Privacy Policy

  1. ODEK Alliance’s Promise
  2. Your Responsibilities
    1. This Privacy Policy applies to all visitors to our website and entities making use of our Software (the “User”). This will constitute a binding agreement between us. Should you not accept and agree to the terms of this Privacy Policy, you may not use our Software, and must immediately cease using same, as your continued use will be deemed to indicate that you have read, accepted and agreed to the terms of this Privacy Policy. It is advisable that you read ODEK’s POPIA Policy and PAIA Manual for more information on this Privacy Policy;
    2. We reserve the right to amend, modify, update and change any of the terms of the Privacy Policy and our POPIA Policy from time to time. You will be notified in writing of any material changes that may affect your legal rights. However, it is your responsibility to regularly check the Privacy Policy and make sure that you are satisfied with the changes.
  3. Definitions and Interpretation
    1. Biometrics” means the measurement and statistical analysis of people's unique physical and behavioural characteristics. The technology is mainly used for identification and access control;
    2. "Consent”, means the voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
    3. “Data Subject” shall have the meaning ascribed to it in Chapter 1 of POPI;
    4. “Privacy Policy”” means these standard privacy terms and conditions together with any Schedules and future amendments thereto that may be uploaded onto our website from time to time;
    5. “Personal Information” shall have the meaning ascribed to it in Chapter 1 of POPI;
    6. “Privacy and Data Protection Conditions” shall mean the statutory prescribed conditions for the lawful Processing of Personal Information which is entered into a Record and such conditions are listed in Section 4(1) of POPI and are dealt with in detail in Part A of Chapter 3 of POPI;
    7. “Processing” shall have the meaning ascribed to it in Chapter 1 of POPI;
    8. “POPI” means the Protection of Personal Information Act, No 4 of 2013, as amended from time to time, including any regulations and/or code of conduct made under the Act;
    9. “Record” shall have the meaning ascribed to it in Chapter 1 of POPI;
    10. “Special Personal Information” means personal information concerning the religious or philosophical beliefs, race or ethic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or the criminal behaviour of a data subject to the extent that such information relates to- the alleged commission by a data subject of any offence, or any proceedings in respect of any offence allegedly committed by the data subject or the disposal of such proceedings. Special Personal Information may only be processed subject to certain exceptions as set out in POPIA;
    11. “us”, “our” and/or “we” means ODEK Alliance who renders the Services and/or delivers the Products and/or Software;
    12. “you” and/or “your” means you the user who applies for and receives Service and/or Products and/or Software from ODEK Alliance;
    13. Headings are for convenience and reference only and shall not be used in the interpretation of this Privacy Policy.
    14. Words importing any gender include the other genders, the singular includes the plural (and vice versa) and natural persons include artificial or juristic persons (corporate and unincorporated) (and vice versa).
    15. The rule of construction that if general words or terms are used in association with specific words or terms which are a species of a particular genus or class, the meaning of the general words or terms shall be restricted to that same class shall not apply, and whenever the word "including" is used followed by specific examples, such examples shall not be interpreted so as to limit the meaning of any word or term to the same genus or class as the examples given.
  4. Collection of your personal information
    1. Your consent (voluntary, specific and informed) is required to collect and process personal information. An accepted written agreement or online acceptance of terms and conditions together with receipt of the relevant compliance documents constitutes consent. By using our online services, our products and services and/or communicating electronically and/or using non-electronic means of communication, you agree to this policy and consent to the collection, processing and transfer of their information as set out in this policy. We process personal information to provide access to products and/or services and/or software in the ordinary course of business. Examples of personal information collected by us includes, but is not limited to:
      Company:
      1. Company name;
      2. Registration number;
      3. SARS documentation;
      4. Registered address;
      5. Contact details;
      6. Bank details;
      7. Subscriber details;
      8. Biometric Data (Fingerprints, ID Photo and/or Facial Recognition).
      Individual:
      1. Name and surname;
      2. Physical address;
      3. Contact details;
      4. ID and/or passport number;
      5. Bank details;
      6. Subscriber Details;
      7. Biometric Data (Fingerprints, ID Photo and/or Facial Recognition).
    2. We will further collect, device and browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and/or in order to provide you with access to services or attend to queries or to ensure that security safeguards are in place;
    3. Further, we will collect information and browsing history, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs, and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and/or in order to provide you with access to services or attend to queries or to ensure that security safeguards are in place.
