RocketNet a division of Directel Communications (Pty) Ltd
TABLE OF CONTENTS
- Definitions
- Purpose of this policy
- Application of the privacy policy
- Process of collection personal information
- Sources we collect from
- Use of personal information
- Special personal information and personal information of children
- Keeping personal information accurate
- Disclosure of personal information
- Storage and processing of personal information by Rocketnet and third party service providers
- Personal information for direct marketing purposes
- Retention of personal information
- Failure to provide personal information
- Safe-keeping of personal information
- Breaches of personal information
- Provision of personal information to third party service providers
- Access to personal information
- Time periods
- Changes to this policy
- Rocketnet’s contact details
1. DEFINITIONS
In this Policy (as defined below), unless the context requires otherwise, the following words and expressions bear the meanings assigned to them and cognate expressions bear corresponding meanings –
1.1”Rocketnet” means Rocketnet a division of Directel Communications (Pty) Ltd (registration number 2011/136829/07). The terms “we”, “us”, and “our” shall have a corresponding meaning;
1.2 “Child” –
1.2.1 where the child is in the Republic of South Africa, means any natural person under the age of 18 (eighteen) years; and
1.2.2 where the child is in the European Union, any natural person under the age of 16 (sixteen) years;
1.3 “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of Rocketnet;
1.4 “Data Subject” means the person to whom Personal Information relates;
1.5 “Direct Marketing” means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the Data Subject;
1.6 “Direct Marketer” means a supplier who employs Direct Marketing as an advertising mechanism;
1.7 “Employees” means any employee of Rocketnet;
1.8 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
1.9 “Operator” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;
1.10 “Personal Information” means information relating to a Data Subject (for purposes of the GDPR, this is specifically limited to natural persons only), including but not limited to (i) views or opinions of another individual about the Data Subject; and (ii) information relating to such Data Subject’s –
1.10.1 race, sex, gender, sexual orientation, pregnancy, marital status, nationality, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language and birth;
1.10.2 education, medical, financial, criminal or employment history;
1.10.3 names, identity number and/or any other personal identifier, including any number(s), which may uniquely identify a Data Subject, account or
client number, password, pin code, customer or Data Subject code or number, numeric, alpha, or alpha-numeric design or configuration of any nature, symbol, email address, domain name or IP address, physical address, cellular phone number, telephone number or other particular assignment;
1.10.4 blood type, fingerprint or any other biometric information;
1.10.5 personal opinions, views or preferences;
1.10.6 correspondence that is implicitly or expressly of a personal, private or confidential nature (or further correspondence that would reveal the contents of the original correspondence); and
1.10.7 corporate structure, composition and business operations (in circumstances where the Data Subject is a juristic person) irrespective of whether such information is in the public domain or not;
1.11 “Policy” means this Privacy Policy;
1.12 “POPIA” means the Protection of Personal Information Act 4 of 2013;
1.13 “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including –
1.13.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
1.13.2 dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
1.13.3 merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition. “Process” has a corresponding meaning;
1.14 “Regulator” means either (i) the South African Information Regulator established in terms of POPIA; or (ii) the relevant supervisory authority under the GDPR;
1.15 “Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information;
1.16 “Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, sexual orientation, genetic information, biometric information or criminal behaviour;
1.17 “Third Party” means any independent contractor, agent, consultant, sub-contractor or other representative of Rocketnet; and
1.18 “Website” means the Rocketnet website currently located at www.rocketnet.co.za.
2. PURPOSE OF THIS POLICY
- In order to comply with POPIA, a person processing another’s Personal Information must provide the owner of the Personal Information with a number of details pertaining to the processing of his/her/its Personal Information, before such information is processed; as well as get permission or consent from the owner of such Personal Information, to process his/her/its Personal Information, unless such processing:
- is necessary to carry out actions for the conclusion or performance of a contract to which the owner of the Personal Information is a party;
- is required in order to comply with an obligation imposed by law;
- is for a legitimate purpose or is necessary to protect the legitimate interests and/or for pursuing the legitimate interests of: i) the owner of the Personal Information; ii) the person processing the Personal Information; or iii) that of a third-party to whom the Personal Information is supplied; or
- is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.
- Where any person uses our websites, electronic applications, email or electronic services, or our services in general, we will have to process such person’s Personal Information.
