PROCUREMENT PROCESSING NOTICE
IN TERMS OF SECTION 18
THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013
- PURPOSE OF THIS STATEMENT
1.1 We, Euro Steel Holdings (Pty) Ltd and our subsidiaries and trading partners, including all other companies within the Euro Steel Group of Companies, collectively referred to as we, us, the Group, and / or Euro Steel, as a commercial entity and in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 2013 (“POPIA”), which regulates and controls the processing of a person’s Personal Information in South Africa, which processing includes the collection, use, and transfer of a person’s Personal Information.
1.2 For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:
- “consent” means the consent, which you give to us to process your Personal Information. This consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied; implied meaning that consent may be demonstrated by way of your actions;
- “Data Subject” means you, the person who owns and who will provide us with your Personal Information for processing, which reference is found under POPIA;
- “Operator” is any person who processes your Personal Information on our behalf as a sub-contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centres, service providers, auditors, legal practitioners, organs of state, government, provincial and municipal bodies;
- “Personal Information”, means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to:
o your name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;
o vehicle registration;
o dietary preferences;
o financial history;
o information about your next of kin and or dependants;
o information relating to your education or employment history; and
- Special Personal Information including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition;
- “processing” / “process” or processed” means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing;
- “Purpose” means the reason why your Personal Information needs to be processed by us;
- “Responsible Party” means us, the person who is processing your Personal Information;
- “you” means you, the Data Subject under POPIA, who will be providing us, the Responsible Party with your Personal Information, for processing.
1.3 In terms of POPIA, where a person processes another’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.
1.4 In order to comply with POPIA, a person processing another’s Personal Information must:
1.4.1 provide the Data Subject or owner of the Personal Information with a number of details pertaining to the processing of the Personal Information, before such information is processed; and
1.4.2 get permission or consent, explicitly or implied, from the owner / Data Subject, to process the Personal Information, unless such processing:
- is necessary to carry out actions for the conclusion or performance of a contract to which the owner / Data Subject of the Personal Information is a party;
- is required in order to comply with an obligation imposed by law; or
- is for a legitimate purpose or is necessary to protect the legitimate interest (s) and / or for pursuing the legitimate interests of i) the owner / Data Subject of the Personal Information; ii) the person processing the Personal Information; or iii) that of a third party to whom the Personal Information is supplied; or
- is necessary for the proper performance of a public law duty by a public body or on behalf of a public body.
1.5 In accordance with the requirements of POPIA, and because your privacy and trust are important to us, we set out below how we, Euro Steel and our affiliates and associated companies (hereinafter referred to as “the Group”, “we”, “us”, or “our”) collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.
2.1 This Privacy Statement applies to the following persons:
2.1.1 Interactors: persons who interact with us, physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, or who come onto our sites and / or who enter our offices or facilities.
2.1.2 Users of our Sites: persons who use our websites, applications, mobile applications, or social media portals or platforms whether in order to find out more about us, to make enquiries about us, or our products or services or where persons want to do business with us be it providing or selling to us or receiving or buying from us, certain goods and services, etc.
2.1.3 Applicants: persons who wish to apply for a vacant position, employment opportunity or a sponsorship from us.
2.1.4 Customers and Clients: persons who are desirous of, or who do use and / or purchase our products or services, who receive marketing communications and / or who communicate with us physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.
2.1.5 Contractors, Vendors and Service Providers: persons who are desirous of, or who do provide us with goods, and services, or who we provide goods and services to, including consultancy and infrastructure related services and who we interact and communicate with, either physically or via email or via our websites, applications, mobile applications, or social media portals or platforms, and / or who come onto our sites, facilities and / or who enter our offices.
2.1.6 Regulators and Public Bodies: persons who we engage with in order to discharge legal and public duty obligations, including but not limited to SARS, National Treasury, Department of Labour, and any other such Regulator and/or Public Body.
2.1.7 Business partners: whether in their capacity as operators or not, who provide services, goods and other benefits to us, our employees or to our customers, clients and service providers, such as medical aids, pension or provident funds, administrators, financial service providers, advertising, marketing or PR agencies, wellness or health and medical providers.
- PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION
3.1 Your personal information will be processed by us for the following purposes:
- Due diligence purposes – legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, including your business details, medical status, health history and related records, education and employment history and qualifications, credit and financial status and history, tax status, B-BBEE status, and or any performance or vendor related history (as may be applicable).
- Contract purposes -assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you.
- To process transactions and render or provide or receive goods and services – conclusion of a contract: To perform under any contract which has been concluded with you, including carrying out all contractual obligations, exercising all contractual rights, assessing or communicating requirements, manufacturing, packaging, ordering, delivering, and / or responding to, or submitting queries, complaints, returns or engaging in general feedback, or acting in such a manner as to personalize any goods or services, and to make recommendations related to us or our or your operations.
