Procurement Processing Notice

PROCUREMENT PROCESSING NOTICE IN TERMS OF SECTION 18 THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013

1. PURPOSE OF THIS STATEMENT  

1.1 We, THE WINFIELD UNITED SOUTH AFRICA GROUP OF COMPANIES and all entities  within our Group and trading partners, including Villa Crop Protection (Pty) Ltd,  collectively referred to as “we”, “us” and / or “the Group”, as a commercial entity and  in our capacity as a Responsible Party, in order to engage with you, will have to process  your Personal Information, and in doing so, will have to comply with a law known as  the Protection of Personal Information Act, 4 of 2013 (“POPIA”), which regulates and  controls the processing of a person’s Personal Information in South Africa, which  processing includes the collection, use, and transfer of a person’s Personal  Information.  

1.2 For the purpose of this Processing Notice, please take note of the following words and  phrases which will be used throughout this Processing Notice:  

“consent” means the consent, which you give to us to process your Personal  Information. This consent must be voluntary, specific and informed. Following this,  once we have explained to you why we need your Personal Information and what  we will be doing with it, you are then, in relation to certain uses of the information,  required to give us your permission to use it, which permission or consent can be  express or implied; implied meaning that consent may be demonstrated by way of  your actions; 

“Data Subject” means you, the person who owns and who will provide us with  your Personal Information for processing, which reference is found under POPIA;    

“Operator” is any person who processes your Personal Information on our behalf  as a sub-contractor, in terms of a contract or mandate, without coming under the  direct authority of us. These persons for illustration purposes may include  verification agencies, advertising and public relations agencies, call centres,  service providers, auditors, legal practitioners, organs of state, government,  provincial and municipal bodies; 

“Personal Information”, means Personal Information relating to any identifiable,  living, natural person, and an identifiable, existing juristic person, including, but  not limited to: 

o your name, address, contact details, date of birth, place of birth, identity  number, passport number, bank details, details about your employment, tax  number and financial information;  

o vehicle registration;  

o dietary preferences;  

o financial history;  

o information about your next of kin and or dependants;  

o information relating to your education or employment history; and  

“Special Personal Information” including race, gender, pregnancy, national,  ethnic or social origin, colour, physical or mental health, disability, criminal history,  including offences committed or alleged to have been committed, membership of  a trade union and biometric information, such as images, fingerprints and  voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition; 

“processing” / “process” or “processed” means in relation to Personal  Information, the collection, receipt, recording, organisation, collation, storage,  updating or modification, retrieval, alteration, consultation or use; dissemination  by means of transmission, distribution or making available in any other form;  merging, linking, as well as restriction, degradation, erasure or destruction of  information; or sharing with, transfer and further processing, including physical,  manual and automatic means. This is a wide definition and therefore includes all  types of usage of your Personal Information by us including the initial processing  when we first collect your Personal Information and any further and ongoing  processing; 

“Purpose” means the reason why your Personal Information needs to be  processed by us;  

“Responsible Party” means us, the person who is processing your Personal  Information; 

“you” means you, the Data Subject under POPIA, who will be providing us, the  Responsible Party with your Personal Information, for processing.  

1.3 In terms of POPIA, where a person processes another’s Personal Information, such  processing must be done in a lawful, legitimate and responsible manner and in  accordance with the provisions, principles and conditions set out under POPIA. 

1.4 In order to comply with POPIA, a person processing another’s Personal Information  must:  

1.4.1 provide the Data Subject or owner of the Personal Information with a number  of details pertaining to the processing of the Personal Information, before  such information is processed; and 

1.4.2 get permission or consent, explicitly or implied, from the owner / Data  Subject, to process the Personal Information, unless such processing: 

• is necessary to carry out actions for the conclusion or performance of a  contract to which the owner / Data Subject of the Personal Information  

is a party;  

• is required in order to comply with an obligation imposed by law; or 

• is for a legitimate purpose or is necessary to protect the legitimate  interest (s) and / or for pursuing the legitimate interests of i) the owner  

/ Data Subject of the Personal Information; ii) the person processing the  

Personal Information; or iii) that of a third party to whom the Personal  

Information is supplied; or  

• is necessary for the proper performance of a public law duty by a public  body or on behalf of a public body.  

