Privacy Policy

Reviewed:
November 2023

GROUP PRIVACY POLICY
Policy Owner Deputy Information Officer Contact Person Ronald Loewenthal
Effective Date November 2023 Email ronald.loewenthal@sgits.co.za
Version V1/ 2023 Telephone (011) 523 4440
APPROVALS:
Signatory Peter Mountford Capacity Group CEO
Signatory Adrian Lewis Capacity Group CIO
Signatory Colin Brown Capacity Group CFO
Signatory Graeme Barnard Capacity Group HR
Signatory John Mackay Capacity Group Company Secretary

INTRODUCTION

This policy applies to all cases where Super Group Limited (“Super Group”) obtains and uses information belonging to customers, suppliers and other third parties (“data subjects”). It has been prepared with reference to internal business practices and applicable laws such as the Protection of Personal Information Act 4 of 2013 (“POPI”).

This policy specifically includes processing relating to the following activities:

  • All general processing of personal information for legitimate business purposes and compliance with the law
  • Marketing
  • Consumers and Third Parties
  • Social Media
  • Supplier Procurement
  • Customer Complaints and Dispute Resolution
  • BBEEE & Transformation

PRIVACY POLICIES

  1. GENERAL PRINCIPLES AND RIGHTS OF DATA SUBJECTS
     
    1. Definitions
       
      • Personal Information” (or alternatively “Information”) means information about a person, including both natural and juristic persons being customers, potential customers, suppliers, and other third parties (collectively referred to as “Data Subjects”), that can be used to identify the Data Subject. Personal Information includes, amongst others, name, identifying numbers, address, contact information, banking information and all other personal information as defined in POPI.
      • POPI” means the Protection of Personal Information Act 4 of 2013
         
    2. Collecting Personal Information
       
      As far as possible, Personal Information is collected directly from the Data Subject, but may also be collected from the following sources if it cannot be collected directly from the Data Subject:
       
      • Government organisations and public bodies;
      • The internet and media, including online and social media platforms;
      • Marketers and third-party suppliers of products or services relating to Super Group products and services. If the information will be used for marketing purposes, the third party from whom we collect, may only share it if the law allows for the sharing;
      • Credit or information bureaus for the purposes of information verification related to applications for credit and credit affordability assessments or to update contact details;
      • Family or friends;
      • Public resources;
      • Business partners with whom we have trusted relationships;
      • Other third parties if the law allows it.
         
    3. Responsible Party
       
      Super Group shall assume all the responsibilities of a “Responsible Party” in terms of POPI (this is the party that determines the purpose of and means for processing Personal Information). This applies from the time that the Personal Information is obtained the first time until it gets destroyed.
       
    4. Processing
       
      Personal Information will be collected and processed lawfully and in accordance with all laws that apply to Super Group, including but not limited to POPI, PAIA, CPA, FAIS, NCA and ECTA.
       
    5. Minimality
       
      Only Personal Information that is necessary, related to or relevant to the reason for which Super Group intends to use it will be obtained and processed by Super Group. Super Group will not ask for more information than required in the circumstances.
       
    6. Purpose/s for processing Personal Information
       
      Super Group will process Personal Information for the following purposes in compliance with applicable laws:
       
      • to perform in terms of an agreement or intended agreement to which Super Group is a party;
      • for any legitimate purposes related to the relationship with us and our employees;
      • to process credit applications;
      • to manage your relationship with us and any related third parties;
      • to contact you for marketing purposes;
         
      • for internal business purposes, which includes:
         
        • administrative and operational tasks;
        • monitoring our business, carrying out market and statistical research, and for business development;
        • financial management, business audits and analyses, and fraud prevention; and
        • compliance with legal requirements;
           
      • to comply with reporting and other legal obligations in terms of contracts or the law;
      • any other purpose if the law allows or requires it.
         
    7. Disclosure and use of Personal Information
       
      Super Group will not use or disclose Personal Information to any third party for any purpose other than the purpose for which the information was collected, without obtaining the necessary consent to do so or to the extent that legislation permits or requires.
       
      Super Group will disclose Personal Information to regulatory authorities, accountants, auditors, lawyers or professional advisors if contractually required to or legal obligated to.
       
      Information may also be shared with third party service providers whose products or services are related to or connected with the products or services supplied to you by Super Group.
       
