Privacy Policy
THIS PRIVACY POLICY (“PRIVACY POLICY”) OF FUTURE INDEFINITE INVESTMENTS 180 (PTY) LTD (“THE COMPANY, “WE”, “US” OR “OUR”), APPLIES TO HOW WE COLLECT, USE AND PROCESS YOUR PERSONAL INFORMATION AND, IN SOME INSTANCES, SPECIAL PERSONAL INFORMATION.
PLEASE READ THIS PRIVACY POLICY CAREFULLY
1.
SCOPE OF THE PRIVACY POLICY
1.1
Introduction and scope
1.1.1
The Company is committed to protecting and respecting your privacy. We strive to ensure that our use of your Personal Information is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our services and your experience.
1.1.2
We have appointed an Information Officer who is responsible for overseeing compliance in relation to the Privacy Policy. You may contact our Information Officer at [email protected].
1.1.3
This Privacy Policy describes how we will treat your Personal Information, whether provided by you to us, or collected by us through other means when you engage with us in the course of our business activities.
1.1.4
This Privacy Policy must be read together with any other documents or agreements between you and the Company (the “Agreements”) that describe the manner in which we, in specific circumstances, collect or process Personal Information about you. This Privacy Policy supplements such Agreements but does not supersede them.
1.2 Definitions
1.2.1
“Personal Information” means the information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including inter alia, race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person, as well as the name of the person, his or her ID number, personal opinions, or views, letters from or about that person, letters from or about that person that contain confidential information and biometric information as defined in the Protection of Personal Information Act 4 of 2013 (“POPI Act”). This also includes “Personal Data” as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”);
1.2.2
“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information. This also includes “Controller” as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”);
1.2.3
“Special Personal Information” means Personal Information regarding a data subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject, or the criminal behaviour of a data subject. This also includes “Special Categories of Personal Data” as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
1.3 Justification Grounds for the Processing of your Personal Information
1.3.1
The Company is a Responsible Party in respect of your Personal Information and Special Personal Information.
1.3.2
We may collect, get, receive, record, organize, collate, store, update, change, retrieve, read, process, use and share your Personal Information in the ways set out in this Privacy Policy. When we do one or more of these actions with your Personal Information, we are “Processing” your Personal Information (and “process” has a corresponding meaning).
1.3.3
In some cases of Processing, consent must be given by you in order for the Company to process your Personal Information or Special Personal Information. Any consent given will remain in place for any current agreements or subsequent agreements entered into between the parties.
1.3.4
In cases where we rely on your consent to process your Personal Information you may withdraw your consent. If you withdraw your consent from the Company Processing your Personal Information in terms of this Privacy Policy, please inform us that you do not consent. Depending on the type of Personal Information for which you withdraw your consent, we may not be able to render any services to you, and the Company cannot be held liable for its inability to render such services. This withdrawal will not retrospectively apply to the Processing of Personal Information and Special Personal Information which has already been undertaken by the Company for lawful purposes.
1.3.5
We may, where permitted or required to do so by applicable law, process your Personal Information without your consent, knowledge or permission, if sufficient grounds of justification are present, and we will do so in accordance with the further provisions of this Privacy Policy.
1.3.6
If you are a European Union citizen, the GDPR applies to the processing of your Personal Information. Our legal basis for the processing of your Personal Information is set out in Annexure “A” to this Privacy Policy.
2. WHAT AND WHO DOES THIS PRIVACY POLICY APPLY TO?
2.1
This Privacy Policy applies to the processing by the Company, or on our behalf, and our successors- in-title, of the Personal Information relating to you, including but not limited to, where you engage with us in the course of our business activities, whether as a customer, supplier, service provider, investor, business partner, director, shareholder, former employee, prospective employee, current employee or any other data subject that engages with the Company.