1.5 In accordance with the requirements of POPIA, and because your privacy and trust are important to us, we set out below how we, Winfield United South Africa and Villa Crop  Protection and our affiliates and associated companies / entities (hereinafter referred  to as “the Group”, “we”, “us”, or “our”) collect, use, and share your Personal  Information and the reasons why we need to use and process your Personal  Information.  

2. APPLICATION  

2.1 This Privacy Statement applies to the following persons:  

2.1.1 Interactors: persons who interact with us, physically or via email or via our  websites, applications, mobile applications, or social media portals or  platforms, or who come onto our sites and / or who enter our offices or  facilities.  

2.1.2 Users of our Sites: persons who use our websites, applications, mobile  applications, or social media portals or platforms whether in order to find out  more about us, to make enquiries about us, or our products or services or  where persons want to do business with us be it providing or selling to us or  receiving or buying from us, certain goods and services, etc.  

2.1.3 Applicants: persons who wish to apply for a vacant position, employment opportunity or a sponsorship from us.  

2.1.4 Customers and Clients: persons who are desirous of, or who do use and / or  purchase our products or services, who receive marketing communications  and / or who communicate with us physically or via email or via our websites,  applications, mobile applications, or social media portals or platforms, and /  or who come onto our sites, facilities and / or who enter our offices. 

2.1.5 Contractors, Vendors and Service Providers: persons who are desirous of, or  who do provide us with goods, and services, or who we provide goods and  services to, including consultancy and infrastructure related services and who  we interact and communicate with, either physically or via email or via our  websites, applications, mobile applications, or social media portals or  platforms, and / or who come onto our sites, facilities and / or who enter our  offices.  

2.1.6 Regulators and Public Bodies: persons who we engage with in order to  discharge legal and public duty obligations, including but not limited to SARS,  National Treasury, Department of Labour, and any other such Regulator  and/or Public Body.  

2.1.7 Business partners: whether in their capacity as operators or not, who provide  services, goods and other benefits to us, our employees or to our customers,  clients and service providers, such as medical aids, pension or provident  funds, administrators, financial service providers, advertising, marketing or PR  agencies, wellness or health and medical providers.  

3. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION  

3.1 Your personal information will be processed by us for the following purposes:  

Due diligence purposes – legitimate purpose: To carry out a due diligence before  we decide to engage or interact with you or to do business with you, including  obtaining and verifying your credentials, including your business details, medical  status, health history and related records, education and employment history and  qualifications, credit and financial status and history, tax status, B-BBEE status, and  or any performance or vendor related history (as may be applicable).  

Contract purposes -assessment and conclusion of a contract: To investigate  whether we are able or willing to conclude a contract with you based on the  findings of any due diligence detailed above, and if the assessment is in order, to  conclude a contract with you.  

To process transactions and render or provide or receive goods and services conclusion of a contract: To perform under any contract which has been  concluded with you, including carrying out all contractual obligations, exercising  all contractual rights, assessing or communicating requirements, manufacturing,  packaging, ordering, delivering, and / or responding to, or submitting queries,  complaints, returns or engaging in general feedback, or acting in such a manner as  to personalize any goods or services, and to make recommendations related to us  or our or your operations. 

Attending to financial matters pertaining to any transaction- conclusion of a  contract: To administer accounts or profiles related to you or your organization  including registrations, subscriptions, purchases, billing events, fees, costs and  charges calculations, quoting, invoicing, receipt of payments or payment of  refunds, reconciliations and financial management in general.  

Communications- legitimate purpose: To make contact with you and to  communicate with you generally or in respect of our or your requirements, or  instructions.  