- This Privacy Notice also asks that you provide us with your consent to process your Personal Information, where this is required, which consent will be deemed to have been given by yourself, when you provide us with your Personal Information for processing.
3. APPLICATION OF THE PRIVACY POLICY
3.1 Rocketnet, shall strive to observe, and comply with its obligations under POPIA and, where relevant, the GDPR, as well as accepted information protection principles, practices and guidelines when it Processes Personal Information from or in respect of a Data Subject.
3.2 This Policy applies to Personal Information collected by Rocketnet in connection with the services which we offer and provide. This includes information collected directly from you as a Data Subject, as well as information we collect indirectly through our Direct Marketing campaigns and online through our websites, branded pages on Third Party platforms and applications accessed or used through such websites or Third Party platforms which are operated by or on behalf of Rocketnet.
3.3 This Privacy Policy does not apply to the information practices of Third Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Rocketnet does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.
4. PROCESS OF COLLECTING PERSONAL INFORMATION
4.1 Rocketnet will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
4.2 Depending on how you interact with us (online, offline, over the phone, in person etc.), we may collect various types of information from you, as described below:
4.2.1 Personal contact information: This includes any information you provide to us that would allow you or our service providers to contact you, such as your name, postal address, e-mail address, social network details, phone number, or name of employer.
4.2.2 Curriculum vitae and resume information: Any information that is required from you to apply for a job vacancy advertised by Rocketnet via our Websites or third-party recruitment agencies.
4.2.3 Account login information: Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.
4.2.4 Demographic information & interests: Any information that describes your demographic or behavioural characteristics. Examples include your date of birth, geographic location (e.g. postal code/zip code), home language and marital status.
4.2.5 Information from computer/mobile device: Any information about the computer system or other technological device that you use to access the Websites such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access our Websites via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data. device identification number and type and location information, device and browser information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, usage information and browsing history, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data.
4.2.6 Location data: The location of your device, your household, and similar location data.
4.2.7 Payment and financial information: Any information that we need in order to fulfil an order or requirement for a Service or product, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available), expiration dates, and shipping and billing address.
4.2.8 Credit history: In any case where we or our payment processing provider(s) handle payment and financial information, in a manner compliant with applicable laws, regulations and security standards.
4.2.9 Customer relations: Communications between you and our Customer Support Agents can be recorded or listened into, in accordance with applicable laws, for local operational needs. Where required by law, you will be informed about such recording at the beginning of your call.
4.2.10 Sensitive Personal Information: We may seek to collect or otherwise process sensitive Personal Information in order to provide you with our services but which processing will always be done in accordance with applicable laws.
4.2.11 Security access: Vehicle details, serial number of assets and/or devices where access to our facilities or Websites is required.
4.2.12 Your image: CCTV footage when entering our premises. Video, voice, and other similar data when making use of our services.
4.2.13 Social media and online content: Information, opinions, preferences placed or posted in social media and online profiles, online posts, and similar data.
4.2.14 Websites/communication usage information: As you navigate through and interact with our Websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons and is also collected through the use of third-party tracking for analytics and advertising purposes.
4.2.15 Market research & consumer feedback: Any opinions, preferences or information that you voluntarily share with us about your experience of using our products and services.
4.2.16 Consumer-generated content: Any content that you create and then share with us on third-party social networks or by uploading it to one of the Websites, including the use of third-party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third-party social networking.
4.2.17 Third-party social network information: Any information that you share publicly on a third-party social network or information that is part of your profile on a third-party social network (such as Facebook) and that you allow the third-party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third-party social network to share. We receive your third-party social network profile information (or parts of it) every time you download or interact with a Rocketnet web application on a third-party social network such as Facebook, every time you use a social networking feature that is integrated within a Rocketnet site (such as Facebook Connect) or every time you interact with us through a third-party social network. To learn more about how your information from a third-party social network is obtained by us or to opt-out of sharing such social network information, please visit the website of the relevant third-party social network.
4.3 If you provide us with Personal Information relating to a third-party, you warrant that you have obtained the consent of the third-party to provide Rocketnet with the third-party’s Personal Information or alternatively that you have a lawful basis to provide Rocketnet with the third- party’s Personal Information.
