Back to home page

Ebotse Trading 46 t/a Tipo Tinto (the company) Website Privacy Notice

 

  1. Purpose

 

  • The company services including but not limited to, the company website and other intellectual properties through which the company services are delivered, are owned, operated, and distributed by the company.
  • The purpose of this Privacy Notice is to outline the personal information that the company may collect and process, how the company interacts with this information, how the personal information is safeguarded and with who the personal information is shared or transferred to.

  1. Scope

 

  • This Privacy Notice applies to all the company employees (including vendors and contractors with access to the company information) customers, visitors, business partners and associates and any relevant stakeholders (herein after referred to as data subjects).
  • The company encourages all its interested parties and stakeholders to read this Privacy Notice.
  • By using the company services or by submitting personal information to the company in any manner, the data subjects acknowledge that they understand and agree to be bound by this Privacy Notice, and agree that the company may collect, process, safeguard, and share/transfer personal information as described in this Policy Notice.
  • Furthermore, by accessing and using any of the company services, the data subject(s) agrees to the Terms & Conditions of the company Terms of Service.
  • If any data subject does not agree with any part of this Privacy Notice, such data subject is advised to not use any of the company services.

 

  1. What personal information does the company collect?

 

  • Personal Information as defined by the Protection of Personal Information Act is any identifiable information relating to a natural, living person or juristic person.
  • The company collects the following personal information from data subjects who make use of the company products and/or services:
    • Name, date of birth, and contact information of a data subject (person or company/organisation) – address, contact number, email address, etc.
    • Billing information – account details, account numbers, etc.
    • Order information – purchase information, services rendered information, order history, shipping details, etc.
    • Specific company/employer information.
    • Geographical and location information.
    • Travel information – booking details, flight details, etc.
    • CCTV Monitoring information – physical access control information etc.
    • Biometric information – fingerprint details, etc.

 

  1. From who does the company collect the personal information?

 

  • The company will as far as reasonably possible only collect personal information directly from the data subjects to ensure that any data subject is aware of exactly what personal information relating to them is being collected.
  • The company requires written consent from all data subjects of which it receives personal information via a third party and confirmation that the data subjects do not object to the company processing their personal information.
  • The company requires that all data subjects of which it receives personal information via a third party to be aware of this the company Privacy Policy and to take note of all the company policies relating to the processing of personal information.
  • The company may also automatically collect personal information as described in the ‘Cookies, Device Data & How it is Used” section of this notice.

 

  1. What are the purposes for the collection of personal information?

 

  • The company processes personal information for various specific purposes including, but not limited to, the following:
    • For employment purposes.
    • For apprenticeship/internship purposes.
    • For recruitment purposes.
    • To provide products and/or services to data subjects.
    • To obtain relevant and specific products and technology from suppliers and vendors to enable the company to provide products and/or services to data subjects.
    • To establish an improvement plan for the quality of products and/or services provided by the company.
    • To identify data subjects when they contact the company.
    • To implement and maintain customer/client records.
    • To perform customer/client related analysis to establish specific customer/client profiles.
    • For administrative, financial, and contractual purposes – including tax purposes.
    • For legal and legislative purposes.
    • For health & safety purposes.
    • To enable the proper facilitation and security of the company by monitoring access to the premises and by securing the premises.
    • To perform all business functions relating to suppliers and business partners.
    • To establish a detection framework for preventing fraud and money laundering.
    • To enable the company to recover any debts.
    • For travel purposes.
    • To perform reasonable and specific market-related research to identify a specific need for products and/or services from its data subjects.
    • To send to any data subject the company solicitations, product announcements, and the like that the company feels may be of interest to the data subject. Any data subject may “opt-out” of receiving these marketing materials.