      Super Group may also transfer information to third parties if it sells any portion of its business or assets.
       
      Information may be shared with Super Group’s approved service providers or subcontractors when and if required to in order to fulfil our obligations to you, however information will only be transferred to these third parties when and if all the required and relevant confidentiality and data security undertakings and legal requirements have been contractually accepted and agreed to in writing and in the event of a transfer of Personal Information to any third party, details of the transfer will only be retained for as long as is required to fulfil contractual obligations and / as allowed or required by law.
       
    8. Consent
       
      Where you have provided consent for Super Group to process your Personal Information, you may also withdraw your consent where and if our processing or marketing has been based on your consent. Personal Information may continue to be processed when and if legal justification exists for such processing.
       
      In instances, where consent is required in order to process your Personal Information refusal to provide consent may result in Super Group not being able to maintain the relationship with you as a Data Subject, unless other legal grounds to lawfully process your Personal Information without consent exist.
       
    9. Public disclosure of Personal Information
       
      Unless the law requires or provides otherwise, Super Group will only make Personal Information public with your express consent to do so.
       
    10. Retention periods
       
      Super Group takes reasonable steps to only process Personal Information for the minimum period necessary and retains information in accordance with the retention periods required by law and as described in this policy. Information that is no longer required for the purposes for which it was collected will be destroyed.
       
    11. Security
       
      All reasonable measures will be taken to ensure the security, integrity and confidentiality of Personal Information that is held by Super Group, by taking appropriate, reasonable, technical and organisational security measures to protect Personal Information and prevent accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing.
       
      Super Group cannot be held liable for any losses or damages that may occur as a result of security breaches unless directly attributed to the gross negligence or misconduct on the part of Super Group or any of its employees, contractors or service providers.
       
    12. Security breaches
       
      In the event of a security breach of any Personal Information, Super Group will notify all affected Data Subjects and the applicable regulatory authorities of the breach.
       
      If you want to report any concerns about our privacy practices or if you suspect any breach regarding your Personal Information, kindly notify us by sending an email to sgpopia@supergrp.com.
       
      The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect Personal Information, we cannot guarantee the security of your Personal Information transferred to us when using the internet. Therefore, you acknowledge and agree that any transfer of Personal Information via the internet is at your own risk and you are responsible for ensuring that any Personal Information that you send is sent securely.
       
    13. Third party information and websites
       
      Super Group is not responsible for and gives no warranties, undertakings and makes no representations in respect of the privacy policies or practices of any websites linked to Super Group’s website.
       
      Your use of and reliance on these links is at your own risk.
       
    14. Objection to processing
       
      You may, on reasonable grounds, object to Super Group using your Personal Information for certain purposes. If you object, we will stop using your Personal Information and delete it, except if applicable laws allow its use or retention. Where the deletion of Personal Information is not possible, the Personal Information will be masked and/or de-personalised.
       
      To exercise this right or to discuss it with us, please contact us on sgpopia@supergrp.com.
       
    15. Quality of Personal Information
       
      We want to ensure that your Personal Information is accurate and kept up to date. You may ask us to correct or remove any Personal Information that you think is inaccurate, by sending us an email on sgpopia@supergrp.com. It is your responsibility to update us if any of your Personal Information changes.
       
    16. Access to Personal Information
       
      You have the right to request whether Super Group holds any Personal Information about you. If you would like us to provide you with the Personal Information that we hold about you, you may send in a request in the prescribed format (link) and email it to sgpopia@supergrp.com.
       
      This request may be subject to you verifying your identity and the rights that you are wishing to exercise and to an administration fee in terms of applicable laws. We will provide you with the requested information, or if in terms of the law we are not required to share the information with you, we will inform you accordingly as soon as is reasonably possible in the circumstances but no later than 30 (thirty) days after request has been received.
       
  2. INFORMATION POLICY IN RELATION TO MARKETING
     
    This policy applies to all marketing and advertising initiatives and promotions undertaken by Super Group, whether online or otherwise.
     
    1. Super Group will take steps to ensure that any marketing and advertising initiatives undertaken –
       
      • project Super Group’s image, values and ethics satisfactorily;
      • are appropriate to the circumstances and the intended audience;
      • are non-discriminatory and respectful;
      • are mindful of an individual’s right to privacy and their rights when receiving unsolicited communications;
      • are aligned with Super Groups’ strategic objectives;
      • are factually accurate and are compliant with all applicable legal and regulatory requirements and standards;
      • are in line with franchise / supplier agreements.
         