Risk assessment and anti- bribery and corruption matterslegitimate purpose: To  carry out vendor, organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with various  laws, as well as to identify and authenticate your access to and to provide you with  access to our goods, services or premises and generally to ensure the security and  protection of all persons including employees, and persons when entering or  leaving our sites and operations or facilities and / or to exercise our rights and to  protect our and others’ rights and / or property, including to take action against  those that seek to violate or abuse our systems, services, customers or employees  and / or other third parties where applicable.  

Legal obligation and public duties: To comply with the law and our legal  obligations, including to register with Regulators, obtain and hold permits and  certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to submit  reports or provide various notices or returns, to litigate and / or to respond to a  request or order from a SAP official, investigator or court official, regulator, or  public authority.  

Security purposes: legitimate purpose and to comply with laws: to permit you  access to our offices, facilities, manufacturing or parking areas, as well as to  controlled areas, for the purposes of monitoring via CCTV, your interaction and  access in and from our facilities described above, and for general risk  management, security and emergency incident control purposes as well as for  data and cybersecurity purposes.  

Marketing and electronic communications related thereto – consent required:  To provide you with communications regarding us, our goods and services and or  other notifications, programs, events, or updates that you may have registered  asked for, and to send you offers, advertising, and marketing materials, including  providing personalized advertising to you, save where you have opted out of this  activity.  

Internal research and development purposes consent required: To conduct  internal research and development for new content, products, and services, and  to improve, test, and enhance the features and functions of our current goods and  services. 

Sale, merger, acquisition, or other disposition of our business (including in  connection with any bankruptcy or similar proceedings) – our Legitimate interest To proceed with any proposed or actual sale, merger, acquisition, or other  disposition of our business (including in connection with any bankruptcy or similar  proceedings).  

4. WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?  

In order to engage and / or interact with you, for the purposes described above, we will have  to process certain types of your personal information, as described below:  

Your or your employer or organization’s contact information, such as name, alias,  address, identity number, passport number, security number, phone number, cell phone  number, vehicle make and registration number, social media user ID, email address, and  similar contact data, serial numbers of equipment, details regards the possession of  dangerous weapons, and other contact information including details of your employer,  memberships or affiliations, such as the name of your employer or organization that you  are a member of, information about your colleagues or those within your organization,  your status with an organization, and similar data, which are required for various  legitimate interest, contractual and / or lawful reasons.  

Specific identifiers, which are required in order to protect legitimate interests, comply  with legal obligations or public legal duties, or in order to accommodate you in our  workplaces, such as your race (B-BBEE related), religion (correct and fair treatment  related), sexual and medical history including any medical conditions (to comply with  laws and related to correct and fair treatment issues), trade union matters ( to comply  with laws and related to correct and fair treatment issues), and financial, credit, deviant  and criminal history (to protect our legitimate interests and to perform risk  assessments), as well as children’s details (benefits related).  

Account Information, including banking details, security-related information (including  user names and passwords, authentication methods, and roles), service-related  information (including purchase history and account profiles), billing-related  information (including payment, shipping, and billing information), and similar data, all  which are required to perform contractual matters and / or in order to provide you  access to services.  

User Content, such as content of communications, suggestions, questions, comments,  feedback, and other information you send to us, that you provide to us when you  contact us, or that you post on our websites, applications, mobile applications, or social  media portals or platforms including information in alerts, folders, notes, and shares of  content), and similar data which are required to perform contractual matters and / or in  order to provide you access to services or attend to queries. 

Device & Browser Information, such as network and connection information (including  Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser  identifiers and information (including device, application, or browser type, version, plug in type and version, operating system, user agent, language and time zone settings, and  other technical information), advertising identifiers, cookie identifiers and information,  and similar data, which are required to perform contractual matters and / or in order to  provide you access to services or attend to queries or to ensure that security safeguards  are in place.  

