The right to an individual’s privacy is a fundamental right and is encapsulated in various legislature including the Protection of Personal Information Act, 4 of 2013 (“POPIA”) in South Africa.
Where any Client or data subjects within such Client-organisations are natural persons, and should we collect their personal data, we intend to process it, albeit as a controller or processer of personal data, in accordance with the principles of POPIA and the General Data Protection Regulations (“GDPR”). These regulations will apply to us if we process your personal information in South Africa or abroad, if at all.
This policy intends to explain how we process your personal information and is applicable to personal information of all data subjects, being both natural and, where applicable, juristic persons. By using ZASPACE services, you agree that you have read and agreed to be bound by these terms and conditions voluntarily by accepting these terms and conditions. It is however recorded that the GDPR applies to natural persons’ data only, and its applicability herein does not apply to the data of juristic persons. This does not however mean that less caution will be taken when dealing with data of juristic persons, as we strive to treat any information that is not ours with the utmost confidentiality and protection.
Our data protection measures are based on international best practices when processing or controlling your personal data. We adhere to the principles encasing accountability, processing limitations, purpose specification, information quality, security and data subject participation, fairness and lawfulness, transparency and minimalism.
Collecting of Information, Cookies, and Links
We collect information from you in the following ways:
As a result of you dealing with us, as client or customer, we may collect and store some personal information from such as:
We don’t share any personally identifying information publicly or with third parties, except when required to by law.
How and why we process your personal information
We will only process information that you provide us with for the specific purposes for which it was disclosed to us and in as far as it is required, and in a reasonable manner that does not infringe your fundamental right to privacy.
The principle of minimalism will apply to the processing of your personal information in that such processing will not be excessive, irrelevant or inadequate.
If we have reasonable grounds to believe that your rights may be limited, we may need to disclose or use your personal information or use of our website or services to protect our business and/or the property, safety or other rights of our employees, partners, clients, suppliers or other users or to prevent fraudulent or unlawful use of this website.
Should you object to the processing of your personal information, we will immediately cease the processing associated with it.
In the event that we need to transfer your information across our borders, same will only be done as far as is necessary to meet our obligations to you and where you provide your consent. These cross-border flows of data shall only be received by parties who employ similar corporate rules and agreements and which flow from and are subject to similar legislation as that of national legislation.
It may happen that we merge, sell, purchase or restructure our business and may need to disclose personal information to the other party/ies to the transaction. Should this take place in the future, we will always seek that the information be treated as strictly confidential and that the relevant party is bound by this confidentiality and that such party employs similar standards of protection.
Depending on the type of discloser of the personal information, we may collect the following types of information when, for example, you fill out a request for us to contact you regarding our service offerings, or if we are already rendering services to you or your organisation:
Depending on the reason that the information was disclosed and the nature of the discloser of the information, we may use it for the following reasons:
The information assists us in developing our business and entering into business transactions which involve the provision of hardware and software related components and services in the geospatial sphere. We may share this information with third parties if it is necessary for us to deliver on our product offerings. We are required to maintain records of our processing activities and processing operations, which may be made available to you on sufficient notice.
Any information provided to us will only be kept for the duration for which it is required and to give effect to the purpose for which it was disclosed. If we are required by law or otherwise to keep your personal information for longer than required, we will ensure that it is de-identified. We will also not sell or share your information without your prior written consent. We will destroy or delete a record of your personal data should the personal data no longer be required, and such deletion or destruction shall be done in a manner that, as far as is practicably possible, prevents its reconstruction. Should we wish to retain your personal data, we will obtain your consent and ensure that appropriate safeguards are in place to protect same, and that it will only be used for historical, statistical or research purposes.
Any special personal information will not be processed unless your express prior consent has been obtained. Should the purpose for which we have processed your personal information have been realised, then we are bound to erase your personal information unless one of the grounds in Section 71 of POPIA is applicable.
We do not intend to directly or indirectly market to children, and this website, our applications and general business offering has not been designed for use by or intended for children. Minors therefore require the consent of competent person, and persons under the age of 18 years in South Africa require the consent of their parent or trustee.
Security and Breach
We respect your personal information and the confidential nature thereof, and we are committed to complying with the relevant laws that govern our interactions with users, clients, partners and the like.
Your personal data deserves protection from unauthorised access, accidental loss, modification, destruction and unlawful disclosure, regardless of whether your data is processed in paper form or electronically. For this reason, we implement appropriate, high quality and sophisticated security server technology which at a minimum complies with industry good practice, so that the integrity of your personal information may be protected.
Our employees and operators and anyone who processes your personal information are bound by terms of confidentiality and have been obligated to respect and uphold your privacy. Some of these measures include using firewalls, passwords and restricted access, physical recognition methods and the information is used internally by persons on a strict need-to-know basis. We do however urge you to assist us in our endeavour to keep your personal information safe and kindly request that you take reasonable measures to protect your personal information, as the nature of the internet and the technology industry lends itself to attempted unauthorized breaches of security protocols.
