1.1 Introduction and scope
1.1.1 Gem Diamond Technical Services Proprietary Limited ("GDTS" or "we" or "us" or "our") carries on the business of a shared services company. GDTS is the responsible party of your Personal Information (as defined below).
1.1.2 GDTS strives to ensure that our use of your Personal Information is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings and your experience.
- WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
2.2 "Personal Information" refers to private information about an identifiable natural or juristic person. Personal Information does not include information that does not identify a person (including in instances where that information has been de-identified). The Personal Information that we collect about you may differ on the basis of the products and services that you receive from GDTS.
2.3 We may process various types of Personal Information as follows:
2.3.1 Identity Information, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and your qualifications;
2.3.2 Contact Information, which includes your billing addresses, delivery addresses, e-mail addresses and telephone numbers, as well as company secretarial information that has been disclosed in relation to you;
2.3.3 Financial Information, which includes bank account and payment card details, insurance information, financial statements and value added tax registration numbers and credit ratings;
2.3.4 Transaction Information, which includes details about payments made to or received from you and company information, which may consist of financial activity and regulatory disclosures;
2.3.5 Technical Information, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
2.3.6 Profile Information, which includes your username and password, purchases or orders made by you, your interests, preference and feedback;
2.3.7 Usage Information, which includes information as to your access to and use of the Website, products and services;
2.3.8 Location Information, which includes geographical information from your Access Device (which is usually based on the GPS or IP location); and
2.3.9 Marketing and Communications Information, which includes your preferences in respect of receiving marketing information from us and our third parties, and your communication preferences.
- HOW WE COLLECT YOUR PERSONAL INFORMATION
3.1 We collect your Personal Information in three ways, namely:
3.1.1 through direct or active interactions with you;
3.1.2 through automated or passive interactions with you; and
3.1.3 from third parties, including third party service providers.
3.2 Direct or active collection from you
3.2.1 We may require that you submit certain information to enable you to access certain portions of the Website, to make use of our services, to purchase our goods or services, to facilitate the conclusion of an agreement with us, or that is necessary for our fulfilment of our statutory or regulatory obligations. We also collect Personal Information directly from you when you communicate directly with us, for example via e-mail, telephone calls, feedback forms, site comments or forums.
3.2.2 If you contact us, we reserve the right to retain a record of that correspondence, which may include Personal Information.
3.3 Passive collection from your Access Device
3.3.1 We may passively collect certain of your Personal Information from the Access Device that you use to access and navigate the Website (each an "Access Device"), by way of various technological applications, for instance, using server logs to collect and maintain log information.
3.3.3 A cookie is a small piece of data (an alphanumeric identifier) which our computer system transfers to your Access Device through your web browser when you visit the Website and which is stored in your web browser. When you visit the Website again, the cookie allows the site to recognise your browser. Cookies may store user preferences and other information.
3.3.5 The Personal Information that we passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Profile Information, your Usage Information, your Location Information and your Marketing and Communications Information, or any other Personal Information which you permit us, from time to time, to passively collect from your Access Device.
3.4 Personal Information collected from third parties
3.4.1 GDTS receives Personal Information about you from various third parties and public sources, including:
184.108.40.206 third party service providers, such as credit vetting agencies and recruitment agencies;
220.127.116.11 third parties who provide Personal Information to data controllers, and who in turn provide this Personal Information to GDTS; and
18.104.22.168 our information technology suppliers.
- HOW WE USE YOUR PERSONAL INFORMATION
4.1 We use the Personal Information that we collect from you to maintain and improve the Website and to improve the experience of our users, to facilitate the sale of our products and the provision of our services and to fulfil our statutory and regulatory obligations.
4.2 We may also use your Personal Information to:
4.2.1 retain and make information available to you on the Website;
4.2.2 create your user account and allow use of the Website;
4.2.3 maintain and update our customer, or potential customer, databases;
4.2.4 establish and verify your identity on the Website;
4.2.5 operate, administer, secure and develop the Website and the performance and functionality of the Website;
4.2.8 create user profiles and to analyse and compare how you and other users make use of the Website, including your browsing habits, click-patterns, preferences, frequency and times of use, trends and demographic information;
4.2.9 provide you with marketing material that is relevant to you;
4.2.10 diagnose and deal with technical issues and customer support queries and other user queries;
4.2.11 protect our rights in any litigation that may involve you;
4.2.12 for security, administrative and legal purposes;
4.2.13 comply with our statutory obligations, including submissions to the Companies and Intellectual Property Commission ("CIPC"), as well as engaging with regulatory authorities;
4.2.14 conduct GDTS's recruitment and hiring processes, which includes the conducting of criminal record and credit checks, referrals, the capturing of job applicant's details and the providing of status updates to job applicants;
4.2.15 to fulfil any contractual obligations that we may have to you or any third party;
4.2.16 communicate with you and retain a record of our communications with you and your communications with us;
4.2.17 analyse and compare the types of Access Devices that you and other users make use of and your physical location; and
4.2.18 for other lawful purposes that are relevant to our business activities or regulatory functions.
4.3 GDTS will restrict its processing of your Personal Information to the original purpose for which it was collected, unless GDTS reasonably considers that it is necessary to process it for another purpose that is compatible with the original purpose.
- COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US
Where GDTS is required to process certain Personal Information by law, or in terms of a contract that we have with you, and you fail to provide such Personal Information when requested to do so, GDTS may be unable to perform in terms of the contract we have in place or are trying to enter into with you. In this case, GDTS may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation.
In the clause above, you agree and accept that there is certain compulsory Personal Information you must provide us with if you want to enjoy all of the features and functionality on the Website. If you decide not to provide us with such compulsory Personal Information, you agree that we may limit certain features and functionality on the Website.
- SHARING OF YOUR PERSONAL INFORMATION
6.2 GDTS may share your Personal Information under the following circumstances:
6.2.2 with our employees, suppliers, service providers, contractors and agents if and to the extent that they require such Personal Information in the provision of services for or to us, which include hosting, development and administration, technical support and other support services relating to the Website or the operation of GDTS's business. We will authorise any Personal Information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
6.2.3 to enable us to enforce or apply any other contract between you and us;
6.2.4 to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;
6.2.5 to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
6.2.6 with governmental agencies and other regulatory or self-regulatory bodies, if required to do so by law or we reasonably believe that such action is necessary to:
6.2.1 comply with the law or with any legal process;
6.2.2 protect and defend the rights, property or safety of GDTS, or our customers, employees, contractors, suppliers, service providers, agents or any third party;
6.2.4 protect the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
- STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
7.1 We store your Personal Information on our servers or those of our service providers and in hard copy format at our offices and at the storage facilities of our third party record storage and management providers.
7.2 We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation.
7.3 If the location to which Personal Information is transferred and/or is stored does not have substantially similar laws to those of South Africa, which provide for the protection of Personal Information, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
7.4 Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.
8.1 We take reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration and destruction through the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information.
8.2 We also create a back-up of your information for operational and safety purposes.
8.3 We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
8.4 Despite the above measures being taken when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.
8.5 GDTS has implemented procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which GDTS is legally required to do so and within the period in which such notification is necessary.
In this clause, you acknowledge that you know and you accept that technology is not absolutely secure and there is a risk that your Personal Information will not be secure when processed by means of technology. We do not promise that we can keep your Personal Information completely secure. You will not be able to take action against us if you suffer losses or damages in these circumstances.
- RETENTION OF YOUR PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION
9.1 We may retain and Process some or all of your Personal Information if and for as long as:
9.1.1 we are required or permitted by law, a code of conduct or a contract with you to do so;
9.1.2 we reasonably need it for lawful purposes related to the performance of our functions and activities;
9.1.3 we reasonably require it for evidentiary purposes; or
9.1.4 you agree to us retaining it for a specified further period.
9.2 To determine the appropriate retention period for Personal Information, GDTS will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. GDTS will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
- MAINTENANCE OF YOUR PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION
10.1 In accordance with applicable legislation and the rules of GDTS, GDTS will take all necessary steps to ensure that the persons responsible for the maintenance of your Personal Information do so in a manner that ensures that it is accurate, complete, not misleading and is up to date.
10.2 It is your responsibility to advise GDTS or the persons responsible for the maintenance of your Personal Information should any of Personal Information we have about you be incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 18.1 below.
- YOUR RIGHTS
11.1 Data protection laws confer certain rights on you in respect of your Personal Information, which include the right to:
11.1.1 Block all cookies, by setting your browser to do so, including cookies associated with our products and servicesor to indicate when a cookie is being sent by us.
11.1.2 Request access to your Personal Information (commonly known as a “data subject access request”), thereby enabling you to receive a copy of the Personal Information retained about you.
11.1.3 Request the correction of your Personal Information, in order to ensure that any incomplete or inaccurate Personal Information is corrected.
11.1.4 Request erasure of your Personal Information, where there is no lawful basis for the retention or continued processing of it.
11.1.5 Object to the processing of your Personal Information for legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
11.1.6 Request restriction of processing of your Personal Information. This enables you to ask GDTS to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.
11.1.7 Withdraw consent previously given in respect of the processing of your Personal Information at any time which withdrawal of consent will not affect the lawfulness of any processing carried out prior to your notice of withdrawal. Withdrawal of consent may limit the ability of GDTS or a third party to provide certain products or services to you, but will not affect the continued processing of your Personal Information in instances in which your consent is not required.
11.2 As far as the law allows, we may charge a fee for attending to any of the above requests and may also refuse to carry out any of your requests in whole or in part, where your request is unreasonable.
We will not knowingly collect Personal Information in respect of children without express permission to do so from a competent person (any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child).
- THIRD PARTY SITES
We are not liable if you suffer losses or damages when visiting third party websites by following a link to that website from this Website. You accept that there may be risks when you use such third party websites, and you do so at your own risk.
- CONSUMER PROTECTION ACT, PROTECTION OF PERSONAL INFORMATION ACT AND OTHER LAWS
15.2.1 does or purports to limit or exempt us from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
15.2.2 requires you to assume risk or liability for any kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
- QUERIES AND CONTACT DETAILS OF THE INFORMATION REGULATOR
17.1 Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the Information Officer.
If you feel that the attempts by GDTS to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at www.justice.gov.za/inforeg. If you are located outside of South Africa, you may contact the appropriate regulator in your country of domicile.