3. PROCESSING OF PERSONAL INFORMATION
3.1
We hereby notify you that during your interactions with the Company, we will collect certain Personal Information about you. We may process various types of Personal Information about you, as follows:
3.1.1
Identity Information, which includes information concerning your name, , marital status, title, occupation, interests, date of birth, age, gender, disability, health or wellbeing, physical or mental health, pregnancy, race and legal status, nationality, ethnic or social origin, colour, sexual orientation, religion, conscience, belief, culture, language as well as copies of your identity documents, photographs, identity number, registration number and your qualifications;
3.1.2
Contact Information, which includes your billing addresses, delivery addresses, e-mail addresses, telephone numbers and correspondence addresses used in relation to property transactions or investment agreements;
3.1.3
Financial Information, which includes bank account details, insurance information, financial statements, tax clearance certificates and VAT registration numbers and other information necessary for property acquisitions, disposals, or investment administration;
3.1.4
Transaction Information, which includes details about payments made to or received from you, company information, property acquisitions or disposals, investment activity or administration, invoices, statements, and related contractual or legal documentation;
3.1.5
Correspondence and Communication Information, which includes records of communication between you and the Company, including emails, letters, telephone records, electronic messages, meeting notes and other correspondence.
3.1.6
Employment and Professional Information, which includes information relating to your employment history, professional affiliations, role or position, qualifications, curriculum vitae, references, or similar information where relevant to your engagement with the Company.
3.1.7
Location Information, which includes addresses of properties you own, manage, or are associated with, or other geographical information relevant to your engagement with the Company;
3.1.8
Marketing and Communications Information, which includes your preferences in respect of receiving information or updates from us regarding investment opportunities, property-related communications, and correspondence preferences.
3.1.9
The Company may also process, collect, store and/or use aggregated data, which may include historical or statistical data derived from property transactions, client engagement, or investment activity (“Aggregated Data”) for any purpose, including research, reporting, and improving the efficiency of our business operations. Aggregated Data may be derived from your Personal Information but is not always considered Personal Information, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information in a manner that has the result that it can directly or indirectly identify you, we will treat the combined data as Personal Information, which will be managed in accordance with this Privacy Policy.
4. SPECIAL PERSONAL INFORMATION
4.1
We hereby notify you that, in certain circumstances, by engaging with the Company, we may collect certain Special Personal Information about you.
4.2
The processing of Special Personal Information requires higher levels of protection.
4.3
We need to have further justifications for processing Special Personal Information.
4.4
The Company has implemented appropriate policies and safeguards, which we are required by law to maintain or process Special Personal Information.
5. WHEN WILL WE PROCESS YOUR SPECIAL PERSONAL INFORMATION?
5.1
We will generally not process particularly Special Personal Information about you unless it is necessary for establishing, exercising or defending a right or obligation in law, or where we have obtained your consent to do so.
5.2
On rare occasions, there may be other reasons for processing your Special Personal Information, such as where the information has been deliberately made public by you.
5.3
The situations in which we may process your Special Personal Information include the following:
5.3.1
Racial and ethnic information may be processed by the Company for recruitment purposes and through CCTV cameras installed at the Company premises for safety and security reasons;
5.3.2
As part of the recruitment and hiring process, we may process information relating to your criminal behaviour;
5.3.3
We may process information pertaining to your political persuasion as part of the know your client (KYC) processes and customer due diligence (CDD) checks;
5.3.4
We may process information relating to your health as part of our screening processes when accessing our premises, in order to comply with health and safety regulations and protocols; and
5.3.5
We may process information which indicates your religious beliefs (for example, when you attend events organized by the Company, we may ask you for your dietary requirements, and this may indicate your religious beliefs).
6. HOW WE COLLECT YOUR PERSONAL INFORMATION
We collect your Personal Information in the following ways:
6.1
Direct or active interactions
6.1.1
We may require that you submit certain information:
6.1.1.1
to request marketing or information about our events to be sent to you;
6.1.1.2
to subscribe to newsletters, updates, or other communications from us;
6.1.1.3
to make contact with our employees;
6.1.1.4
to grant you access to our premises;
6.1.1.5
to enable you to facilitate the conclusion of an agreement with us; and
6.1.1.6
that is necessary for our fulfilment of our statutory or regulatory obligations.
6.1.2
We also collect Personal Information directly from you when you communicate directly with us via e- mail, telephone calls, social media platforms or in person.
6.1.3
If you contact us, we reserve the right to retain a record of that correspondence in accordance with applicable data protection legislation, which may include Personal Information.
