This policy applies to personal information collected on websites owned or controlled by MatchstickSA, including;
You also consent to us transferring your information to countries or jurisdictions which may not provide the same level of data protection as South Africa, if necessary for any of the above purposes. If we do transfer your information in this way, we will comply with our legal obligations as a data controller under the Protection of Personal Information Act 4 of 2013 (“POPIA”) and, if we need to, put in place a contract with the companies we use to process information to ensure your details are properly protected.
We will only send you marketing information by email or phone if you have given us specific consent to do so. If you withdraw your consent and then subsequently opt in, then your most recent preference may supersede.
You can opt out of us using your personal details for marketing at any time either by calling us on 060 923 9362 or emailing firstname.lastname@example.org or writing to MatchstickSA, en julle adres hier asb.
How we collect information
We may collect information about you whenever you interact with us, for example when you:
- Enquire about our services or visit our website
- Sign up to receive updates on our work or events
- Apply for a job
- Attend a meeting with us and provide us with information about you
- Take part in one of our events
- Contact us through the following channels: online, email, phone, social media or post
Where we collect information from
MatchstickSA may collect information in the following ways:
- When you give us information directly: You may provide your details to us when you request specific information or participate in one of our events.
- When you give us information indirectly: Your information may be shared with us when register for one of our events via ????,
- When your employer or colleague pass your details on to us we will clarify what you are consenting to in terms of communication.
- When you have given other organisations permission to share it: You may have provided your details to another organisation that works with MatchstickSA. However, when working with other organisations, we work to ensure it’s completely clear to you that your information will be shared with MatchstickSA. The information we get from these services depends on your settings or the response choices you give, so you should regularly check what you have agreed to with third party organisations.
- When your information is available from other public sources: We may collect personal details about you from the public domain, such as from social networks, company websites, and news archives. Please see the section below for more details.
What categories of personal information we collect
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you support us, for example by signing up for an event we may collect where relevant:
- Your name
- Your contact details (full address, email address and phone number)
- Your correspondence with us
- Special and dietary requirements
If you visit our website anonymously, we may however still record information about:
- the areas of the website you visit
- the amount of time you spend on the site
- whether you are new to the site, or have visited it before
- how you came to our website – for example, through an email link or a search engine
- the type of computer, browser, network location and internet connection you use.
Whenever you use a website, app or other internet service, information gets recorded automatically by the IT systems used to operate that website, app or service. The most common type of information collected is in the form of cookies (small text files sent by your computer each time you visit our website) but can also include personal data transferred by the electronic device you use to access our website and its settings. The manufacturer of your device, or the provider of the operating system, will have details about what information your device shares with us.
How we will use your personal information
We will use your personal information in a number of ways, including for the following purposes:
- To provide you with the services or information you have requested
- To update you about any changes to our services
- To maintain our organisational records and ensure we have your most up-to-date marketing preferences
- To help us improve our services, campaigns or information-offering
- To pursue debts or unpaid fees
- To analyse and improve the operation of our website
- To analyse your website behaviour
We promise to make all reasonable efforts to keep your details secure and will only share them with external companies working on our behalf. We rely on a set of external companies to provide us with services that enable our business to run properly. Our core service providers include:
Except as required by law, we will never share your details with other organisations to use for their own purposes.
How we keep your information up to date
Where possible, we try to keep your records up to date. However, we really appreciate it if you let us know when your contact details change.
How long we keep your information for
We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of any payments you have made for at least six years.
If you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
How we keep your data safe and who has access to it
We place great importance on the security of your personal information and will always try to take appropriate precautions to protect it.
We ensure that there are appropriate technical controls in place to protect your personal details.
We always ensure only authorised staff have access to your information, and that they are appropriately trained to manage your data. All our staff are required to sign a Confidentiality and Data Protection Notice.
Despite all of our precautions, no data transmission over the internet can be guaranteed to be 100% secure. So, while we strive to protect your personal information, we cannot guarantee the security of any information you disclose to us online, and you must understand that you do so at your own risk. However, any payment card details (such as credit or debit cards) we receive through our website are passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards and we will never store card details
Our legal basis for processing your information
- For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- for compliance with a legal obligation to which we are subject;
- for the performance of a task carried out in the public interest;
- for the purposes of the legitimate interests pursued by us.
You retain control of how we use your data and you have the right to ask us to stop processing your personal information, which we will do.
You also have the right to request a copy of the information we hold about you. If you want to access your information, please contact: 060 923 9362 or email email@example.com or write to MatchstickSA, en julle adres asb.
Under the Protection of Personal Information Act 4 of 2013 (“POPIA”), you are also granted a number of additional rights. These include:
The eight principles
People often provide information for one reason and do not realise that it may be used for other purposes as well. Therefore POPIA prescribes eight specific principles for the lawful processing and use of personal information. In a nutshell, the POPIA principles are:
- The processing of information is limited which means that personal information must be obtained in a lawfully and fair manner.
- The information can only be used for the specified purpose it was originally obtained for.
- The POPI Act limits the further processing of personal information. If the processing takes place for purposes beyond the original scope that was agreed to by the data subject, the processing is prohibited.
- The person who processes the information must ensure the quality of the information by taking reasonable steps to ensure that the information is complete, not misleading, up to date and accurate.
- The person processing the personal information should have a degree of openness. The data subject and the Information Regulator must be notified that data is being processed.
- The person processing data must ensure that the proper security safeguards and measures to safeguard against loss, damage, destruction and unauthorised or unlawful access or processing of the information, has been put in place.
- The data subject must be able to participate. The data subject must be able to access the personal information that a responsible party has on them and must be able to correct the information.
- The person processing the data is accountable to ensure that the measures that give effect to these principles are complied with when processing personal information.
The introduction of these defined principles will limit the processing of personal information to a very large extent, subject to the exclusions provided for in the POPI Act.
If you would like to make a complaint about how we process your personal data, please contact firstname.lastname@example.org
This policy may change from time to time. If we make any significant changes to this policy, we will publicise these changes clearly on our website or contact you directly with more information.
This policy was last updated on 11th April 2019.