PRIVACY POLICY – CROSSFIT JOZI (PTY) LTD
The coming into effect of the Protection of Personal Information Act No. 4 of 2013 (referred to as “POPIA”) on 1 July 2020, known as POPIA, sets conditions for how information can be processed. POPIA aims to ensure that Personal Information is processed in line with internationally accepted data protection principles. One’s privacy is also governed by the PAIA (Promotion of Access to Information Act). This Privacy Policy is in terms of both POPIA and PAIA.
POPIA is intended to protect both natural and juristic persons (Data Subjects) from harm by protecting their personal information. POPIA ensures that all websites, companies, and organisations (Responsible Parties) that hold, and process personal information do so carefully and with respect for the rights and interests of the data subjects.
This Privacy Policy of CrossFit Jozi (Pty) Ltd regulates how we collect and use the information that we have about all our customers, suppliers and employees and your rights in this regard. Your right to privacy is important to us and therefore, we set out to treat your personal information as private and confidential. We are committed to taking steps to protect your privacy when you use our website, services and/or materials provided by us, and we apply business practices that comply with the POPIA. In this Privacy Policy, we explain how we will use and protect your Personal Information in terms of Applicable Law.
Please read this Privacy Policy carefully as it applies as soon as you make use of our website, purchase our goods and/or employ our services as this creates a legally binding agreement between us. Without your personal information, we may not be able to provide you, or continue to provide you, the products and/or services that you need.
Your use of our website and/or services is regulated by this Privacy Policy and any other terms available on our website or agreements that you enter with us.
We may, without advance notice, modify the terms of this Privacy Policy. Your continued use of our website and/or services, indicates your acceptance of this Privacy Policy at the time of such use by accepting the Cookie policy discussed later in this policy.
The current version of this Privacy Policy that applies each time you visit or use our website or services will regulate our relationship.
E-mail Disclaimer
All CrossFit Jozi (Pty) Ltd e-mails, as well as any files transmitted with it, is confidential and may well contain information which is legally privileged/and or may house personal details relating to the sender and/or other third parties. It is intended solely for the use of the individual or the entity to whom the e-mail is addressed, who has given the sender permission as required under the POPIA to make use of their personal and confidential details.
Any use of the personal or confidential information housed in e-mails and/or any disclosure, copying, distribution, dissemination, or publication of the information contained in any e-mail is strictly prohibited, unless you have been permitted thereto by the sender, and might be a breach of confidence and/or POPIA.
If you are not the intended recipient of any e-mail, please return the e-mail immediately to the sender and then delete this message from your system. Following the above please note that the sender and in particular CrossFit Jozi is not liable for the improper use or transmission of this information nor for any delay in its receipt, or for any breach of the confidentiality and/or any breach of the provisions of POPIA and CrossFit Jozi’s and the sender’s rights are herewith strictly reserved.
Personal Information
Where we refer to “Personal Information” we mean personal information as defined in POPIA, being information that may be used to directly or indirectly identify you, whether as a natural or juristic person. Personal Information includes, for example, your name, surname, email address, identity number, contact details, photograph, banking details and location and for juristic person it will include company registration number, symbol, e-mail address, physical address, telephone numbers, location information, online identifier or other particular assignment to the juristic person.
Links To Third Party Websites
We may provide links to third-party websites including (without limitation) social media platforms, payment gateways, appointment scheduling and/or live chat platforms for the convenience of our users. CrossFit Jozi does not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. If you use or rely on any links on our website, you do so at your own risk. We encourage you to review the privacy policies of any third-party website before submitting any of your personal information.
Collecting Your Personal Information
We collect Personal Information about you from the following sources:
- directly from you when you provide it to us, such as when you sign up to use our Services or our website, contact us or during our relationship with you.
- from public sources where you have made your Personal Information public, such as on social media or company websites.
- from your use of the services; and
- from your use of our website or use of any features or resources available on or through our website.
Types of Information We Collect
Disidentified Information
Disidentified information is data about usage and service operation that is not directly associated with a specific data subjects’ identity. CrossFit Jozi may collect and analyse non-personally identifiable or disidentified information to evaluate how people use our website.
Aggregate Information
CrossFit Jozi may gather aggregate information, being information that your computer automatically provides to us and that cannot be tied back to you as a specific data subject. Examples include referral data (our websites you visited just before and just after our website), the pages viewed, time spent on our website, and Internet Protocol (IP) addresses. An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our websites, our servers log your IP address to create aggregate reports on user demographics and traffic patterns and for purposes of system administration. CrossFit Jozi uses Google Analytics available to all domains and no personal information is logged by using this service to keep track of movement on our website.