    4. Records of consent given by you in the form of written consent, online consent and voice recordings will be kept with the date and time, means of consent and any related information.
    5. Records of your contact with us and vice versa including notes or recordings of a calls you make to our help desk, emails or letters you send to us or other records of any contact you have with us.
    6. We process personal information to provide you with access to our services and/or products and/or software and for the purposes detailed in this Privacy Policy;
    7. We will only use personal information for the purpose for which it was collected, for example:
      1. Contract purposes and due diligence;
      2. To process transactions and render services;
      3. To administer accounts and profiles for billing, quoting and invoicing i.e. financial management;
      4. To conduct risk assessments, anti-bribery and corruption assessments;
      5. For legal obligations and public duties;
      6. For security purposes;
      7. To verify bank account or credit card details and, where authorised, use that information to process payments;
      8. To confirm and verify identities, you consent to the collection, processing and storing of biometric data such as finger print recognition, facial recognition and/or ID photo verification;
      9. To detect and prevent fraud and/or crime and to recover debts;
      10. To provide updated information on rates and amended terms and conditions;
      11. To respond to requests for information regarding products, services, software and pricing information;
      12. For marketing and/or to offer new or additional services and/or provide information on products, software and/or services, only if the client and/or user has consented to such marketing;
      13. To conduct client satisfaction surveys, only if the client and/or user has consented to such service.
    8. If required by law, we may disclose information about you to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. Such disclosure may be required to protect you or us from illegal activity or liability or to protect our property or the safety of our employees or others and we may do this without your consent and for any other reason as required from time to time.
    9. If required by law, we may disclose information about you to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. Such disclosure may be required to protect you or us from illegal activity or liability or to protect our property or the safety of our employees or others and we may do this without your consent and for any other reason as required from time to time.
  5. Personal Information
    1. If you wish for us to stop processing your Personal Information and/or Special Personal Information, you must expressly inform us. If we cannot process your Personal Information, we may be unable to provide certain services and software to you;
    2. We shall fully comply with the statutory obligations contained in POPIA, without limiting the generality of the aforesaid, we shall ensure that the privacy and data protection conditions are strictly adhered to when processing your Personal Information;
    3. We will ensure that all our employees, third party service providers, divisions, affiliates and partners which have access to your Personal Information are bound by confidentiality and non-disclosure obligations in relation to your Personal Information.
    4. Processing Personal Information of a minor (under the age of 18 years) is prohibited in terms of POPIA unless one of the following justifications are met -
      1. A parent or guardian may consent to the processing;
      2. It is necessary for the establishment, exercise or defence of a right or obligation in law (which includes obligations of international public law);
      3. It is done for historical, statistical or research purposes that is in the public interest;
      4. If the child deliberately made the personal information public with the consent of a parent or guardian.
  6. Disclosure of your Personal Information
    1. We are required to process and make available your personal information to third parties should the law require us to or should it be required to be able to fulfil our obligations to you;
    2. We will under no circumstances sell or commercialise personal information or data unless consent is obtained. Whereafter the data will be sold or commercialised in the format agreed to by you;
    3. Upon consent received, we may provide third party service providers and processors access to your personal information. These services providers may include, without limitation: credit card verification providers and banks to process transactions. This is detailed more specifically in our POPIA Compliance Policy;
    4. We will only be responsible for the privacy of data transmitted over the Internet using our approved applications and transfer protocols and stored in approved data centres and storage devices. We adhere to globally recognised best security practices with regards to protecting a data subjects personal information, despite these preventative measures, we can’t guarantee absolute security. However, if we are aware of any breach, we will notify you within 24 (twenty-four) hours of any breach of security that may have occurred.
