This Privacy Policy applies to all visitors to our website and entities making use of our Software
(the “User”). This will constitute a binding agreement between us. Should you not accept and agree
to the terms of this Privacy Policy, you may not use our Software, and must immediately cease using
same, as your continued use will be deemed to indicate that you have read, accepted and agreed to
the terms of this Privacy Policy. It is advisable that you read ODEK’s POPIA Policy and PAIA Manual
for more information on this Privacy Policy;
We reserve the right to amend, modify, update and change any of the terms of the Privacy Policy and
our POPIA Policy from time to time. You will be notified in writing of any material changes that may
affect your legal rights. However, it is your responsibility to regularly check the Privacy Policy
and make sure that you are satisfied with the changes.
Definitions and Interpretation
Biometrics” means the measurement and statistical analysis of people's unique physical and
behavioural characteristics. The technology is mainly used for identification and access control;
"Consent”, means the voluntary, specific and informed expression of will in terms of which
permission is given for the processing of personal information.
“Data Subject” shall have the meaning ascribed to it in Chapter 1 of POPI;
“Privacy Policy”” means these standard privacy terms and conditions together with any Schedules and
future amendments thereto that may be uploaded onto our website from time to time;
“Personal Information” shall have the meaning ascribed to it in Chapter 1 of POPI;
“Privacy and Data Protection Conditions” shall mean the statutory prescribed conditions for the
lawful Processing of Personal Information which is entered into a Record and such conditions are
listed in Section 4(1) of POPI and are dealt with in detail in Part A of Chapter 3 of POPI;
“Processing” shall have the meaning ascribed to it in Chapter 1 of POPI;
“POPI” means the Protection of Personal Information Act, No 4 of 2013, as amended from time to
time, including any regulations and/or code of conduct made under the Act;
“Record” shall have the meaning ascribed to it in Chapter 1 of POPI;
“Special Personal Information” means personal information concerning the religious or philosophical
beliefs, race or ethic origin, trade union membership, political persuasion, health or sex life or
biometric information of a data subject; or the criminal behaviour of a data subject to the extent
that such information relates to- the alleged commission by a data subject of any offence, or any
proceedings in respect of any offence allegedly committed by the data subject or the disposal of
such proceedings. Special Personal Information may only be processed subject to certain exceptions
as set out in POPIA;
“us”, “our” and/or “we” means ODEK Alliance who renders the Services and/or delivers the Products
and/or Software;
“you” and/or “your” means you the user who applies for and receives Service and/or Products and/or
Software from ODEK Alliance;
Headings are for convenience and reference only and shall not be used in the interpretation of this
Privacy Policy.
Words importing any gender include the other genders, the singular includes the plural (and vice
versa) and natural persons include artificial or juristic persons (corporate and unincorporated)
(and vice versa).
The rule of construction that if general words or terms are used in association with specific words
or terms which are a species of a particular genus or class, the meaning of the general words or
terms shall be restricted to that same class shall not apply, and whenever the word "including" is
used followed by specific examples, such examples shall not be interpreted so as to limit the
meaning of any word or term to the same genus or class as the examples given.
Collection of your personal information
Your consent (voluntary, specific and informed) is required to collect and process personal
information. An accepted written agreement or online acceptance of terms and conditions together
with receipt of the relevant compliance documents constitutes consent. By using our online services,
our products and services and/or communicating electronically and/or using non-electronic means of
communication, you agree to this policy and consent to the collection, processing and transfer of
their information as set out in this policy. We process personal information to provide access to
products and/or services and/or software in the ordinary course of business. Examples of personal
information collected by us includes, but is not limited to:
Company:
Company name;
Registration number;
SARS documentation;
Registered address;
Contact details;
Bank details;
Subscriber details;
Biometric Data (Fingerprints, ID Photo and/or Facial Recognition).
Individual:
Name and surname;
Physical address;
Contact details;
ID and/or passport number;
Bank details;
Subscriber Details;
Biometric Data (Fingerprints, ID Photo and/or Facial Recognition).
We will further collect, device and browser Information, such as network and connection information
(including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser
identifiers and information (including device, application, or browser type, version, plug-in type
and version, operating system, user agent, language and time zone settings, and other technical
information), advertising identifiers, cookie identifiers and information, and similar data, which
are required to perform contractual matters and/or in order to provide you with access to services
or attend to queries or to ensure that security safeguards are in place;
Further, we will collect information and browsing history, such as usage metrics (including usage
rates, occurrences of technical errors, diagnostic reports, settings preferences, backup
information, API calls, and other logs), content interactions (including searches, views, downloads,
prints, shares, streams, and display or playback details), and user journey history (including
clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response
times, page interaction information (such as scrolling, clicks, and mouse-overs, and download
errors), advertising interactions (including when and how you interact with marketing and
advertising materials, click rates, purchases or next steps you may make after seeing an
advertisement, and marketing preferences), and similar data which are required to perform
contractual matters and/or in order to provide you with access to services or attend to queries or
to ensure that security safeguards are in place.