Usage Information and Browsing History, such as usage metrics (including usage rates,  occurrences of technical errors, diagnostic reports, settings preferences, backup  information, API calls, and other logs), content interactions (including searches, views,  downloads, prints, shares, streams, and display or playback details), and user journey  history (including clickstreams and page navigation, URLs, timestamps, content viewed  or searched for, page response times, page interaction information (such as scrolling,  clicks, and mouse-overs), and download errors), advertising interactions (including  when and how you interact with marketing and advertising materials, click rates,  purchases or next steps you may make after seeing an advertisement, and marketing  preferences), and similar data which are required to perform contractual matters and /  or in order to provide you access to services or attend to queries or to ensure that  security safeguards are in place.  

Location Data, such as the location of your device, your household, and similar location  data, which are required to perform contractual matters and / or in order to provide you  access to services or attend to queries or to ensure that security safeguards are in place.  

Demographic Information, such as country, preferred language, age and date of birth,  marriage status, gender, physical characteristics, personal or household/familial  financial status and metrics, military status, and similar data, which are required to  perform contractual matters and / or in order to provide you access to services or attend  to queries or to ensure that security safeguards are in place.  

Your Image, such as still pictures, video, voice, and other similar data, which are required  to perform contractual matters and / or in order to provide you access to services or  attend to queries or to ensure that security safeguards are in place.  

Identity Information, such as government-issued identification information, tax  identifiers, social security numbers, other government-issued identifiers, and similar  data, which are required to comply with laws and public duties.  

Financial Information, such as billing address, credit card information, billing contact  details, and similar dat., tax numbers and VAT numbers, which are required to perform  contractual matters and / or in order to provide you access to services or attend to  queries or to ensure that security safeguards are in place and / or which are required to  comply with laws and pubic duties. 

Career, Education, and Employment Related Information, such as job preferences or  interests, work performance and history, salary history, status as a veteran, nationality  and immigration status, demographic data, disability-related information, application  information, professional licensure information and related compliance activities,  accreditations and other accolades, education history (including schools attended,  academic degrees or areas of study, academic performance, and rankings), and similar  data, which are required for contractual or employment related matters or which are  required to comply with laws and public duties.  

Health records such as medical status and history, examinations, blood type, medial aid  history, disability-related information, biometrics, medicals, psychometrics and similar  data, which are required for contractual or employment related matters or which are  required to comply with laws and public duties (as may be applicable).  

Social Media and Online Content, such as information placed or posted in social media  and online profiles, online posts, and similar data, which are required to perform  contractual matters and / or in order to provide you access to services or attend to  queries (as may be applicable).  

5. SOURCES OF INFORMATION – HOW AND WHERE DO WE COLLECT YOUR PERSONAL  INFORMATION FROM?  

5.1 Depending on your requirements, we will collect and obtain personal information  about you either directly from you, from certain third parties (such as your employer  or regulators), or from other sources which are described below:  

5.1.1 Direct collection: You provide personal information to us when you:  

• Use our websites, applications, mobile applications, or social media  portals or platforms.  

• Interact with us.  

• Enquire about, or search for our goods or services.  

• Create or maintain a profile or account with us.  

• Conclude a contract with us.  

• Purchase or subscribe to our goods or services.  

• Use our goods or services.  

• Purchase, use, or otherwise interact with content, products, or services  from third party providers who have a relationship with us.  

• Create, post, or submit user content on our websites, applications,  mobile applications, or social media portals or platforms.  

• Register for or attend one of our events or locations.  

• Request or sign up for information, including marketing material.  

• Communicate with us by phone, email, chat, in person, or otherwise.  • Complete a questionnaire, survey, support ticket, or other information  request form.  

• When you submit a quotation, or offer to do business with us, a tender  or when you conclude a contract with us. 

• When you express an interest in an employment position or  sponsorship.  

5.1.2 Automatic collection: We collect personal information automatically from  you when you: 

• Search for, visit, interact with, or use our websites, applications, mobile  applications, or social media portals or platforms.  

• Use our goods or services (including through a device).  

• Access, use, or download content from us.  

• Open emails or click on links in emails or advertisements from us.  