  7. How your Personal Information is stored
    1. When Personal Information is obtained and processed by us, such personal information is entered into a record;
    2. We use standard industry practices to safeguard the confidentiality of your personal information. We treat this data as an asset that must be protected against loss and unauthorised access. We employ many different security techniques to protect such data from unauthorised access. We store our electronic and paper documents at our head office in Johannesburg, South Africa or at other secure site/s;
    3. We may from time to time disclose data to other parties, including holding companies or subsidiaries, third party service providers and processors, cyber service providers, trading partners, agents, auditors, organs of state, regulatory bodies and/or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded between us and the party to whom the data is disclosed, which contractually obliges the recipient of the data to comply with strict confidentiality and data security conditions in line with POPIA;
    4. Where data must be transferred to a country situated outside the borders of South Africa, the data will only be transferred to countries which have similar data privacy laws in place or where the recipient of the data concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA;
    5. In addition to the data stored in point 7.2 above, we may store data in Sharepoint, Outlook, SQL Servers and DropBox which keeps its data primarily in Western Europe, it is understanding that the aforementioned entities store their data in a compliant data centre and each entity is subject to binding laws which provide an adequate level of protection that is in line with POPIA;
    6. We will keep back-ups of your personal information and data if you consent to the collection and storage of such data.
  8. Accessing and updating your personal information
    1. You can access and review your personal information held by us. You may contact our Deputy Information Officer on compliance@odek.co.za. We will try to provide the information you require within a reasonable time.
    2. We recommend that should your personal information change, provide us with updates as soon as reasonably possible to ensure that you enjoy all the benefits of our applications;
    3. Upon your request, we will, promptly return or destroy any and all of your personal information in our possession or control, save for personal information that we are legally obliged to retain;
    4. Should you be required to provide personal information to us, you will provide accurate information;
    5. You hereby confirm that you won’t impersonate or misrepresent any person or entity.
  9. Your Rights
    1. The right of access-: You may request that we confirm that we store your information and may request details of how the information is processed. The following procedure is set out in our PAIA Manual which can be requested via email to compliance@odek.co.za.
    2. The right to rectification: You may request that we rectify or update incorrect personal information, by requesting same via email to compliance@odek.co.za.
    3. The right to removal: Where there is no longer any legal basis or legitimate reason to process your personal information and the FICA retention period has expired, you may request that we return or destroy any and all of your personal information in our possession or control, by requesting same via email to compliance@odek.co.za.
    4. The right to object to, restrict further processing and withdraw consent: You may at any point object, restrict or withdraw to the further processing of personal information by requesting same via email to compliance@odek.co.za.
  10. Acceptance
    1. An accepted written agreement or online acceptance of terms and conditions together with receipt of the relevant compliance documents constitutes consent. By using our online services, our products and services and/or communicating electronically and/or using non-electronic means of communication:
      1. You acknowledge that you understand why your personal information needs to be processed;
      2. You accept the terms which will apply to such processing, including the terms applicable to the transfer of such personal information cross border;
      3. Where consent is required for any processing as stipulated in this Privacy Policy and the POPIA Compliance Policy, you agree that we may process the data;
      4. Should any of the personal information concern or pertain to a juristic person whom you represent, you confirm that you have the necessary authority to act on behalf of such juristic person and that you have the right to provide the personal information and/or the required permissions in respect of the processing of that juristic person’s personal information.
  11. Request for further information and complaints:
    1. The principles of our POPIA Compliance Policy are:
      1. Data collection;
      2. Data processing;
      3. Data storage;
      4. Data privacy;
      5. Destruction of data (where and when applicable)
    2. If you wish to lay a complaint, obtain further clarity regarding this Privacy Policy, clarify the principles above, verify or update your information or request a copy of our POPIA Compliance Policy, kindly email compliance@odek.co.za. and address your correspondence to Nadine dos Santos. Alternatively, contact the ODEK offices on 087 350 6335 from 8:00 – 17:00, Monday to Friday.
    3. All complaints will be treated in a confidential manner;
    4. Information Officers:
      Information Officer: Karien Greeff
      Date of appointment: 11 June 2021
      Email Address: karieng@odek.co.za
      **This person has the required authority to manage and attend to all information related matters**
      Information Officer: Leopold Johann Malan
      Date of appointment: 11 June 2021
      Email Address: leopoldm@odek.co.za
      **This person has the required authority to manage and attend to all information related matters**
      These persons take full responsibility for the implementation of the POPIA Compliance Policy within the ODEK Alliance.
  12. Information Regulator
    1. Should you feel unsatisfied with the handling of their data, or about any complaint already made to ODEK, the complaint may then be escalated to the Information Regulator as follows:
      Information Regulator of South Africa
      Email: complaints.IR@justice.gov.za
      Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
      P.O Box 31533 Braamfontein, Johannesburg