5. SOURCES WE COLLECT FROM
5.1 Personal Information is collected about you by us from the following sources:
5.1.1 The Websites: Including sites that Rocketnet operates under its own domains/URLs and mini-sites that we run on third-party social networks such as Facebook.
5.1.2 Mobile sites/apps: Consumer-directed mobile sites or applications operated by or for Rocketnet, such as smartphone apps.
5.1.3 E-mail, text, WhatsApp and instant messaging platforms and other electronic messages: Interactions with electronic communications between you and Rocketnet.
5.1.4 Communications with our Customer Call Centres, including Customer Support or Engagement Centres.
5.1.5 Offline registration forms: Printed or digital registration and similar forms that we collect, for example, in person at contests and other promotional events.
5.1.6 Advertising interactions: Interactions with our advertisements (e.g. if you interact with one of our ads on a third-party website, we may receive information about that interaction).
5.1.7 Data we create: In the course of our interactions with you, we may create Personal Information about you (e.g. records of your interactions with us).
5.1.8 Data from other sources: Third-party social networks (e.g. such as Facebook, Google), market research (if feedback not provided on an anonymous basis), third- party data aggregators, service providers, promotional partners, public sources.
5.2 In addition, we collect the Personal Information detailed above, about you and any other party whose details you provide to us, when you use and access the Websites, including any access to such Websites for the following purposes:
5.2.1to make enquiries about Rocketnet or Rocketnet’s services, its affiliates, service providers or business partners, via our Websites;
5.2.2 to use Rocketnet’s services, especially any e-services, which are available or accessible via our Websites and to send you confirmation of the request/or order;
5.2.3 for legitimate business purposes, including to place an order for or request Rocketnet’s services, especially any e-services using our Websites;
5.2.4 to complete online forms, including call back requests;
5.2.5 to complete application forms and upload CV and resume documents for job vacancies advertised by Rocketnet;
5.2.6 to enter any competitions or prize draws;
5.2.7 to look for, locate, read and / or download information or publications;
5.2.8 to request or sign up for marketing material;
5.2.9 for the performance of contractual terms, or for the enforcement of contractual rights;
5.2.10 to provide you with details of our terms, conditions, policies and procedures and to enforce and apply same;
5.2.11 to participate in any interactive areas that appear on our Websites;
5.2.12 to interact with us, our affiliates, service providers, business partners or others;
5.2.13 to provide us with your contact details or when you update those details;
5.2.14 to send us an email; and
5.2.15 to click on a link in an email or advertisement or communication received from us.
5.3 We also collect your Personal Information from your own devices including mobile devices and or the devices which you use in order to access our Websites, which is collected using cookies or similar technologies. Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags and scripts to collect and track information and to improve and analyse our website experience.
5.4 You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.
5.5 Rocketnet also uses third-party vendor re-marketing tracking cookies, including the Google AdWords tracking cookie. This means we will continue to show ads to you across the internet, specifically on the Google Content Network. Rocketnet respects your privacy and is not collecting any identifiable information with Google’s or any other third-party remarketing system. Third-party vendor cookies may collect your Personal Information and such Personal Information is subject to the terms and conditions and privacy policies of those third-party vendors.
5.6 Our third-party vendor, Google whose services we use will place cookies on web browsers in order to serve ads based on past visits to our website. Third-party vendors use cookies to serve ads based on a user’s prior visits to our website. This allows us to make special offers and continue to market our services to those who have shown interest in our services.
5.7 We may enhance Personal Information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for due diligence purposes), but in each case as permitted by applicable laws.