• Otherwise interact or communicate with us (such as when you attend  one of our events or locations, when you request support or send us  

information, or when you mention or post to our social media  

accounts).  

5.1.3 Collection from third parties: We collect personal information about you  from third parties, such as: 

• Your organization and others with whom you have a relationship with  that provide or publish personal information related to you, such as  

from our customers or from others when they create, post, or submit  

user content that may include your personal information. 

• Regulators, professional or industry organizations and certification /  licensure agencies that provide or publish personal information related  

to you. 

• Third parties and affiliates who deal with or interact with us or you. 

• Service providers and business partners who work with us and that we  may utilize to deliver certain content, products, or services or to  

enhance your experience. 

• Marketing, sales generation, and recruiting business partners. 

• SAP, Home Affairs, CIPC, SARS, Credit bureaus and other similar  agencies. 

• Government agencies, regulators and others who release or publish  public records. 

• Other publicly or generally available sources, such as social media sites,  public and online websites, open databases, and data in the public  

domain. 

6. HOW WE SHARE INFORMATION 

6.1 We share personal information for the purposes set out in this Privacy Statement and  with the following categories of recipients:

the Group, our employees and our affiliates. We may share your personal  information amongst our employees, affiliates and the entities / businesses within  our Group for business and operational purposes.  

Your Organization and Contacts. We may share your personal information with  your organization and others with whom you have a relationship in order to fulfil  or perform a contract or other legal obligation, including with third parties that  arrange or provides you with access to our goods or services and who pay us in  connection with such access. We may also share your personal information with  your contacts if you are in the same organization or to facilitate the exchange of  information between you and the contact(s).  

Business Partners. We may share your personal information with our business  partners to jointly offer, provide, deliver, analyse, administer, improve, and  personalize products or services or to host events. We may also pass certain  requests from you or your organization to these business providers.  

Third Party Content Providers. We may share your personal information with our  third-party content providers to perform tasks on our behalf and to assist us in  providing, delivering, analysing, administering, improving, and personalizing  content related to our relationship with you, including financial, benefits, health  and medical, and wellness benefits etc and may to this end pass certain requests  from you or your organization to these providers.  

Third Party Service Providers. We may share your personal information with our  third-party service providers to perform tasks on our behalf and which are related  to our relationship with you, including financial, benefits, health and medical, and  wellness benefits etc and to assist us in offering, providing, delivering, analysing,  administering, improving, and personalizing such services or products.  

Cyber Third-Party Service Providers. We may share your personal information  with our third-party cyber service providers to perform tasks on our behalf and  which are related to our relationship with you, including those who provide  technical and/or customer support on our behalf, who provide application or  software development and quality assurance, who provide tracking and reporting  functions, research on user demographics, interests, and behaviour, and other  products or services. These third-party service providers may also collect personal  information about or from you in performing their services and/or functions on  our Services. We may also pass certain requests from you or your organization to  these third-party service providers.  

Advertisers. We may share your personal information with advertisers,  advertising exchanges, and marketing agencies that we engage for advertising  services, to deliver advertising, and to assist us in advertising our brand and  products and services. Those advertising services may also target advertisements 

on third party websites based on cookies or other information indicating previous  interaction with us and/or ourselves.  

Users. We aggregate information from public records, phone books, social  networks, marketing surveys, business websites, and other sources made  available to us to create listings and profiles that are placed into user listings and  directories. Additionally, if you choose to include your personal information in any  reviews, comments, or other posts that you create, then that personal information  may be displayed other users as part of your posting.  

In the Event of Merger, Sale, or Change of Control. We may transfer this Privacy  Statement and your personal information to a third-party entity that acquires or  is merged with us as part of a merger, acquisition, sale, or other change of control  (such as the result of a bankruptcy proceeding).  

Regulators and law enforcement agencies. We may disclose your personal  information to regulators and other bodies in order to comply with any applicable  law or regulation, to comply with or respond to a legal process or law enforcement  or governmental request.  