  1. How does the company share data subject personal information with third parties?

  • The following is a list of recipients that the company shares personal information of data subjects with for any of the purposes outlined in this Privacy Notice:
    • Any other company branch in South Africa and in other countries.
    • Carefully selected business partners associated with the company.
    • Suppliers – where applicable to provide a service related to the personal information of the company’s data subjects.
    • Service providers and representatives/agents that provide a service on the company’s behalf.
    • Any third party with who the company has signed an agreement to process personal information on the company’s behalf.
  • the company will not share personal information of data subjects with any third parties or unauthorised persons, except under the following conditions:
    • Where the company is legally obliged to provide such personal information.
    • Where the company is legally required to do so for existing or future legal proceedings.
    • Where the company is involved in the prevention of fraud, bribery, corruption, or money laundering.
    • Where the company is selling one or more of their businesses to a person to whom the company may legally transfer the company’s rights under any customer agreement signed with customers.
    • The sharing of such personal information is required to provide or maintain any information, products and/or service to data subjects.
    • Where a third party provides a service in accordance with a signed agreement to process such personal information on the company’s behalf.
    • Where the sharing of such personal information is required to assist the company in improving the quality of its products and/or services.
  • The company undertakes to send its data subjects proper notification in the event that it is obliged by law to share personal information pertaining to specific data subjects.
  • The company further undertakes to only disclose personal information of data subject to the government when it is legally required by law to do so.
  • All the company employees (including vendors and contractors with access to the company information and systems) have the responsibility to adhere to all privacy and confidentiality policies published by the company and to attend scheduled personal information privacy awareness sessions.

  1. Collection of User Generated Content

  • The company may give data subjects the opportunity to post content relating to the company services, including data subject comments and any other information that data subjects would like to be available on the company services, which may become public. (This is referred to as User Generated Content).
  • When a data subject posts User Generated Content all the personal information contained in the posts will be available to authorised employees (including vendors and contractors with access to the company information) of the company.
  • When posting User Generated Content, all data subjects expressly acknowledge and agree that the company may access in real-time record and store archives of any User Generated Content on the company servers to use in connection with the company services.
  • If a data subject submits a review, recommendation, endorsement, or any other User Generated Content through the company services, or via any social media platform (Facebook, Instagram, Yelp, Google etc), the company may share such review, recommendation, endorsement, or any other User Generated Content publicly on the company services.

  1. Direct Marketing Communication

  • The company may communicate with data subjects via email, SMS, or any other channels (sometimes through automated means) for the purpose to market the company products and/or services, to establish an improvement plan for the quality of products and/or services provided by the company, or for any other reasons stated in this Privacy Notice.
  • All data subjects have the opportunity to withdraw consent to receive any such direct marketing communications from the company, as permitted by law.
  • Should any data subject no longer wish to receive correspondence, emails, or any other marketing-related communication from the company, the data subject may opt out by submitting a request to the following email address legal@tipotinto.com or by clicking on the UNSUBSCRIBE link found in any marketing email communication sent to the data subject.
  • A data subject may express his/her/its communication preferences by:
    • selecting the preferred method of communication when registering an account on the company website, or
    • logging into their account settings and updating their communication preferences, or
    • contacting the company directly via email or telephone call.
  • All data subjects must take note that they may continue receiving non-marketing-related communication from the company as may be required to maintain their business relationship with the company.
  • Any data subject may receive third-party marketing communication from providers that the company has engaged with to market or promote its products and/or services.
  • These third-party providers may be using communication lists that they have acquired on their own, and data subjects may have opted-in to those lists through other channels.
  • Should a data subject no longer wish to receive marketing communications from such third-party providers, the data subject must contact that third party directly.
  1. Retention of Data

  • The company will retain data subject personal information only for as long as is prescribed by the applicable legislation and laws.
  • The company will retain data subject personal information only for the purposes outlined in this Privacy Notice.
  • The company will retain and use data subject personal information to the extent necessary to comply with its legal obligations, to resolve disputes, and to enforce its legal agreements, policies, and procedures.
  • The company may also retain data subject personal information in terms of usage data for the purpose of internal analysis. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the company’s Sites and/or Portals, or the company is legally obligated to retain this data for longer periods.