6.2
Automated or passive interactions
6.2.1
We may automatically collect limited Personal Information when you interact with our electronic communications, systems or infrastructure, including where you communicate with us via email, electronic document exchange platforms, secure data rooms, social media platforms, or other digital channels used in the ordinary course of our business.
6.2.2
Such information may include technical or usage data such as IP address, device information, date and time of access, email metadata, document access logs, and audit trails generated through due diligence, compliance, transaction management, or internal record-keeping systems.
6.2.3
This information is collected primarily for purposes of system security, record management, transaction integrity, regulatory compliance, risk management, and the prevention of fraud or unauthorised access.
6.3
Collection from third parties and public sources
The Company may receive Personal Information and Special Personal Information about you from various third parties including but not limited to, clients or customers, suppliers or service providers and public sources.
6.4
CCTV/ Access control systems
The Company collects Personal Information and Special Personal Information about you through CCTV cameras installed at the Company premises as well as utilizing our access control systems where we collect your Personal Information when visiting our premises for safety and security reasons.
7. HOW WE USE YOUR PERSONAL INFORMATION
7.1
We use your Personal Information for the following purposes:
7.1.1
to provide services to our customers and all activities ancillary thereto;
7.1.2
to open and maintain accounts for billing purposes;
7.1.3
to comply with our statutory and regulatory reporting obligations;
7.1.4
to comply with our health and safety requirements when accessing our premises;
7.1.5
to conduct the recruitment and hiring processes, which include conducting criminal records and credit checks (where appropriate), the capturing of a job applicant’s details and providing status updates to job applicants;
7.1.6
in relation to supplier information, to create supplier profiles on our systems, pay suppliers, and for general supplier administration;
7.1.7
to maintain and update our customer, or potential customer databases;
7.1.8
to maintain and update our supplier, or potential supplier databases;
7.1.9
to detect, prevent or manage actual or alleged fraud, security breaches or the abuse, misuse or unauthorized use of our systems and files and/or contraventions of this Privacy Policy and/or any terms and conditions and/or any agreements;
7.1.10
to inform you about any changes to our services, our details, this Privacy Policy or other changes that are relevant to you;
7.1.11
to conduct market research surveys;
7.1.12
to offer you information and content which is more appropriately tailored for you as far as reasonably possible;
7.1.13
to provide you with the latest information about our products and services or events provided that you have agreed to receive such information;
7.1.14
for security, administrative and legal purposes;
7.1.15
to communicate with you and retain a record of our communications with you and your communications with us;
7.1.16
to fulfil any contractual obligations that we may have to you or any third party;
7.1.17
to invite you to webinars, functions or events that we may host;
7.1.18
for other activities and/or purposes which are lawful, reasonable and adequate, relevant and not excessive in relation to the provision of our services, our business activities or such other purposes for which it was collected.
8. SHARING OF YOUR PERSONAL INFORMATION
8.1
We will not intentionally disclose your Personal Information, whether for commercial gain or otherwise, other than with your permission, as permitted by applicable law or in the manner as set out in this Privacy Policy.
8.2
You agree and give permission to us to share your Personal Information under the following circumstances:
8.2.1
with our employees, suppliers, consultants, subcontractors and agents if and to the extent that they require such Personal Information in order to process it for us and/or in the provision of services for or to us, which include property transactions, investment activities, due diligences, compliance and regulatory reporting purposes (e.g. the South African Revenue Service); information technology, data storage, document management, accounting, legal, audit, compliance, administrative and other support services relating to the operation of our business.
8.3
We will authorize any Personal Information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality; non-disclosure and data protection provisions.
8.4
Such persons may be disciplined, their contracts terminated or other appropriate action taken if they fail to meet their obligations:
8.4.1
to enable us to enforce or apply our terms and conditions and/or any agreements you have with us;
8.4.2
to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, agents and any other third party;
8.4.3
with governmental agencies and other regulatory or self-regulatory bodies, if required to do so by law or when we reasonably believe that such action is necessary to:
8.4.3.1
comply with the law or with any legal process;
8.4.3.2
protect and defend the rights, property or safety of the Company, or our clients, employees, contractors, suppliers, agents or any third party;
8.4.3.3
detect, prevent or manage actual or alleged fraud, security breaches, technical issues and/or contraventions of this Privacy Policy; and/or
8.4.3.4
protect the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
9. STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
9.1
We store your Personal Information on:
9.1.1
our premises, in the form of hard copies;
9.1.2
the premises of third-party service providers such as subcontractors and document storage service providers;
9.1.3
our servers; or
9.1.4
on the servers of our third-party service providers, such as IT systems or hosting service providers.