Cookies
Cookies are small files about browsing activity that are stored on a device’s web browser by the websites that are visited and are generally used to improve user experience. When you use our website, we automatically receive and record information on our server logs from your browser, such as your location, IP address, general internet usage and Google Analytics information. This is statistical data about browsing actions and patterns.
Cookies enable us to improve our Website and Services, estimate our audience size and usage patterns, store information about your preferences, save your password so that you don’t need to re-enter it each time you use our website, and recognise when you return to our website. The pop-up cookie notice will notify visitors about this feature when they land on our website, and they will be able to reject or approve the use of cookies for their visit.
We do not link non-personal information from cookies to Personal Information without your permission. Please note that third parties may also use cookies, but we do not have access to, or control over them, and therefore cannot take responsibility for them.
Personal Information
We use Personal Information to better understand your needs and interests and to provide you with our service. We may collect the following categories of Personal Information through our relationship with you:
- General personal details: your name and surname or similar information of a legal entity.
- Contact details: your address, contact number, and email address.
- User information: Personal Information included in correspondence, transaction documents, use of the services or other materials that we process in the course of providing our website and services.
- Consent records: records of any consents you have given us in respect of using your Personal Information and any related information, such as the specific details of the consent. We will also record any withdrawals or refusals of consent.
How We Use Your Information
We only process adequate and relevant Personal Information for the following purposes and legal bases:
- to perform in terms of our agreement with you (provide you with the services and access to our website, including registering an account with the intention to make a purchase, completing a purchase online with without registering an account, or completing and submitting an enquiry or contact form).
- operate and manage your account or your relationship with us, including facilitating customer credit applications.
- monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes contact you by email, push notifications or other means to inform you about our services, including for marketing purposes, unless you have opted-out of such communications (direct marketing).
- form a view of customer base and to identify, develop or improve our website and services that may interest you.
- carry out market research and surveys, business and statistical analysis and necessary audits.
- fraud prevention.
- perform other administrative and operational tasks like testing our processes and systems; monitoring our website’s usability, performance, and effectiveness; improving the experience, usability and content of our website and ensuring that our security measures are appropriate and adequate; and
- comply with our regulatory, legal or other obligations.
Information Sharing
CrossFit Jozi does not sell, rent, or lease any Personal Information of individuals or companies, including email addresses, to anyone for marketing or other purposes, and we take commercially reasonable steps to maintain the security of the Personal Information that we hold.
We will implement reasonable measures to keep your Personal Information confidential and only share it with others in terms of this Privacy Policy, or if you consent to it, or if the law requires from us to share it. We may disclose your Personal Information to:
- our business partners or third-party service providers and processors in order to provide you with access to our website and/or services, such as data storage service providers, couriers, etc. in accordance with written agreements with these third parties. accountants, auditors, lawyers, and other external professional advisors in terms of written agreements with them under a signed non-disclosure and confidentiality agreement protecting your personal information.
- We may disclose your personal information when legally required by government and/or a court of law.
International Transfers of Personal Information
Due to the nature of the Services and our business practices, we may need to transfer Personal Information to and from different countries for our business purposes and to provide the services.
As allowed by POPIA, we may transfer Personal Information to recipients in other countries, but we will only transfer Personal Information to third parties in countries with adequate data protection laws or do so in terms of a written agreement with the recipient which imposes data protection requirements on that party as required by POPIA.
Please note that when you transfer any Personal Information directly to a third party in another country (i.e., we do not send your Personal Information to the third party), CrossFit Jozi is not responsible for that transfer of Personal Information (and such transfer is not based on, or protected by, this Privacy Policy). Any Personal Information that we receive from a third-party country will nevertheless be processed in terms of this Privacy Policy.
Legal Rights in respect of your Personal Information
You have certain rights in relation to your Personal Information. As available and except as limited under POPIA or other applicable laws, you have the following rights in respect of your Personal Information:
- right of access: the right to be informed of and request access to the Personal Information that we process about you.
- right to rectification and erasure: you may request that your Personal Information be amended or updated where it is inaccurate or incomplete or that we delete your Personal Information, subject to applicable limitations and exceptions.