  1. Cookies, Device Data, and How it is Used

  • When a data subject uses the company services, the company may record unique identifiers associated with a data subject’s device (such as the device ID and IP address), the data subject’s activity within the company services, and the data subject network location. The company uses aggregated information (such as anonymous user usage information, cookies, IP addresses, browser type, clickstream information, etc.) to improve the quality and design of the company services and to create new features, promotions, functionality, and services by storing, tracking, and analysing user preferences and trends. Specifically, the company may automatically collect the following information about data subject use of the company services through cookies, web beacons, and other technologies:
    • domain name
    • browser type and operating system
    • web pages the data subject views
    • links the data subject clicks
    • IP address
    • the length of time a data subject visits the Sites, Portals, and/or Services
    • the referring URL or the webpage that led the data subject to the Sites
  • The company may also collect information regarding application-level events, such as crashes, and associate that temporarily with the data subject’s account to provide customer service. In some circumstances, the company may combine this information with personal information collected from a data subject (and third-party service providers may do so on behalf of the company).
  • In addition, the company may use "cookies," clear gifs, and log file information that will help the company to determine the type of content and pages to which a data subject links, the length of time a data subject spends at any particular area of the company services, and the portion of the company services the data subject chooses to use. A cookie is a small text file that is sent by a website to a computer or mobile device where it is stored by a web browser. A cookie contains limited information, usually a unique identifier and the name of the site. A browser has options to accept, reject or provide a data subject with notice when a cookie is sent. The company cookies can only be read by the company; they do not execute any code or virus; and they do not contain any personal information. Cookies allow the company to serve a data subject better and more efficiently, and to personalise a data subject’s experience with the company services. The company may use cookies for many purposes, including (without limitation) to save a data subject’s password so that a data subject does not have to re-enter it each time he/she/it visits the company services, and to deliver content (which may include third party advertisements) specific to data subject interests.
  • The company may use third-party service providers to help it analyse certain online activities. For example, these service providers may help the company measure the performance of its online campaigns or analyse visitor activity on the company services. the company may permit these service providers to use cookies and other technologies to perform these services for the company. The company does not share any personal information about its customers with these third-party service providers, and these service providers do not collect such personal information on the company’s behalf. The company third-party service providers are required to comply fully with this Privacy Notice.

  1. International Data Transfer

  • For data subjects located outside the [RSA], in particular in Switzerland, the United Kingdom and the European Economic Area (EEA), please note that the company is a South African based company. The company does not market to or solicit customers from outside the [RSA], therefore, users of the company services should not expect to avail themselves of the rights provided under the EU’s General Data Protection Regulation (“GDPR”). If a data subject uses the company services, all information, including personal information, will be transferred to the company in the [RSA]. By using the company services, the data subject unambiguously consents to the transfer of their personal information and other information to the [RSA] and elsewhere for the purposes and uses described in this Notice. Further, the data subject acknowledges that the company is not subject to the GDPR or similar international privacy laws, and, therefore, the data subject will be unable to claim the privacy rights provided in those laws.
  • The company may use third-party service providers to help it deliver certain services, and it may result in the processing of personal information in data centres and locations outside of the [RSA]. For example, these service providers may provide the company with essential information technology or tools it uses to run the company’s business. The company may permit these service providers to process its business information and/or any data subject’s personal information. The company does not permit these service providers to process any personal information outside of a contract, and these service providers may collect personal information on the company’s behalf. The company’s third-party service providers are required to comply fully with this Privacy Notice.