9.2
From time to time, the Company and its service providers may need to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected (i.e. outside of South Africa) and we hereby notify you that such jurisdiction may not have comparable data protection legislation.
9.3
If the location to which Personal Information is transferred and/or is stored does not have substantially similar laws to those of South Africa, which provide for the protection of Personal Information, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
9.4
Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.
10. SECURITY
10.1
We take reasonable technical and organizational measures to secure the integrity of your Personal Information and use accepted technological standards to prevent unauthorized access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration and destruction.
10.2
We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
10.3
We also create a back-up of your information for operational, business continuity and safety purposes and we have a back-up disaster recovery program.
10.4
Despite the above measures being taken when processing Personal Information and Special Personal Information, as far as the law allows, we will not be liable for any loss, claim and/or damage arising from any unauthorized access, disclosure, misuse, loss, alteration or destruction of your Personal Information and/or Special Personal Information.
10.5
The Company has implemented policies and procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which the Company is legally required to do so and within the period in which such notification is necessary.
11. RETENTION OF YOUR PERSONAL INFORMATION
11.1
We may keep your Personal Information for as long as you continue to engage with us, provide services or products to us, use our services or for as long as reasonably necessary or until you contact us and ask us to destroy it.
11.2
Notwithstanding clause 11.1 above and any other clause in this Privacy Policy, we may retain and process some or all of your Personal Information if and for as long as:
11.2.1
we are required or permitted by law, a code of conduct or a contract with you to do so;
11.2.2
we reasonably need it for lawful purposes related to the performance of our functions and activities;
11.2.3
we reasonably require it for evidentiary purposes;
11.2.4
you agree to us retaining it for a specified further period; or
11.2.5
it is impossible or impractical for us to remove such Personal Information from physical archive storage.
11.3
To determine the appropriate retention period for Personal Information the Company will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorized use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. The Company will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
12. MAINTENANCE OF YOUR PERSONAL INFORMATION
12.1
Where required by law, the Company will take all reasonable steps to ensure that your Personal Information is accurate, complete, not misleading and up to date.
12.2
We acknowledge that you have rights of access to, and the right to rectify, your Personal Information, and rights to object to the processing of your Personal Information in certain circumstances.
12.3
You must let us know if any of the Personal Information that we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 1.1.2 above or where applicable, by notifying the Company contact.
12.4
Where required by law, we will take reasonable steps to correct or update your Personal Information, accordingly, having regards to the purpose for which such Personal Information was collected or used.
12.5
Should you provide us with Personal Information or Special Personal Information that you are not lawfully allowed to provide to us or should you not notify us or rectify any incorrect, misleading or out of date information, which causes any loss or damage to the Company, the Company reserves the right to institute legal proceedings against you, as applicable, and you hereby indemnify the Company in respect of such damages and/or losses it may sustain in this regard and furthermore the Company shall not accept any liability with regards to the processing of any unlawfully provided, incorrect, misleading or outdated Personal Information or Special Information.
13. YOUR RIGHTS
13.1
Data protection legislation may confer certain rights on you in respect of your Personal Information. We aim to be clear about what Personal Information we collect so that you can make meaningful choices about what Personal Information you make available to us.
13.2
You have the right to:
13.2.1
be notified that your Personal Information is being collected.
13.2.2
request access to your Personal Information (commonly known as a “data subject access request”), which indicates what Personal Information we have about you.
13.2.3
request the correction of your Personal Information, in order to ensure that any incomplete or inaccurate Personal Information is corrected.
13.2.4
request destruction, deletion or erasure of your Personal Information, where there is no lawful basis for the retention or continued processing of it.
13.2.5
object to the processing of your Personal Information for a legitimate interest (or those of a third party), or to direct marketing. You may do so if something about your particular situation makes you feel that such processing impacts your fundamental rights and freedoms.