Other Disclosures. We may disclose your personal information to third parties if  we reasonably believe that disclosure of such information is helpful or reasonably  necessary to enforce our terms and conditions or other rights (including  investigations of potential violations of our rights), to detect, prevent, or address  fraud or security issues, or to protect against harm to the rights, property, or safety  of the group, our employees, any users, or the public.  

7. SECURITY OF INFORMATION 

7.1 The security of your Personal Information is important to us. Taking into account the  nature, scope, context, and purposes of processing personal information, as well as  the risks to individuals of varying likelihood and severity, we have implemented  technical and organizational measures designed to protect the security of personal  information. In this regard we will conduct regular audits regarding the safety and the  security of your Personal Information.  

7.2 Your Personal Information will be stored electronically which information, for  operational reasons, will be accessible to persons employed or contracted by us on a  need-to-know basis, save that where appropriate, some of your Personal Information  may be retained in hard copy.  

7.3 Once your Personal Information is no longer required due to the fact that the purpose  for which the Personal Information was held has come to an end, such Personal  Information will be retained in accordance with our Group records retention schedule,  which varies depending on the type of processing, the purpose for such processing, the  business function, record classes, and record types. We calculate retention periods  based upon and reserve the right to retain Personal Information for the periods that 

the Personal Information is needed to: (a) fulfil the purposes described in this Privacy  Statement, (b) meet the timelines determined or recommended by regulators,  professional bodies, or associations, (c) comply with applicable laws, legal holds, and  other legal obligations (including contractual obligations), and (d) comply with your  requests.  

8. ACCESS BY OTHERS AND CROSS BORDER TRANSFER 

8.1 We may from time to time have to disclose your Personal Information to other parties,  including our holding company or subsidiaries, trading partners, agents, auditors,  organs of state, regulatory bodies and / or national governmental, provincial, or local government municipal officials, or overseas trading parties or agents, but such  disclosure will always be subject to an agreement which will be concluded as between  ourselves and the party to whom we are disclosing your Personal Information to, which  contractually obliges the recipient of your Personal Information to comply with strict  confidentiality and data security conditions.  

8.2 Where Personal Information and related data is transferred to a country which is  situated outside South Africa, your Personal Information will only be transferred to  those countries which have similar data privacy laws in place or where the recipient of  the Personal Information concludes an agreement which contractually obliges the  recipient to comply with strict confidentiality and data security conditions and which  in particular will be to a no lesser set of standards than those imposed by POPIA.  

8.3 However, please note that no method of transmission over the Internet or method of  electronic storage is 100% secure. Therefore, while we strive to use commercially  acceptable measures designed to protect personal information, we cannot guarantee  its absolute security.  

9. YOUR RIGHTS 

9.1 You as a Data Subject you have certain rights, which are detailed below:  

The right of access – You may ask us free of charge to confirm that we hold your  personal information, or ask us to provide you with details, at a fee, how we have  processed your personal information, which can be done by following the process  set out under our PAIA Manual which can be accessed on our website on our Legal  Notices Page (POPI Page).  

The right to rectification – you have the right to ask us to update or rectify any  inaccurate personal information, which can be done by accessing the update /  rectification request Form which is located on our website on our Legal Notices Page.  

The right to erasure (the ‘right to be forgotten’) – where any overriding legal  basis or legitimate reason to process your Personal Information no longer exists,  and the legal retention period has expired, you may request that we delete the 

personal information, which can be done by accessing the request for erasure Form which is located on our website on our Legal Notices Page.  

The right to object to and restrict further processing – where we do not need your  consent to process your personal information, but you are not in agreement with  such processing, you object to us processing such Personal Information which can  be done by accessing the objection request Form which is located on our website  on our Legal Notices Page.  

The right to withdraw consent – where you have provided us with consent to  process your personal information, you have to right to subsequently withdraw  your consent, which can be done by accessing the withdrawal of consent request Form which is located on our website on our Legal Notices Page.  

