-Operators are subject to appropriate confidentiality and security obligations in respect of the Personal Information that they receive and Process.
Consents for Cross-Border Transfers
- In respect of Your Personal Information: You hereby expressly consent to such cross-border transfers.
- In respect of Third-Party Data Subject Personal Information: You represent and warrant that You have obtained adequate consents from Third-Party Data Subjects for such transfers, or You have another lawful basis to instruct such cross-border transfers.
- THIRD PARTY WEBSITES
- When using Our website, accessing one of Our Platforms, or engaging with one of Our monthly newsletters, You may be provided with links to Third-Party websites, platforms, or online services. These linked sites are not under Our control, and We cannot accept responsibility for the conduct or privacy practices of any Third-Parties that We may hyperlink.
- Before disclosing Your Personal Information on any other website, platform or online service, We encourage You to examine the terms and conditions and privacy practices of such Third-Parties.
- CONTACT
If You have any questions about this Privacy Policy or the way in which We handle Personal Information, or if You wish to invoke any of Your rights described in Section 6 above, please contact us via https://melissarae.co.za/.