- right to restrict processing: you may request that we temporarily or permanently stop processing your Personal Information.
- right to object: you may object to us processing your Personal Information, and to your Personal Information being processed for direct marketing purposes.
- right not to be subject to automated decision-making: where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your Personal Information not be processed in that manner.
Where you have provided consent for us to process your Personal Information, you may also withdraw your consent where our processing is based on your consent. However, we may continue to process your Personal Information if another legal justification exists for the processing.
Access to and Accuracy of and Objection to Processing Personal Information
- Access: you have the right to request that we provide you with the list of Personal Information that we hold about you. You must contact us directly via telephone or by sending an email to [email protected].
- Quality: we want to ensure that your Personal Information is accurate and up to date. You may ask us to correct or remove any Personal Information that you think is inaccurate, by contacting us directly via telephone or by sending an email to [email protected]. We will request supporting documents to validate certain personal information provided. This will be communicated accordingly when required.
- Objection: you may, on reasonable grounds, object to us using your Personal Information for certain purposes. If you object, we will stop using your Personal Information, except if POPIA allows its continued use. To exercise this right or to discuss it with us, please send an e-mail to [email protected].
These requests may be subject to an access to information request in terms of POPIA or other applicable laws and we may require you to verify your identity, identify the rights you are wishing to exercise, and a fee will be charged for substantial and/or excessive requests.
Destruction of Personal Information
Once information has been used for the intended purpose, is over the legal retention limit and legally not required, it will be destroyed in the following methods:
- Hard Copies of Personal Information are shredded on site whilst Special Information is incinerated by a certified third party.
- Soft Copies of any information will be scrubbed from our databases by our IT department and third-party service providers upon request thereof.
Security
We have implemented appropriate technical and organisational security measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing. These measures are in accordance with the requirements of POPIA.
The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we implement all reasonable measures to protect Personal Information, we cannot guarantee the security of your Personal Information transferred to us using the internet. Therefore, you acknowledge and agree that any transfer of Personal Information via the internet is at your own risk, and you are responsible for ensuring that any Personal Information is sent securely. CrossFit Jozi assumes no liability for the interception, alteration, or misuse of the information you provide via the internet.
We will report any security breach to the applicable regulatory authority in terms of POPIA and to the data subjects whose Personal Information is involved in the breach. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your Personal Information, kindly notify us by sending an email to [email protected].
Direct Marketing and Opting Out
We may process your Personal Information to contact you to provide you with information about our services that may be of interest to you. Where we provide services to, we may send information to you regarding our services and other information, using the contact details that you have provided to us. We will only send you direct marketing communications where you have consented to us sending you direct marketing or otherwise in compliance with POPIA, for example if you are our customer.
If you prefer not to receive any or all these communications, you may opt out from marketing activities by following the directions provided within the electronic newsletters and announcements or by contacting us. After you unsubscribe from marketing activities, we will not send you any direct marketing communications, but we will continue to contact, when necessary, in connection with providing you with requested services or in connection with any agreements between us.
Retention of Personal Information
We take every reasonable step to ensure that your Personal Information is only processed for the minimum period necessary for the purposes set out in this Privacy Policy.
We retain Personal Information in accordance with the required retention periods in POPIA or other applicable laws or for our legitimate business purposes. We will only retain your Personal Information for the purposes explicitly set out in this Privacy Policy. We may keep Personal Information indefinitely in a de-identified format for statistical purposes, which may include statistics of how a person uses our website and services, without linking their identity to the statistical data.
This Privacy Policy also applies when we retain your Personal Information and we may retain your Personal Information for the duration of any period necessary to establish, exercise or defend any legal rights.
Lodging a Complaint
If you want to raise any objection or have any queries about our privacy practices, you can contact us at [email protected].
You also have the right to formally lodge a complaint with the Information Regulator:
- Website: http://www.justice.gov.za/inforeg/index.html
- Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
- Email: [email protected]
SHOULD YOU NOT AGREE TO THE TERMS AND CONDITIONS AS SET OUT IN THIS PRIVACY POLICY FOR GATHERING, PROCESSING, STORING AND DESTROYING OF PERSONAL INFORMATION, YOU MUST NOTIFY CROSSFIT JOZI’S INFORMATION OFFICER IMMEDIATELY THEREOF. FAILING WHICH IT WILL BE DEEMED THAT YOU ACCEPT AND AGREE TO THE TERMS AND CONDITIONS SET OUT ABOVE.