The right to data portability – where you want your Personal Information to be  transferred to another party, which can be done under certain circumstances,  please contact our Information Officer. Contact details of the Information Officer  can be located on our website on our Legal Notices Page. 

10. CHANGES TO THIS PRIVACY STATEMENT 

10.1 As our Group changes over time, this Processing Notice is expected to change as well.  We reserve the right to amend the Processing Notice at any time, for any reason, and  without notice to you other than the posting of the updated Processing Notice on  Website and in this regard encourage you to visit our Website frequently in order to  keep abreast with any changes.  

11. CONTACT US 

Any comments, questions or suggestions about this privacy notice or our handling of your  Personal Information should be emailed to [email protected] or  [email protected]. Alternatively, you can contact us at the following postal address  or telephone numbers:  

Information Officer Details:  

Information Officer: Anso Moolman 

Physical Address: 65 Botes Road, Glen Marais, Kempton Park, Gauteng 

Postal Address: PO Box 801, Kempton Park, 1620 

Telephone Number: +27 11 396 2233 

Email address: [email protected]

Our telephone switchboard is open 8:00 am – 17:00 pm GMT, Monday to Thursday and 8:00  am – 16:30 pm on Fridays. Our switchboard team will take a message and ensure the  appropriate person responds as soon as possible.  

12. PROCESSING PERSONAL INFORMATION  

12.1 If you process another’s Personal Information, you will keep such information  confidential and will not, unless authorised to do so, process, publish, make accessible,  or use in any other way such Personal Information unless in the course and scope of  your duties, and only for the purpose for which the information has been received and  related to the duties assigned to you.  

12.2 You will also observe the Organization’s POPIA Policy which sets out the rules and  regulations regarding the processing and protection of Personal Information and/or  data to which the Employee has access in the course and scope of the Employee’s  duties, and shall report any infringement relating to the manner in which Personal  Information or other data is processed to the Company without delay.  

13. COMPLAINTS 

13.1 Should you wish to discuss a complaint, please feel free to contact us using the details  provided above.  

13.2 All complaints will be treated in a confidential manner.  

13.3 Should you feel unsatisfied with our handling of your Personal Information, or about  any complaint that you have made to us, you are entitled to escalate your complaint  to the South African, Information Regulator who can be contacted at [email protected].  

14. ACCEPTANCE  

14.1 By providing us with the Personal Information which we require from you as listed  under this Processing Notice:  

o You acknowledge that you understand why your Personal Information needs to be  processed;  

o You accept the terms which will apply to such processing, including the terms  applicable to the transfer of such Personal Information cross border;  

o Where consent is required for any processing as reflected in this Processing notice,  you agree that we may process this particular Personal Information;  

o You confirm that you have shared this Processing Notice with employees,  contractors and subcontractors and have received from them the required 

consent to provide us with their respective Personal Information for processing as  provided for and described under this Processing Notice, and where consent is  required for any processing as reflected in this Processing notice, such persons  have agreed that we may process this particular personal information.  

14.2 Furthermore, should any of the Personal Information concern or pertain to a legal  entity whom you represent, you confirm that you have the necessary authority to act  on behalf of such legal entity and that you have the right to provide the Personal  Information and / or the required permissions in respect of the processing of that  Organization or entities’ Personal Information.  

15. CONSEQUENCES OF YOU WITHHOLDING CONSENT OR PERSONAL INFORMATION 

15.1 Should you / the Data Subject refuse to provide the Company with your Personal  Information, which information is required by the Company for the purposes indicated  above, together with the required and requisite consent to process the  aforementioned Personal Information, then the Company will be unable to engage  with you / the Data Subject and / or enter into any subsequent relationship with you /  the Data Subject.  

16. PERMISSION TO PROCESS OTHER THIRD PARTY PROVIDED INFORMATION 

Where you provide us with another person’s Personal Information for processing, you  confirm and warrant that that you have obtained the required permission from such person  (s) to provide us with their Personal Information for processing and indemnify and hold us  harmless against any liability or loss which may be incurred by us or our employees as a  result of any breach of such warranty.