  1. South African Privacy Rights

  • If the data subject is a South African resident, South Africa law may provide the data subject with certain rights with regard to his/her/its personal information under the Protection of Personal Information Act (“POPIA”) and Promotion of Access to Information Act (“PAIA”) as well the Consumer Protection Act.
  • Throughout this Privacy Notice a data subject will find information required by POPIA regarding the categories of personal information collected from such data subject, the purposes for which the company uses personal information, and the categories of third parties the data subject’s data may be shared with. This information is current as of the date of the Notice and is applicable in the 12 months preceding the effective date of the Notice.
  • As a South African resident, POPIA and PAIA provide data subjects the ability to make inquiries regarding their personal information. Specifically, the degree to which the information is not already provided in this Privacy Notice, a data subject has the right to request disclosure or action on his/her/its personal information, including:
    • If a data subject’s personal information is collected by the company.
    • The specific pieces of personal information collected about the data subject.
    • The ability to correct or delete certain personal information collected about the data subject.
    • The ability to delete all the personal information collected about the data subject, subject to certain exceptions.
    • To opt-in or opt-out of direct marketing to the data subject.
    • To object to the processing of the data subject’s personal information.
    • Appeal any rejection of access to the data subject’s personal information
  • A data subject may submit a request regarding his/her/its rights under POPIA or PAIA by submitting a request to the following email address legal@tipotinto.com or by contacting the company at one of the following: wecare@tipotinto.com
  • If the company receives a POPIA request from a data subject, the company will first determine the applicability of the law, and it will then take steps to verify the data subject’s identity prior to responding. The steps to verify the data subject’s identity may vary based on the company’s relationship with the data subject, but, at a minimum, it will take the form of confirming and matching the information submitted in the request with information already held by the company and/or contacting the data subject through previously used channels to confirm that the data subject submitted the request.
  • The company does not knowingly collect or process the special personal information such as a data subject’s religious or philosophical beliefs, race or ethnic origins, trade union memberships, political persuasion, health or sex life, or a data subject’s criminal behaviour or biometric information.
  • If a data subject has a comment, question, or complaint about how the company is processing a data subject’s personal information, the company trusts that the data subject will contact the company at legal@tipotinto.com in order to allow the company to resolve the matter. In addition, if a data subject is located in the Republic of South Africa, such data subject may submit a complaint regarding the processing of his/her/its personal information to the Information Regulator at the following link: https://inforegulator.org.za/

  1. Third-party Advertisers

  • The company may allow other companies, called third-party ad servers or ad networks, to serve advertisements within the company services.
  • These third-party ad servers or ad networks use technology to send, directly to a data subject’s device, the advertisements and links that appear on the company services.
  • They automatically receive a data subject’s device ID and IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or Web Beacons) to measure the effectiveness of their advertisements and to personalize the advertising content a data subject can see.
  • Any data subject should consult the respective privacy policies of these third-party ad servers or ad networks for more information on their practices and for instructions on how to opt out of certain practices.
  • This Privacy Notice does not apply to them, and the company cannot control their activities.

  1. Information Storage and Security

  • The company employs industry-standard and/or generally accepted security safeguarding measures, designed to secure the integrity and confidentiality of all information submitted through the company services.
  • However, the security of information transmitted through the internet or via a mobile device can never be guaranteed. the company is not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data.
  • Users of the company services are responsible for maintaining the security of any password, user ID or another form of authentication involved in obtaining access to password-protected or secure areas of the company services.
  • To protect user information, the company may suspend the user’s use of any of the company services, without notice, pending an investigation, if the company has reasonable grounds to believe that there has been a security incident.

  1. External Links

 

  • The company services may contain links to other websites maintained by third parties. Please be aware that we exercise no control over linked sites and the company is not responsible for the privacy practices or the content of such sites. Each linked site maintains its own independent privacy and data collection policies and procedures, and any user is encouraged to view the privacy policies of these other sites before providing any personal information.
  • The data subject and/or user hereby acknowledges and agrees that the company is not responsible for the privacy practices, data collection policies and procedures, or the content of such third-party sites, and the data subject and/or user hereby releases the company from any and all claims arising out of or related to the privacy practices, data collection policies and procedures, and/or the content of such third-party sites.

  1. Children’s Privacy

 

  • The company services are not intended for children under the age of 18, and the company does not knowingly collect the personal information of children under the age of 18.

 

 

  1. Changes and Reviews to this Privacy Notice

 

  • The company reserves the right to review and modify this Privacy Notice from time to time to ensure that it accurately reflects the regulatory environment and the company’s data collection principles.
  • When material changes are made to this Privacy Notice, the company will publish the revised Notice on its website.
  • This Privacy Notice was last modified on 2023/01/31

  1. Contact Details

 

  • Should a data subject and/or user have any questions or comments about this Privacy Notice or the company services, please contact the company at: legal@tipotinto.com
Back to home page