13.2.6
request restriction of processing of your Personal Information. This enables you to ask the Company to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.
13.2.7
withdraw consent which you previously gave to the processing of your Personal Information at any time. You may withdraw your consent for us to process your Personal Information at any time. The withdrawal of your consent can only be made by you on condition that such withdrawal of your consent:
13.2.7.1
does not affect the processing of your Personal Information before the withdrawal of your consent; or
13.2.7.2
does not affect the processing of your Personal Information if the processing is in compliance with an obligation imposed by law on us; or
13.2.7.3
does not affect the processing of your Personal Information where such processing is necessary for the proper performance of a public law duty by a public body; or
13.2.7.4
does not affect the processing of your Personal Information as required to finalize the performance of a contract in which you are a party; or
13.2.7.5
does not affect the processing of your Personal Information as required to protect your legitimate interests or our own legitimate interests or the legitimate interests of a third party to whom the information is supplied.
13.2.7.6
withdrawal of consent may limit our ability to provide certain services to you or the ability of a third party to provide certain services to you but will not affect the continued processing of your Personal Information in instances in which your consent is not required.
13.2.8
lodge a complaint with the Information Regulator (South Africa) or with the relevant National Data Protection Authority (if GDPR applies).
13.2.9
institute civil proceedings regarding the alleged interference with the protection of your Personal Information.
13.3
As far as the law allows, we may charge a fee for attending to any of the above requests and may also refuse to carry out any of your requests in whole or in part.
13.4
If you are a European Union citizen, the GDPR applies to the processing of your Personal Information. In line with the GDPR, you have the right to Data Portability:
13.4.1
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. Where technically feasible, you also have the right to request that we transmit this data directly to another controller of your choice.
13.4.2
This right applies only to personal data processed by automated means and where the processing is based on your consent or on a contract to which you are a party.
13.4.3
To exercise this right, please contact us at the contact details set out in clause 1.1.2 above.
14. CHANGES TO THIS PRIVACY POLICY
14.1
To the extent allowed by the law, this Privacy Policy may be amended and updated from time to time in our sole discretion, without notice, provided that if we do so, we will take reasonably practicable steps to inform you of the updated Privacy Policy.
14.2
Accordingly, please check this Privacy Policy for changes periodically. If you continue to engage with us, provide products or services to us, or use our products and services after amendments are made to the Privacy Policy, you will be deemed to have accepted the updated Privacy Policy.
15. CHILDREN
15.1
Our services are not targeted at people under the age of 18.
15.2
We may in limited instances process Personal Information of children including in the course of providing services to you. In such cases, the processing of Personal Information of children is conducted with the consent of a competent person or to comply with an obligation in law.
15.3
We will not knowingly collect Personal Information of persons in this age group without express consent to do so or without a legal obligation to do so.
15.4
For any questions in respect of the processing of Personal Information of children, please contact the Information Officer or the Company contact.
16. DIRECT MARKETING
16.1
The Company processes Personal Information for the purpose of direct marketing by way of electronic communication. We will only send you direct marketing materials if you have specifically opted-in to receive these materials, or if you are a client of the Company, at all times in accordance with applicable laws.
16.2
You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communication from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
16.3
You may opt out of receiving direct marketing communication from us at any time by requesting us (in any manner, whether electronically, in writing) to stop providing any direct marketing communication to you. You may send your opt-out requests to [email protected].
17. THIRD PARTIES
17.1
This Privacy Policy does not apply to the processing of Personal Information by third parties that are not under our direct control. This includes, without limitation, banks, payment processors, managing agents, bodies corporate, statutory or regulatory authorities, insurers, auditors, professional advisors, service providers, or other entities with whom we are required or permitted to share Personal Information in terms of applicable law, contractual obligations, or in the ordinary course of our business.
17.2
Where we share Personal Information with third parties, such sharing will occur only where it is necessary for the performance of our obligations, required or permitted by law, or where such third parties process Personal Information on our behalf in accordance with our instructions. In such instances, we take reasonable steps to ensure that appropriate contractual safeguards are in place requiring such third parties to protect the confidentiality and security of the Personal Information.