6. USE OF PERSONAL INFORMATION
WHAT DO WE USE YOUR PERSONAL INFORMATION FOR? | THE LAWFUL REASON FOR PROCESSING |
Operational and services We use your Personal Information: to provide services to you, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. consultation or order status, technical issue, product question/complaint, general question, etc.) and to manage and administer the Rocketnet services you have asked us to provide you with;to manage our relationship with you (for example, customer services and support activities);to provide you with any information that we are required to send to you in order to comply with our contractual, service, regulatory or legal obligations;to provide you with details of our terms, conditions, policies and procedures and to enforce and apply same;to deliver joint content and services with third parties with whom you have a separate relationship;to attend to queries and to provide any information to you that you have requested;to analyse your needs, requirements, preferences and habits;to anticipate your needs based on our analysis of your profile;to provide you with targeted services, goods and products or advertising and content;order fulfilment;general business purposes;maintaining your account,maintain and keeping records of your requirements; for the management and operation of our communications. | Legitimate business purposes Fulfilling contractual obligations Legal obligations Our legitimate interests |
Contests, marketing and other promotions With your consent (where required), we use your Personal Information: to provide you with information about our services, products and goods (e.g. marketing communications or campaigns or promotions).to deliver targeted advertising, marketing (including in-product messaging) or information to you which may be useful to you, based on your use of the Website or the Rocketnet services, in your capacity as our customer or which has been obtained in the context of a sale and where you have agreed, by providing us with your details, as requested by us, to such advertising and marketing purposes. This can be done via means such as email, ads, SMS, phone calls and postal mailings to the extent permitted by applicable laws. Some of our campaigns and promotions are run on third-party websites and/or social networks. | With your consent (where required) Fulfilling contractual obligations Legitimate interests |
Security We use your Personal Information: to detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes); and for the management and operation of our IT and security systems. We may monitor and record any communications which we hold with you when using the Websites, for quality assurance purposes, for evidential purposes and in order to meet our legal and regulatory obligations generally. | Fulfilling contractual obligations Legal obligations Legitimate interests |
Third-party social networks We use your Personal Information when you interact with third-party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third-party social networks. | With your consent (where required) |
Job applications We use the Personal Information you provide to us for purposes of applying for an advertised vacant position at Rocketnet to: process such job application;to communicate information related to the application to you;to verify any educational, job-related or other information provided in your application; and to verify your criminal and credit record statuses. | Legitimate interests |
Internal or market research, analytics We use your Personal Information to conduct internal or market research and measuring the effectiveness of advertising campaigns. | Fulfilling contractual obligations With your consent (where required) Legal obligations Legitimate interests |
Legal reasons We use your Personal Information to comply with laws and regulations, including disclosing your Personal Information to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website. | Legal obligations Legitimate interests Fulfilling contractual obligations |
Quality control We use your Personal Information: to provide, maintain, protect and improve our Websites, Rocketnet services and products; to contact you to see if you would like to take part in our customer research (for example, feedback on your use of our Websites, products and services); to monitor, measure, improve and protect our content, Websites, services and provide an enhanced, personal, user experience for you; to compare information for accuracy and to verify it with third parties; manage and administer your use of our Websites, products and services; undertake internal testing of our Websites, and services to test and improve their security, provision and performance, in which case, we would pseudonymise any information used for such purposes, and ensure is it only displayed at an aggregated level which will not be linked back to you or any living individual; to carry out statistical analysis and benchmarking, provided that in such circumstances the analysis and benchmarking is done at an aggregated level which will not be linked back to you or any living individual; data analytics and benchmarking, in order to carry out research and development to improve our Rocketnet services, products and Websites; and to develop and provide new and existing functionality and services (including statistical analysis, benchmarking and forecasting services). | Legitimate business purposes Fulfilling contractual obligations Legal obligations Legitimate interests |
Legal reasons or merger/acquisition We use your Personal Information in the event that Rocketnet or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Information with any of our legal successors. | Legal obligations Our legitimate interests Fulfilling contractual obligations |
7. SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
7.1 Special Personal Information is sensitive Personal Information of a Data Subject and Rocketnet acknowledges that it will generally not Process Special Personal Information unless (i) processing is carried out in accordance with the Data Subject’s explicit consent; or (ii) information has been deliberately made public by the Data Subject; or (iii) processing is necessary for the establishment, exercise or defence of a right or legal claim or obligation in law); or (iv) processing is for historical, statistical or research purposes, subject to stipulated safeguards; or –
for purposes of POPIA –
7.1.1 specific authorisation has been obtained in terms of POPIA; and
for purposes of the GDPR –
7.1.2 Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Rocketnet or of the Data Subject in the field of employment and social security and social protection law;
7.1.3 Processing is necessary to protect the vital interests of the data subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
7.1.4 Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
7.1.5 processing is necessary for reasons of substantial public interest;
7.1.6 processing is necessary for the purposes of preventative or occupational medicine; or
7.1.7 processing is necessary for reasons of public interest in the area of public health.
7.2 Rocketnet acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of the parent or guardian of that Child or where it is permitted to do so in accordance with applicable laws.