- Attending to financial matters pertaining to any transaction- conclusion of a contract: To administer accounts or profiles related to you or your organization including registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general.
- Communications- legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.
- Risk assessment and anti- bribery and corruption matters-legitimate purpose: To carry out vendor, organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with various laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and operations or facilities and / or to exercise our rights and to protect our and others’ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.
- Legal obligation and public duties: To comply with the law and our legal obligations, including to register with Regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, regulator, or public authority.
- Security purposes: legitimate purpose and to comply with laws: to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.
- Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and or other notifications, programs, events, or updates that you may have registered asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.
- Internal research and development purposes – consent required: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.
- Sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings) – our Legitimate interest- To proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings).
- WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?
In order to engage and / or interact with you, for the purposes described above, we will have to process certain types of your personal information, as described below:
- Your or your employer or organization’s contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons.
- Specific identifiers, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race (B-BBEE related), religion (correct and fair treatment related), sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters ( to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history (to protect our legitimate interests and to perform risk assessments), as well as children’s details (benefits related).
- Account Information, including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and / or in order to provide you access to services.
- User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.
- Device & Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Location Data, such as the location of your device, your household, and similar location data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Demographic Information, such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, personal or household/familial financial status and metrics, military status, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Identity Information, such as government-issued identification information, tax identifiers, social security numbers, other government-issued identifiers, and similar data, which are required to comply with laws and public duties.
- Financial Information, such as billing address, credit card information, billing contact details, and similar dat., tax numbers and VAT numbers, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place and / or which are required to comply with laws and pubic duties.
- Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, status as a veteran, nationality and immigration status, demographic data, disability-related information, application information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.
- Health records such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties (as may be applicable).
- Social Media and Online Content, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries (as may be applicable).
- SOURCES OF INFORMATION – HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
5.1 Depending on your requirements, we will collect and obtain personal information about you either directly from you, from certain third parties (such as your employer or regulators), or from other sources which are described below:
5.1.1 Direct collection: You provide personal information to us when you:
- Use our websites, applications, mobile applications, or social media portals or platforms.
- Interact with us.
- Enquire about, or search for our goods or services.
- Create or maintain a profile or account with us.
- Conclude a contract with us.
- Purchase or subscribe to our goods or services.
- Use our goods or services.
- Purchase, use, or otherwise interact with content, products, or services from third party providers who have a relationship with us.
- Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms.
- Register for or attend one of our events or locations.
- Request or sign up for information, including marketing material.
- Communicate with us by phone, email, chat, in person, or otherwise.
- Complete a questionnaire, survey, support ticket, or other information request form.
- When you submit a quotation, or offer to do business with us, a tender or when you conclude a contract with us.
- When you express an interest in an employment position or sponsorship.
5.1.2 Automatic collection: We collect personal information automatically from you when you:
- Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms.
- Use our goods or services (including through a device).
- Access, use, or download content from us.
- Open emails or click on links in emails or advertisements from us.
- Otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).
5.1.3 Collection from third parties: We collect personal information about you from third parties, such as:
- Your organization and others with whom you have a relationship with that provide or publish personal information related to you, such as from our customers or from others when they create, post, or submit user content that may include your personal information.
- Regulators, professional or industry organizations and certification / licensure agencies that provide or publish personal information related to you.
- Third parties and affiliates who deal with or interact with us or you.
- Service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services or to enhance your experience.
- Marketing, sales generation, and recruiting business partners.
- SAP, Home Affairs, CIPC, SARS, Credit bureaus and other similar agencies.
- Government agencies, regulators and others who release or publish public records.
- Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.
- HOW WE SHARE INFORMATION
6.1 We share personal information for the purposes set out in this Privacy Statement and with the following categories of recipients:
- the Group, our employees and our affiliates. We may share your personal information amongst our employees, affiliates and the companies within our Group for business and operational purposes.
- Your Organization and Contacts. We may share your personal information with your organization and others with whom you have a relationship in order to fulfil or perform a contract or other legal obligation, including with third parties that arrange or provides you with access to our goods or services and who pay us in connection with such access. We may also share your personal information with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s).
- Business Partners. We may share your personal information with our business partners to jointly offer, provide, deliver, analyse, administer, improve, and personalize products or services or to host events. We may also pass certain requests from you or your organization to these business providers.
- Third Party Content Providers. We may share your personal information with our third-party content providers to perform tasks on our behalf and to assist us in providing, delivering, analysing, administering, improving, and personalizing content related to our relationship with you, including financial, benefits, health and medical, and wellness benefits etc and may to this end pass certain requests from you or your organization to these providers.
- Third Party Service Providers. We may share your personal information with our third-party service providers to perform tasks on our behalf and which are related to our relationship with you, including financial, benefits, health and me