We will report any security breaches to the data regulator and / or inspectorate and to the affected data subject. This notification will be made as soon as is practicably possible after the scope and nature of the breach have been determined, considering any measures to restore the security of the information. We undertake to provide you with adequate information regarding any such breach and will comply with directions given by the inspectorate or registrar.
We will notify the Information Regulator within 72 hours of a breach and, if there is a high risk to the rights and freedoms of other persons, we will notify you. If any form of breach by an ZASPACE group company is committed, ZASPACE undertakes to assist you in establishing the facts of the matter and in asserting your rights against the group company concerned. The technical and organisational security measures for protecting personal data are updated continuously and according to industry best practice.
Notwithstanding any other rights you may have in law, you have the following rights that we intend to uphold and protect at all times in relation to the protection of your data:
What are cookies?
Cookies are small text files that contain information about browsing activity. Your computer or device will download these files when you visit a website and store them in your web browser.
When you revisit that same website or mobile app, the site will respond in a more personalized way – remembering your preferences, providing fast page load times etc.
When you consent to cookies on our service, these may be used to do the following:
Improve the way our Website works
Cookies allow us to store information in order to improve the way our Website works so that we can personalise your experience and allow you to use many of our useful features. For example Additionally, cookies allow us to serve you specific content, such as videos on our website. We may employ the learnings of your behaviour on our website to serve you with targeted advertisements on third-party websites in an effort to “re-market” our products and services to you.
Improve the performance of our Websites
Cookies can assist us to understand how websites are being used. For example, Cookies can tell us if you receive an error message as you’re browsing.
These cookies collect data that is mostly aggregated and anonymous.
What type of cookies do we use?
The cookies that we use are as follows:
Strictly necessary cookies
These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies, several website services that we offer cannot be accessed.
These are cookies that allow our website to remember choices you make (such as your user name, language or the region you are in) and to provide improved, more personal features. These cookies can remember changes you have made to text size, fonts and other parts of web pages you can customise. They may also be used to provide services you have asked for previously.
These cookies collect data on how you use and interact with our website. For example which pages you visit most often. These cookies are used to improve how our website works.
How to disable cookies
By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.
Section 51 of the Act requires Private Bodies to compile a Manual setting out the procedure and requirements to be adhered to in seeking to obtain access to information held by that Private Body. The section also stipulates the minimum requirements a Manual has to comply with. To this end section 51 of PAIA requires the Manual to contain, amongst others, the following:
“Act/PAIA” means the Promotion of Access to Information Act No. 2 of 2000
“Consent” means a voluntary, specific and informed expression of will in terms of which a Data Subject agrees to the processing of Personal Information relating to him or her
“Data Subject” means the person to whom Personal Information relates
“Information Officer” means the head of ZASPACE as contemplated in section 1 of PoPIA
“Minister” means the Minister of Justice and Correctional Services
“Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person including:
“PoPIA” means Protection of Personal Information Act, Act No 4 of 2013
“Private body” means a natural person who carries or has carried on any trade, business or profession in that capacity, a partnership or juristic person
“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
“Public body” means any department of state or administration in the national, provincial or local sphere of government or functionary exercising pubic power or exercising public function in terms of any legislation;
“Responsible party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
“Requester” in relation to –
(a) a public body, means any person making a request for access to a record of that public body (or authorised representative);
(b) a private body, means any person, including, but not limited to, a public body or an official thereof, making a request for access to a record of that private body (or authorised representative).
To confirm whose particulars to be included, in particular, telephone, email and fax
Privacy & Information Officer
Woodlands Office Park, 20 Woodlands Drive
Woodlands Office Park, 20 Woodlands Drive
Categories of data subjects
ZASPACE holds information and records on the following categories of data subjects:
(This list of categories of data subjects is non-exhaustive.)
The categories of recipients to whom the information is supplied
Depending on the nature of the Personal Information, ZASPACE may supply information or records to the following categories of recipients:
Planned transborder flows of information –
If you are visiting our websites from a country other than the country in which our servers are located, the various communications will necessarily result in the transfer of information across international boundaries.
We may need to transfer your information to other ZASPACE or ZASPACE group companies or service providers in countries outside South Africa, in which case we will fully comply with applicable data protection legislation. This may happen if our servers or suppliers and service providers are based outside South Africa, or if our services are hosted in systems or servers in ZASPACE Operating Companies outside South Africa including Europe or India and/or if you use our services and products while visiting countries outside this area. These countries may not have data-protection laws which are similar to those of South Africa.
Security measures implemented to ensure the confidentiality and privacy of the information which is to be processed –
We are committed to implementing leading data security safeguards.
We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal information, we will make sure they have appropriate security measures and only process your information in the way we have authorised them to. These organisations won’t be entitled to use your personal information for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we have set.
Communications over the internet (such as emails) are not secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
Copyright © ZA Space