Records of consent given by you in the form of written consent, online consent and voice recordings
will be kept with the date and time, means of consent and any related information.
Records of your contact with us and vice versa including notes or recordings of a calls you make to
our help desk, emails or letters you send to us or other records of any contact you have with us.
We process personal information to provide you with access to our services and/or products and/or
software and for the purposes detailed in this Privacy Policy;
We will only use personal information for the purpose for which it was collected, for example:
Contract purposes and due diligence;
To process transactions and render services;
To administer accounts and profiles for billing, quoting and invoicing i.e. financial
management;
To conduct risk assessments, anti-bribery and corruption assessments;
For legal obligations and public duties;
For security purposes;
To verify bank account or credit card details and, where authorised, use that information
to process payments;
To confirm and verify identities, you consent to the collection, processing and storing of
biometric data such as finger print recognition, facial recognition and/or ID photo
verification;
To detect and prevent fraud and/or crime and to recover debts;
To provide updated information on rates and amended terms and conditions;
To respond to requests for information regarding products, services, software and pricing
information;
For marketing and/or to offer new or additional services and/or provide information on
products, software and/or services, only if the client and/or user has consented to such
marketing;
To conduct client satisfaction surveys, only if the client and/or user has consented to
such service.
If required by law, we may disclose information about you to comply with any applicable law,
subpoena, order of court or legal process served on us, or to protect and defend our rights or
property. Such disclosure may be required to protect you or us from illegal activity or liability or
to protect our property or the safety of our employees or others and we may do this without your
consent and for any other reason as required from time to time.
If required by law, we may disclose information about you to comply with any applicable law,
subpoena, order of court or legal process served on us, or to protect and defend our rights or
property. Such disclosure may be required to protect you or us from illegal activity or liability or
to protect our property or the safety of our employees or others and we may do this without your
consent and for any other reason as required from time to time.
Personal Information
If you wish for us to stop processing your Personal Information and/or Special Personal
Information, you must expressly inform us. If we cannot process your Personal Information, we may be
unable to provide certain services and software to you;
We shall fully comply with the statutory obligations contained in POPIA, without limiting the
generality of the aforesaid, we shall ensure that the privacy and data protection conditions are
strictly adhered to when processing your Personal Information;
We will ensure that all our employees, third party service providers, divisions, affiliates and
partners which have access to your Personal Information are bound by confidentiality and
non-disclosure obligations in relation to your Personal Information.
Processing Personal Information of a minor (under the age of 18 years) is prohibited in terms of
POPIA unless one of the following justifications are met -
A parent or guardian may consent to the processing;
It is necessary for the establishment, exercise or defence of a right or obligation in law
(which includes obligations of international public law);
It is done for historical, statistical or research purposes that is in the public interest;
If the child deliberately made the personal information public with the consent of a parent
or guardian.
Disclosure of your Personal Information
We are required to process and make available your personal information to third parties should the
law require us to or should it be required to be able to fulfil our obligations to you;
We will under no circumstances sell or commercialise personal information or data unless consent is
obtained. Whereafter the data will be sold or commercialised in the format agreed to by you;
Upon consent received, we may provide third party service providers and processors access to your
personal information. These services providers may include, without limitation: credit card
verification providers and banks to process transactions. This is detailed more specifically in our
POPIA Compliance Policy;
We will only be responsible for the privacy of data transmitted over the Internet using our
approved applications and transfer protocols and stored in approved data centres and storage
devices. We adhere to globally recognised best security practices with regards to protecting a data
subjects personal information, despite these preventative measures, we can’t guarantee absolute
security. However, if we are aware of any breach, we will notify you within 24 (twenty-four) hours
of any breach of security that may have occurred.
How your Personal Information is stored
When Personal Information is obtained and processed by us, such personal information is entered
into a record;
We use standard industry practices to safeguard the confidentiality of your personal information.