8. KEEPING PERSONAL INFORMATION ACCURATE
8.1 Rocketnet will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.
8.2 Rocketnet may not always expressly request the Data Subject to verify and update his/her/its Personal Information, unless this process is specifically necessary.
8.3 Rocketnet, however, expects that the Data Subject will notify Rocketnet from time to time in writing of any updates required in respect of his/her/its Personal Information.
9. DISCLOSURE OF PERSONAL INFORMATION
9.1 We share your Personal Information with the following parties:
- any Rocketnet employee, subsidiary or related company for the purposes set out in this Privacy Notice, (e.g. global information and customer relationship management; software and service compatibility and improvements; or to provide you with any information, applications, products or services that you have requested);
- our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. affiliates, criminal and credit record service providers for job application purposes, medical service providers, internet service and platform providers, payment processing providers and those service providers or organisations who we engage to help us provide you with the Rocketnet services or to send communications to you);
- partners, including system implementers, resellers, value-added resellers, independent software vendors and developers that may help us to provide you with the Websites, products, services and information you have requested or which we believe is of interest to you;
- third parties used to facilitate payment transactions, for financial institutions and transaction beneficiaries;
- third parties where you have a relationship with that third-party and you have consented to us sending information to such party;
- third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities);
- various verification agencies, including credit reference and fraud prevention agencies;
- regulators, in order to meet legal and regulatory obligations;
- law enforcement agencies so that they may detect or prevent crime or prosecute offenders;
- any third-party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
- any third-party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
- our own professional advisors, including attorneys and auditors for the purpose of seeking professional advice or to meet our audit or legal responsibilities;
- another organisation if we sell or buy (or negotiate to sell or buy) any business or assets; another organisation to whom we may transfer our agreement with you;
- third party information technology service providers and/or cloud-based solutions providers in another country; and
- Government departments where reporting is mandatory under applicable law.
9.2 We may share non-personally identifiable information about the use of the Websites, products or services publicly or with third-parties but this will not include information that can be used to identify you.
9.3 Where we share or disclose your Personal Information as described above, such sharing and or disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.
10.STORAGE AND PROCESSING OF PERSONAL INFORMATION BY ROCKETNET AND THIRD PARTY SERVICE PROVIDERS
10.1 Rocketnet may store your Personal Information in hardcopy format and/or in electronic format using Rocketnet’s own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom Rocketnet has contracted with, to support Rocketnet’s business operations.
10.2 Rocketnet’s Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
10.3 We use appropriate measures to keep your Personal Information confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks.
10.4 Rocketnet will ensure that such Third Party service providers will process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and POPIA and, where relevant, the GDPR.
10.5These Third Parties do not use or have access to your Personal Information other than for purposes specified by us, and Rocketnet requires such parties to employ at least the same level of security that Rocketnet uses to protect your personal data.
10.6 Your Personal Information may be Processed in South Africa or another country where Rocketnet, its affiliates and their Third Party service providers maintain servers and facilities and Rocketnet will take steps, including by way of contracts, to ensure that it continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under applicable law.
10.7 It is important that you also play a role in keeping your Personal Information safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls we provide you in the Websites.
11. PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
11.1 To the extent that Rocketnet acts in its capacity as a Direct Marketer, it shall strive to observe, and comply with its obligations under POPIA and, where relevant, the GDPR when implementing principles and practices in relation to Direct Marketing.
11.2 Rocketnet acknowledges that it may only use Personal Information to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so.
11.3 It may use Personal Information to contact any Data Subject and/or market Rocketnet’s services directly to the Data Subject(s) if the Data Subject is one of Rocketnet’s existing clients, the Data Subject has requested to receive marketing material from Rocketnet or Rocketnet has the Data Subject’s consent to market its services directly to the Data Subject.
11.4 If the Data Subject is an existing client, Rocketnet will only use his/ her/its Personal Information if it has obtained the Personal Information through the provision of a service to the Data Subject and only in relation to similar services to the ones Rocketnet previously provided to the Data Subject.
11.5 Rocketnet will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Information for Rocketnet’s marketing purposes when collecting the Personal Information and on the occasion of each communication to the Data Subject for purposes of Direct Marketing.
11.6 Rocketnet will not use your Personal Information to send you marketing materials if you have requested not to receive them. If you request that we stop Processing your Personal Information for marketing purposes, Rocketnet shall do so. We encourage that such requests to opt-out of marketing be made via forms and links provided for that purpose in the marketing materials sent to you.
