Introduction
This data protection statement describes how this personal data must be collected, handled and stored to meet Rattlehub Digital (Pty) Ltd’s company data protection standards and to comply with the law.
Collection and processing of personal data
We may collect the following information:
Data Use
Insofar as Rattlehub processes your personal information, we will process or use your personal information only for the following purposes:
Rattlehub will also, directly or indirectly use your personal information to comply with legal and regulatory requirements or industry codes. The processing of your personal information will always be done lawfully and not in a manner infringing on your privacy.
Data Protection
Disclosure of your information:
Security
Rattlehub shall protect the quality and integrity of your personal information. We are legally obliged to provide reasonable and adequate protection for the personal information we hold and to prevent unauthorised access and use of your personal information.
Specifically, we have the following in place:
Transfer of Personal information outside the Republic
The Promotion of Access to Information Act, no 2 of 2000 stipulates the following in Chapter 9 of the Act:
(1) A responsible party1 in the Republic may not transfer personal information about a data subject2 to a third party who is in a foreign country unless—
(a) the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that—
(i) effectively upholds principles for reasonable processing3 of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person; and
(ii) includes provisions, that are substantially similar to this section, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country;
(b) the data subject consents to the transfer;
(c) the transfer is necessary for the performance of a contract between the data subject and the responsible party, or for the implementation of pre-contractual measures taken in response to the data subject’s request;
(d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the responsible party and a third party; or
(e) The transfer is for the benefit of the data subject, and—
(i) it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
(ii) if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
(2) For the purpose of this section—
(a) ‘‘binding corporate rules’’ means personal information processing policies, within a group of undertakings, which are adhered to by a responsible party or operator within that group of undertakings when transferring personal information to a responsible party or operator within that same group of undertakings in a foreign country; and
(b) ‘‘group of undertakings’’ means a controlling undertaking and its controlled undertakings
1 “responsible party” – means a public or private body or any other person, alone or in conjunction with others, determines the purpose of and means for processing personal information (Chapter 1 of the Act)
2 “data subject” – means the person to whom personal information relates (Chapter 1 of the Act)
3 “processing” – means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information including ….storage…. (Chapter 1 of the Act)
Website Clickstream Data
Information gathered can be used as follows:
Access to Information
Subject to certain exceptions, you have the right, in terms of The Promotion of Access to Information Act, no 2 of 2000, to request a copy of the personal information, which we have on record for you.
If you want to access some or all of your information, please refer to our PAIA Manual located here or you may direct your request to the Chief Data Officer at 4 Cambridge Office Park, 5 Bauhinia St, Highveld Techno Park, Centurion, 0169. Keeping your personal information up-to-date and accurate remains your sole responsibility.
If you have any comments or questions about our Data Protection Statement please contact the Chief Data Officer.