We treat this data as an asset that must be protected against loss and unauthorised access. We
employ many different security techniques to protect such data from unauthorised access. We store
our electronic and paper documents at our head office in Johannesburg, South Africa or at other
secure site/s;
We may from time to time disclose data to other parties, including holding companies or
subsidiaries, third party service providers and processors, cyber service providers, trading
partners, agents, auditors, organs of state, regulatory bodies and/or national governmental,
provincial, or local government municipal officials, or overseas trading parties or agents, but such
disclosure will always be subject to an agreement which will be concluded between us and the party
to whom the data is disclosed, which contractually obliges the recipient of the data to comply with
strict confidentiality and data security conditions in line with POPIA;
Where data must be transferred to a country situated outside the borders of South Africa, the data
will only be transferred to countries which have similar data privacy laws in place or where the
recipient of the data concludes an agreement which contractually obliges the recipient to comply
with strict confidentiality and data security conditions and which in particular will be to a no
lesser set of standards than those imposed by POPIA;
In addition to the data stored in point 7.2 above, we may store data in Sharepoint, Outlook, SQL
Servers and DropBox which keeps its data primarily in Western Europe, it is understanding that the
aforementioned entities store their data in a compliant data centre and each entity is subject to
binding laws which provide an adequate level of protection that is in line with POPIA;
We will keep back-ups of your personal information and data if you consent to the collection and
storage of such data.
Accessing and updating your personal information
You can access and review your personal information held by us. You may contact
our Deputy Information Officer on compliance@odek.co.za. We will try to provide the
information you require within a reasonable time.
We recommend that should your personal information change, provide us with updates as soon as
reasonably possible to ensure that you enjoy all the benefits of our applications;
Upon your request, we will, promptly return or destroy any and all of your personal information in
our possession or control, save for personal information that we are legally obliged to retain;
Should you be required to provide personal information to us, you will provide accurate
information;
You hereby confirm that you won’t impersonate or misrepresent any person or entity.
Your Rights
The right of access-: You may request that we confirm that we store your information and may
request details of how the information is processed. The following procedure is set out in our PAIA
Manual which can be requested via email to compliance@odek.co.za.
The right to rectification: You may request that we rectify or update incorrect personal
information, by requesting same via email to compliance@odek.co.za.
The right to removal: Where there is no longer any legal basis or legitimate reason to process your
personal information and the FICA retention period has expired, you may request that we return or
destroy any and all of your personal information in our possession or control, by requesting same
via email to compliance@odek.co.za.
The right to object to, restrict further processing and withdraw consent: You may at any point
object, restrict or withdraw to the further processing of personal information by requesting same
via email to compliance@odek.co.za.
Acceptance
An accepted written agreement or online acceptance of terms and conditions together with receipt of
the relevant compliance documents constitutes consent. By using our online services, our products
and services and/or communicating electronically and/or using non-electronic means of communication:
You acknowledge that you understand why your personal information needs to be processed;
You accept the terms which will apply to such processing, including the terms applicable to
the transfer of such personal information cross border;
Where consent is required for any processing as stipulated in this Privacy Policy and the
POPIA Compliance Policy, you agree that we may process the data;
Should any of the personal information concern or pertain to a juristic person whom you
represent, you confirm that you have the necessary authority to act on behalf of such
juristic person and that you have the right to provide the personal information and/or the
required permissions in respect of the processing of that juristic person’s personal
information.
Request for further information and complaints:
The principles of our POPIA Compliance Policy are:
Data collection;
Data processing;
Data storage;
Data privacy;
Destruction of data (where and when applicable)
If you wish to lay a complaint, obtain further clarity regarding this Privacy Policy,
clarify the principles above, verify or update your information or request a copy of our POPIA
Compliance Policy, kindly email compliance@odek.co.za.
and address your correspondence to Nadine dos
Santos. Alternatively, contact the ODEK offices on 087 350 6335 from 8:00 – 17:00, Monday to Friday.
All complaints will be treated in a confidential manner;
Information Officers:
Information Officer:
Karien Greeff
Date of appointment:
11 June 2021
Email Address:
karieng@odek.co.za
**This person has the required authority to manage and attend to all information related matters**
Information Officer:
Leopold Johann Malan
Date of appointment:
11 June 2021
Email Address:
leopoldm@odek.co.za
**This person has the required authority to manage and attend to all information related matters**
These persons take full responsibility for the implementation of the POPIA Compliance Policy within
the ODEK Alliance.
Information Regulator
Should you feel unsatisfied with the handling of their data, or about any complaint already made to
ODEK, the complaint may then be escalated to the Information Regulator as follows: Information Regulator of South Africa Email: complaints.IR@justice.gov.za Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533 Braamfontein, Johannesburg