12. RETENTION OF PERSONAL INFORMATION
12.1 Rocketnet may keep records of the Personal Information it has collected, correspondence, or comments in an electronic or hardcopy file format.
12.2 Rocketnet will not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –
12.2.1 where the retention of the record is required or authorised by law;
12.2.2 Rocketnet requires the record to fulfil its lawful functions or activities;
12.2.3 retention of the record is required by a contract between the parties thereto;
12.2.4 the data subject (or competent person, where the data subject is a child) has consented to such longer retention; or
12.2.5 the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.
12.3 Accordingly, Rocketnet will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
12.4 Where Rocketnet retains Personal Information for longer periods for statistical, historical or research purposes, Rocketnet will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.
12.5 Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, Rocketnet will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information.
12.6 In instances where we de-identify your Personal Information, Rocketnet may use such de-identified information indefinitely.
13. FAILURE TO PROVIDE PERSONAL INFORMATION
13.1 Should Rocketnet need to collect Personal Information by law or under the terms of a contract that Rocketnet may have with you and you fail to provide the Personal Information when requested, we may be unable to perform the contract we have or are attempting to enter into with you.
13.2 In such a case, Rocketnet may have to decline to provide or receive the relevant services, and you will be notified where this is the case.
14. SAFE-KEEPING OF PERSONAL INFORMATION
14.1 Rocketnet shall preserve the security of Personal Information and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties.
14.2 Rocketnet will ensure the security and integrity of Personal Information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction of Personal Information.
14.3 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, Rocketnet implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of Processing, including measures protecting any Personal Information from loss or theft, and unauthorised access, disclosure, copying, use or modification, including –
14.3.1 the pseudonymization and encryption of Personal Information;
14.3.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
14.3.3 the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
14.3.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of Processing.
14.4 Further, Rocketnet maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.
15. BREACHES OF PERSONAL INFORMATION
15.1 A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person.
15.2 A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/or (g) alteration of Personal Information without permission and loss of availability of Personal Information.
15.3 Rocketnet will address any Data Breach in accordance with the terms of POPIA and, where relevant, the GDPR.
15.4 Rocketnet will notify the Regulator and the affected Data Subject (unless the applicable law requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information.
15.5 Rocketnet will provide such notification as soon as reasonably possible and, where feasible, not later than 72 (seventy two) hours after having become aware of any Data Breach in respect of such Data Subject’s Personal Information.
15.6 Where Rocketnet acts as an ‘Operator’ and should any Data Breach affect the data of Data Subjects whose information Rocketnet Processes as an Operator, Rocketnet shall (in terms of POPIA and, where applicable, the GDPR) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the Personal Information of relevant Data Subjects has been accessed or acquired by any unauthorised person.
16. PROVISION OF PERSONAL INFORMATION TO THIRD PARTY SERVICE PROVIDERS
16.1 Rocketnet may disclose Personal Information to Third Parties and will enter into written agreements with such Third Parties to ensure that they Process any Personal Information in accordance with the provisions of this Policy, and POPIA and, where relevant, the GDPR.
16.2 Rocketnet notes that such Third Parties may assist Rocketnet with the purposes listed above – for example, service providers may be used, inter alia: (i) to notify the Data Subjects of any pertinent information concerning Rocketnet, (ii) for data storage and/or (iii) to assist Rocketnet with auditing processes (external auditors).
16.3 Rocketnet will disclose Personal Information with the consent of the Data Subject or if Rockenet is permitted to do so without such consent in accordance with the applicable laws.
16.4 Further, Rocketnet may also send Personal Information to a foreign jurisdiction outside of the Republic of South Africa, including for Processing and storage by Third Parties.
16.5 When Personal Information is transferred to a jurisdiction outside of the Republic of South Africa, Rocketnet will obtain the necessary consent to transfer the Personal Information to such foreign jurisdiction or may transfer the Personal Information where Rocketnet is permitted to do so in accordance with the provisions applicable to cross-border flows of Personal Information under POPIA and, where applicable, the GDPR.