    2. Opting out from marketing activities
       
      When marketing to customers and potential customers, Super Group offers an opt-out function to allow anyone who receives marketing material to opt out from future communications. The law does not require consent for all marketing, but where consent is required, Super Group will only market with the necessary consent.
       
      When you opt-out of receiving marketing information, Super Group may still contact you when it is necessary for purposes of managing its relationship with the Data Subject, for example, when it is part of performing in terms of our agreement, providing the Data Subject with necessary information, or if required or allowed by law.
       
    3. Use of information for marketing purposes
       
      Super Group will not sell any data subject’s personal information to third parties for marketing or any other purpose.
       
      Super Group may use your Personal Information to provide you with information regarding any of its other related products, services, or events from time-to-time. You may request that Super Group stops sending you such information or request that your Personal Information is removed from Super Group’s mailing list at any time by e-mailing:
      sgpopia@supergrp.com.
       
  3. INFORMATION POLICY RELATING TO SOCIAL MEDIA
     
    Please note that if you communicate with us through a Social Media channel, we may use the same channel to communicate with you in return. This also applies to communications regarding a sales or service contract, for example sending documentation over WhatsApp.
     
    TAKE NOTE using social media channels may expose your information to security risks. By choosing to use these channels, you accept this risk.
     
  4. INFORMATION POLICY RELATING TO SUPPLIER PROCUREMENT
     
    This policy applies to the personal information processed during procurement and appointment of suppliers and/or outsourced service providers of products and/or services.
     
    Super Group endeavours to ensure that all suppliers of products and services are assessed and vetted to ensure that they comply with:
     
    • All the required criteria to ensure that the products and services being provided offer the value and are of the standard and quality that would be expected from a Super Group ;
    • All legislation relevant to the services and/or products that are to be supplied or provided;
    • Manufacturer requirements so as not to invalidate any warranties or guarantees;
    • All Regulatory Bodies relevant to the service and/or products to be supplied or provided;
    • The Codes of Good Practice for Broad Based Black Economic Empowerment.
       
    All suppliers to Super Group will be required to enter into a service level agreement with Super Group to regulate the way in which suppliers will use personal information accessed or used as a result of the Super Group relationship. All suppliers are required to implement the security measures as prescribed by POPI.
     
  5. INFORMATION POLICY RELATING TO BBBEE / TRANSFORMATION
     
    In terms of Super Group’s BBBEE policies, customers may be requested to complete a BBBEE declaration in certain instances when dealing with Super Group.
     
  6. CROSS-BORDER TRANSFER OF INFORMATION
     
    Super Group may use cloud storage services, which will result in your information being transferred cross-border. We will only transfer Personal Information to third parties in countries with adequate data protection laws or do so in terms of a written agreement with the recipient which imposes data protection requirements on that party as required by POPI.

COMPLAINTS

If you want to raise any objection or have any queries about our privacy practices, you can contact our data protection officer on sgpopia@supergrp.com. In the event that you believe that Super Group or any of its divisions, have infringed on any of your rights or have contravened the provisions of POPI in any manner that has prejudiced you, you have the right to raise your complaint in the prescribed format with the Information Regulator of South Africa.

Details on how to lodge a complaint may be obtained from:

InfoRegSA-PAIA-Form05-Reg10-1.pdf (inforegulator.org.za)

Complaints – TRAINING SITE (inforegulator.org.za)

Training Site:

Contact – TRAINING SITE (inforegulator.org.za)

and complaints can be submitted to the Information Regulator of South Africa with the following contact details:

Address: JD House
27 Stiemens Street
Braamfontein
Johannesburg
2001
Complaints email: POPIAComplaints@inforegulator.org.za
General enquiries email: enquiries@inforegulator.org.za
Contact Number: +27(0)10 023 5200

POLICY ALTERATIONS

Super Group reserves the right to alter the terms and conditions of this policy at any time. You are responsible for reviewing any such changes each time you access Super Group’s website/s and your continued use of the website after changes have been posted online constitutes your acceptance of this policy as modified by the posted changes.