17.3
You acknowledge that third parties such as, without limitation, payment gateways, financial institutions, managing agents, statutory or regulatory authorities, insurers, auditors, professional advisors, service providers may collect, use, or process your Personal Information in accordance with their own privacy policies, terms, and legal obligations.
18. GENERAL
18.1
No provision of this Privacy Policy limits or excludes any warranties or obligations which are implied into this Privacy Policy by the Consumer Protection Act (to the extent applicable), the Promotion of Access to Information Act (to the extent applicable), POPIA (to the extent applicable), or other applicable laws to the extent that the law does not allow them to be limited or excluded.
18.2
You agree that this Privacy Policy, our relationship and any dispute of whatsoever nature relating to or arising out of this Privacy Policy whether directly or indirectly is governed by South African law, without giving effect to any principle of conflict of laws.
18.3
You agree that we may, at any time, transfer, cede, delegate or assign any or all of our rights and obligations under this Privacy Policy without your permission. We will notify you if we transfer, cede, delegate or assign any rights or obligations to a third party, but we do not have to notify you if we transfer, cede, delegate or assign any rights or obligations to any person which acquires all or part of our business and/or assets. We may in certain instances also sub-contract our obligations, for example, engaging with external IT service providers or printers. Where we engage such sub-contractors, we will do so without your permission, and we do not have to notify you if we sub- contract any of our obligations.
18.4
Our failure to exercise or enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision.
Each provision of this Privacy Policy, and each part of any provision, is removable and detachable from the others. As far as the law allows, if any provision (or part of a provision) of this Privacy Policy is found by a court or authority of competent jurisdiction to be illegal, invalid or unenforceable (including without limitation, because it is not consistent with the law of another jurisdiction), it must be treated as if it was not included in this Privacy Policy and the rest of this Privacy Policy will still be valid and enforceable.
18.6
Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the Information Officer at [email protected] If you feel that the attempts by the Company to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at www.justice.gov.za/inforeg.
18.7
If you are a European Union citizen, the GDPR applies to the processing of your Personal Information. In line with the GDPR, you have the right to lodge a complaint with the relevant EU supervisory authority, whose details are available on the European Commission’s website.
Annexure “A”
| Annexure “A” Processing Activity | Legal Basis for Processing |
| Recruitment and employment information | Article 6(1)(f) |
| Property enquiries (online, telephonic, email, site visits) | Article 6(1)(f) |
| Open day viewings and inspections | Article 6(1)(f) |
| General correspondence | Article 6(1)(f) |
| Client onboarding forms | Article 6(1)(b) |
| Vetting and due diligence |
Article 6(1)(c) Article 6(1)(f) |
| Vetting and affordability checks |
Article 6(1)(c) Article 6(1)(f) |
| Company regulatory checks |
Article 6(1)(c) Article 6(1)(f) |
| Agreements | Article 6(1)(b) |
| Contract administration (billing, financial data) | Article 6(1)(b) |
| Access control | Article 6(1)(f) |
| Maintenance coordination | Article 6(1)(f) |
| Incident reporting | Article 6(1)(f) |
| Invoicing and billing | Article 6(1)(b) |
| Audits and financial reporting | Article 6(1)(c) |
| Regulatory reporting | Article 6(1)(c) |
| Litigation and dispute handling | Article 6(1)(f) |
| Record retention | Article 6(1)(c) |
| Sharing information with third parties where required (e.g., bodies corporate, homeowners’ associations, insurers, auditors, advisors, service providers) |
Article 6(1)(b) Article 6(1)(c) Article 6(1)(f) |
| Notices | Article 6(1)(b) |
| Biometric data storage (e.g., for access control) |
Article 6(1)(a) Article 6(1)(c) |
| Information security, access management, the detection, investigation, and response to data security breaches |
Article 6(1)(c) Article 6(1)(f) |
| Handling data subject requests and privacy-related enquiries |
Article 6(1)(c) Article 6(1)(f) |
| Property valuations, investment reviews and decision-making | Article 6(1)(f) |
The legal basis for processing of Personal Information as allowed by the GDPR includes:
Article 6(1): Processing shall be lawful only if and to the extent that at least one of the following applies:
a)
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b)
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c)
processing is necessary for compliance with a legal obligation to which the controller is subject;
d)
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e)
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.