16.6 The Data Subject should also take note that the Processing of Personal Information in a foreign jurisdiction may be subject to the laws of the country in which the Personal Information is held, and may be subject to disclosure to the governments, courts of law, enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
17. ACCESS TO PERSONAL INFORMATION
17.1 A Data Subject has certain rights under POPIA and, where applicable, the GDPR, including the following:
17.1.1 a right of access: a Data Subject having provided adequate proof of identity has the right to: (i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or (ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
17.1.1.1 Rocketnet to confirm, free of charge, whether it holds any Personal Information about him/ her/it; and
17.1.1.2 to obtain from Rocketnet the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided:
17.1.1.2.1 within a reasonable time; and
17.1.1.2.2 in a reasonable manner and format and in a form that is generally understandable.
17.1.2 a right to request correction or deletion: a Data Subject may also request Rocketnet to–
17.1.2.1 correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
17.1.2.2 destroy or delete a record of Personal Information about the Data Subject that Rocketnet is no longer authorised to retain records in terms of POPIA’s and, where applicable, the GDPR’s retention and restriction of records provisions.
On receipt of such a request, Rocketnet is required to, as soon as is reasonably practicable –
17.1.2.2.1 correct the information;
17.1.2.2.2 delete or destroy the information;
17.1.2.2.3 provide the Data Subject with evidence in support of the information; or
17.1.2.2.4 where the Data Subject and Responsible Party cannot reach agreement on the request and if the Data Subject requests this, Rocketnet will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
17.1.3 a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing Rocketnet with notice to such effect at the address set out herein. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
17.2 Accordingly, Rocketnet may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information.
17.3 Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Information.
17.4 The Data Subject can request in writing to review any Personal Information about the Data Subject that Rocketnet holds including Personal Information that Rocketnet has collected, utilised or disclosed, as well as the following information: (i) the purposes of Processing; (ii) the categories of Personal Information concerned; (iii) where possible, the envisaged period for which the Personal Information will be stored or, if not possible, the criteria used to determine that period; (iv) the existence of the right to request from Rocketnet rectification or erasure of Personal Information or restriction of Processing of Personal Information concerning the Data Subject or to object to such processing; (v) the right to lodge a complaint with the Regulator; (vi) where the Personal Information is not collected from the Data Subject, any available information as to their source; and (vii) the existence of automated Processing, including profiling and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject.
17.5 Rocketnet shall respond to these requests in accordance with POPIA and, where applicable, the GDPR and will provide the Data Subject with any such Personal Information to the extent required by law and any of Rocketnet’s policies and procedures which apply in terms of the Promotion of Access to Information Act 2 of 2000 (PAIA).
17.6 The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in Rocketnet’s records at any time in accordance and in terms of PAIA for accessing information.
17.7 If a Data Subject successfully demonstrates that their Personal Information in Rocketnet’s records is inaccurate or incomplete, Rocktnet will ensure that such Personal Information is amended or deleted as required (including by any Third Parties).
18. TIME PERIODS
18.1 Rocketnet will respond to each written request of a Data Subject not later than 30 (thirty) days after receipt of such requests. Under certain circumstances, Rocketnet may, however, extend the original period of 30 (thirty) days once for a further period of not more than 30 (thirty) days.
18.2 A Data Subject has the right to make a complaint to Rocketnet in respect of this time limit by contacting Rocketnet using the contact details provided herein.
19. CHANGES TO THIS POLICY
19.1 Rocketnet reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.
19.2 The current version of this Policy will govern the respective rights and obligations between you and Rocketnet each time that you access and use our Website.
20. ROCKETNET’S CONTACT DETAILS
NAME OF BODY
Rocketnet a division of Directel Communications (Pty) Ltd
PHYSICAL & POSTAL ADDRESSES
Physical:
189 Olympic Dual, North riding 2169
Postal:
PO Bo 3572, Witkoppen, 2068.
INFORMATION OFFICER
Name: Simon Peter Swanepoel
Should you believe that Rocketnet has utilised your Personal Information contrary to the directives of POPIA, you undertake to first attempt to resolve any concerns with Rocketnet by addressing a complaint in writing to the Rocketnet Information Officer’s email address provided above. If you are not satisfied with the outcome of such process, you have the right to lodge a complaint with the Information Regulator at [email protected] as established in terms of the POPIA.
If your Personal Information changes, please let us know and provide us with all changes as soon as reasonably possible to enable us to update it.